Can anyone help with this please?

[Accurax]

Ive got a little problem with my sessions, let me explain what im doing and maybe someone can see where im going wrong here..... as allways ... thanks in advance.

Ok, i have 3 pages .... login.php, checkuser.php & secretpage.php

basically, a user will fill in there username and password in login.php and then checkuser.php will make sure everythings in order, and then they should be allowed to veiew secretpage.php .... simple eh?

ok heres login.php, its actually a simple htm file, its only still got the php extension because i was playing with it earlier.

[code]<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<form method="POST" action="checkuser.php">
  <input type="text" name="username" />
User name
<p>
    <input type="text" name="password" />
  Password</p>
  <p>
    <input type="submit" name="Submit" value="Submit" />
  </p>
</form>
</body>
</html>[/code]
And heres checkuser.php

[code]<?php
session_start();
include("Vars.inc");


$connection=mysql_connect($host, $user, $passwd)
        or die ("Could not connect !");
$db = mysql_select_db($database, $connection)
        or die ("Could not connect to Database");

$username = $_POST['username'];
$password = $_POST['password'];
$pass = md5($password);

$query = "SELECT password FROM customer WHERE user_name='$username'";
$result = mysql_query($query)
        or die ("could not find user");
$row = mysql_fetch_array($result);

if ($pass == $row['password'] )
{
    session_register("auth");
    @$_SESSION['auth'] = "yes";
    echo "login successfull<br />";
}
else
{
    echo "invalid password<br />";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<ul>
<li><a href="secretpage.php">secret page</a></li>
</ul>
</body>
</html>[/code]
Pretty straigh forward.... the above 2 files work perfectly, the problem comes when i want to access further secure pages, such as secretpage.php

heres secretpage.php at the momnent

[code]
<?php
session_start();
if ( @$SESSION['auth'] != "yes" )
    {
        header("location: hacker.php");
        exit();
    }
else
    {
        echo "You are now logged in!";
    }
   
?>
<html>
<head><title>Secret Page </title></head>
<body>

This is my testing secret page.
</body></html>[/code]
At the moment all i can manage to do is get thrown out towards hacker.php .... which is clearly not what i want here.

I know its something to do with the way im handleing the sessions...... any idea's please??

[trq]

You have an error on secretpage.php, its the $_SESSION[] array not $SESSION.

Also note that session_register() has long been depricated and is no longer needed, and please, at least while developing, dont use error surpression @.

[Accurax]

whats error suppression ???

[Accurax]

oh the @ thingy....... i wasnt sure what that did to be honest..... any chance of a briefe explanation pleasE?

[trq]

The @ symbol. Its best to aviod it during developement.

[trq]

The best place for explinations, the [url=http://au3.php.net/manual/en/language.operators.errorcontrol.php]manual[/url].

[taith]

when you put the @ symbol infront of any command/funtion... it hides any and all errors that that function may make.

[Accurax]

thaks thorpe... i keep that in mind ........... woah..... actually THANKS thorpe... thats exactly what ive been looking for !!!

And knowing about error suppression is most usefull, thankyou kindly taith..... ive removed it now, for development, once im up and running ill splash it around again lol

Thanks guys...... more stupid questions around the corner i suspect