Help with my little PHP login code

[karljv]

So I am new to all this coding and I am making a small website, which has to have a login and something is not working properly. My login user/pass processing code looks like this

 

<?php

$host = 'xxxx'; // Host name Normally 'LocalHost'

$user = 'xxxx'; // MySQL login username

$pass = 'xxxx'; // MySQL login password

$database = 'members'; // Database name

$table = 'members'; // Members name

 

 

$username = $_POST["username"];

$password = $_POST["password"];

 

    $connection = mysql_connect("xxxx", "$user", "$pass");

    if (!$connection) {

        die("Database connection failed: " . mysql_error());

    }

    else {

        echo "Everything is fine!<br />";

    }

 

mysql_select_db("xxxx",$connection) or die(mysql_error());

 

 

$result = mysql_query("SELECT * FROM members WHERE usr='$username' and pass='$password'",$connection) or die(mysql_error()); 

$count=mysql_num_rows($result);

 

if($count==1){

    session_start();

session_register("myusername");

session_register("mypassword");

header("location:Login_Success.php");

}

else {

echo "Wrong Username or Password";

}

 

?>

 

So it all continues well and transfers me to Login_Success.php, where the code looks like this

 

<?

 

if(!session_is_registered(myusername)){

header("location:MainPage.htm");

}

 

?>

 

<html>

-----my html code here, which makes no difference----

 

The problem is that it sends me to MainPage.htm and I can't really figure out why. As ive said im new to all of this. I figured that the session did not stay logged in, when it changed pages for some odd reason?

 

 

THANK YOU!

[TOA]

I'll bet you dont have session_start(); on your second page

[karljv]

well forgive me I started a week ago, twas my homework.

Thanks a billion tho!

[BizLab]

You would generally want to move your MySQL database connection login info somewhere more secure, and use a php include.

 

There are newer MySQL connection functions available that are recommended as well..look into the mysqli_connect() and it's associated functions

 

I don't recommend storing both the username and password in the $_SESSION array, again for security reasons.

 

Instead:

 

1. Check for valid credentials

2. If good, move them to a page that only logged in users can access

3. if not good, take them back to the login form

 

limit access to the logged in pages with a conditional check for the username session variable set when logging in like so:

 

$_SESSION['username'] = $username_from_database

 

AND, don't forget start_session(); on every page

 

[TOA]

well forgive me I started a week ago, twas my homework.

Thanks a billion tho!

 

I wasn't criticizing. Did it work?

 

As BizLab pointed out before I could, you need it on every page you want to access the session on.