Session problem

[lordbob]

ok i have been trying to make a database driven website where people login and use the site, but i want to make sure only people who are logged in can view the various pages.

so i looked this up and found the best way was to use sessions....

so when the person was logged in i set a session variable (am i right so far?)

here is the code for login.php:

[code]<?

//set the variables as required
$dbhost = "fdb1.awardspace.com";
$dbuser = "rocketeermus_db1";
$dbpass = "zuluhead2";
$dbname = "rocketeermus_db1";

//do not edit this, it connects the script
$members = mysql_connect($dbhost,$dbuser,$dbpass);//line10

if(!$members) //error checking :D
        {
            echo "<p>Sorry! We could not log you in at this time. Please Try again later!</p>";
        }

mysql_select_db($dbname) or die(mysql_error());

$username = $_POST["Username"]; //get the username from the form, as $username
$password = md5($_POST["Password"]); //line20 get the password from the form in md5


$recieve = sprintf("SELECT * FROM Members WHERE Username='%s' AND Password='%s'", mysql_real_escape_string($Username), mysql_real_escape_string($Password)); //this is the "query", which selects the row where memebername=the one entered, and the same for the password

$query = mysql_query($recieve); //do the query

session_start();

if($rows = mysql_num_rows($query)) //line30 if the query resulted with a row, start the sessions and go to the index
{
    $_SESSION['login'] == $Username;
    header("location: main.html");
}
else //if not, end incorrect sessions, and go to the index
{
    session_destroy();
    header("location: error.html"); //go to error page
}


?>[/code]

ok so once the session was set i put a little bit of php at the top of every other page which would basically check if the session was set and then act accordingly

here is the code for that:

[code]<?

if(!(isset($_SESSION['login'])))
{
header("location: index.html");
session_destroy();
}
?>

//blah blah HTML code here[/code]

for some reason it always send me back to the login page (index.html) and wont let me go on to the rest of the html, does anyone know what i have done wrong???

please help!

[lordbob]

bump :o

[trochia]

First of all, if this is your "real" password info.. I'd edit it out of here :-)

[lordbob]

ok well i cant find the edit button, but ill change it in a second!

but what next?

[dgiberson]

on whatever page just use:

if (isset($_SESSION['login']) {
  // displaying information to logged in user
} else {
  echo "You must be logged in to view this page.";
}

[lordbob]

where you say //displaying information to logged in user, should i put my HTML there?

[dgiberson]

yeah whatever you want the logged in user to see

[lordbob]

that doesnt work  :-[
its still doing whatever is in the else block  >:(

[lordbob]

and it wont let me put html in php tags

[elis]

Could you post your full code again in one block, I might be able to find your problem that way.
And for html, are you using the echo function or a variable to output the html?

[lordbob]

ok here goes:

[code]<?

//set the variables as required
$dbhost = "***********";
$dbuser = "*************";
$dbpass = "***********";
$dbname = "*************";

//do not edit this, it connects the script
$members = mysql_connect($dbhost,$dbuser,$dbpass);//line10

if(!$members) //error checking :D
        {
            echo "<p>Sorry! We could not log you in at this time. Please Try again later!</p>";
        }

mysql_select_db($dbname) or die(mysql_error());

$username = $_POST["Username"]; //get the username from the form, as $username
$password = md5($_POST["Password"]); //line20 get the password from the form in md5


$recieve = sprintf("SELECT * FROM Members WHERE Username='%s' AND Password='%s'", mysql_real_escape_string($Username), mysql_real_escape_string($Password)); //this is the "query", which selects the row where memebername=the one entered, and the same for the password

$query = mysql_query($recieve); //do the query

session_start();

if($rows = mysql_num_rows($query)) //line30 if the query resulted with a row, start the sessions and go to the index
{
    $_SESSION['login'] == $Username;
    header("location: main.php");
}
else //if not, end incorrect sessions, and go to the index
{
    session_destroy();
    header("location: error.html"); //return to login
}


?>[/code]

main.php: (i renamed it php instead of .html in an attempt at making it work but no success :()
[code]<?
if(isset($_SESSION['login']))
{
//raw html code (is this wrong?)
}
else
{
header("location: index.html");
  echo "You must be logged in to view this page.";
}
?>

[/code]

as for the html code, its just raw html, im assuming this is one of the problems, how do you set a whole page of html to a php variable?

[printf]

[code]session_start();[/code]

Must be included at the top of each script in your protected service. Then don't start a session until you validate the user exists in the database.

printf

[lordbob]

didnt i do that printf thinf in the login.php?

and also how do you store a page of html in a php variable

[dgiberson]

change the line
    $_SESSION['login'] == $Username;
to
    $_SESSION['login'] = $Username;

[lordbob]

:o :o :o :o :o :o :o

IT WORKS
THE MACHINE WORKS

thankyou thankyou etc...

this is my first php/mysql database and iv finally done that bit woo!
thankyou all and i shall continue my journey into the strange and confusingish world of PHP!!