php session help

[puja]

hi im trying to get the sessions working for my login page
the code doesnt give me any error messages but it doesnt seem to restrict any access either
this is wot i have so far:

session_start();
if($_POST){
$_SESSION['user_name']=$_POST["user_name"];
$_SESSION['password']=$_POST["password"];
}

$query = ("select * from customers
where user_name='" . $_SESSION['user_name'] . "' and password='" . $_SESSION['password'] . "'");

$result = @mysql_query($query, $connection) or die(mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);

if ($_SESSION['user_name'] == $row['user_name'] AND $_SESSION['password'] == $row['password']){

this then leads to the either successful or unsuccessful login page
hope somebody can help

[wisewood]

What you need to do, is use the POST[username] and POST[password] variables in your query to the database. If the database finds a result for that username and password combination, THEN set the session variable with the username.

[code]
session_start();

$query = "SELECT * FROM users WHERE username='$_POST[username]' AND password='$_POST[password]'";
$result = mysql_query($query);

if($result=="1") { $_SESSION[username]=$_POST[username]; echo "Hello $_SESSION[username], you're logged in"; }
else { echo "Thou art imposter!"; }

[/code]

Once the session variable is set, you can then use that as your security measure... each page that you want protected should have something like this

[code]

<?php session_start();

if(!isset($_SESSION[username])) { echo "go away"; } else {

// Your content here.

}
?>
[/code]

Send me a PM if you want any further help & I'll send you the code for the login procedure i use.