Help solving "session start ()" issue for my website php login area?

Hi guys, This may well be a simple problem for you seasoned php pro's but as this is my first time using session start () I seem to be going round in circles! Basically - I am trying to create a simple php login for members of our website so that they can access a forum. I am learning php at the mo so have ben following various tutorials. I have pages: main_login.php (my login form) check_login.php (connects to database & verifys u/n & password) login_success (the members only area). All of that is fairly simple I guess and the main bulk of it works fine. I am able to go to my 'main_login' page - enter my username & password - it then checks the page and so long as I have entered my details correctly - it goes through to 'login_success'. If my details are wrong it delivers a 'wrong username or password' message. So whats the problem I hear you cry?!! The problem I have is that if I was to go to my website browser and type: http://mywebsiteaddress/login_success.php my website allows instant access to the members area. An obvious no-no! I need my site to ban access to users if they try to connect in this way. This area is strictly members only and people should be re-directed to 'main_login.php' to login. I have poured through different tutorials to try to see what I have done wrong but everything I try delivers the same result. Any idea's guys? Below is the code for my pages starting with login_success (as this is where I think the problem is!) --------------------------- LOGIN_SUCCESS --------------------------- (on line 1 of my webpage) <? session_start(); if(!session_is_registered(myusername)) { header("location:main_login.php"); } ?> ------------------------------ CHECK_LOGIN.PHP ------------------------------ <?php $host="localhost"; // Host name $username=""; // Mysql username $password=""; // Mysql password $db_name="test"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?> Any help would be greatly appreciated! I may jump off a building if I can't solve it soon! :S X
Answer:

in check_login.php, if the login is successful, to set the session i would use: $_SESSION['username'] = $myusername; then at the top of login_success i would do <?php session_start(); $username = $_SESSION['username']; if($username == ""){ header("Location: main_login.php"); } ?> Hope this helps!

Yiaggi at Yahoo! Answers Visit the source

Was this solution helpful to you?

Other answers

Code: <? /******************** login.php ********************/ //Start the $_SESSION before any output to the browser session_start(); if((isset($_SESSION['user_ID']) && (isset($_SESSION['token']) && (isset($_SESSION['access_level'])){ //this is where you would put the content you want only validate users to access echo "You are logged in already"; } else{ //Work out of the global scope $UserInput = array(); foreach($_POST as $key => $value){ $UserInput[$key] = $value; } require_once('login.class.php'); //Call the user class $user = new user($UserInput); } ?>

Related Q & A:

How To Start My Own Classifieds Website?Best solution by amitbhawani.com
How can start to make a website like whateverlife.com?Best solution by Yahoo! Answers
How to start creating a php script, that will be installed on many servers?Best solution by Stack Overflow
How much for one Company website in your area?Best solution by Yahoo! Answers
Philly Area Help - Is this Area Safe?

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.