I have a loginform that asks username and password. Then I have some pages that are protected. I added a code like this to the pages;
<?php require('protect.php'); ?>
Here's the protect.php:
<?php
// where is the form where users may log in
$loginform = 'loginform.php';
// use session variable $userid
session_register("userid");
// if $userid is not set by session,
// user hasn't logged in succesfully
if (!isset($HTTP_SESSION_VARS["userid"])) {
// view log in form instead of requested content
include($loginform);
exit;
}
?>
And here's the loginform:
<?php
include_once("functions.php");
// register variable $userid as session variable
session_register("userid");
// if variables $login and $password are set,
// user is trying to log in
if (isset($login) && isset($password)) {
$select = "SELECT tunnus, salasana FROM kayttaja WHERE tunnus='$login' AND salasana='$password'";
$rows = db_get_array($select);
if ($rows[0][0] == $login) {
$userid = $rows[0][0];
// Location: header will direct the browser to another URL
header("Location: $REQUEST_URI");
// META tag is for browsers that don't understand Location: header
echo "<META HTTP-EQUIV=Refresh CONTENT=\"0;URL=$REQUEST_URI\">\n";
// And a normal link for browsers that don't support META Refresh
echo "<A HREF=\"$REQUEST_URI\">$REQUEST_URI</A>\n";
exit();
}
else {
echo "Authentication failed<BR>";
}
}
?>
<P>Anna käyttäjätunnus ja salasana:</P>
<FORM ACTION="<?php echo $SCRIPT_NAME; ?>" METHOD=post>
<INPUT TYPE=text NAME=tunnus>
<INPUT TYPE=password NAME=salasana>
<INPUT TYPE=submit VALUE="Kirjaudu">
</FORM>
Now the problem is that even though the loginform accepts the user and pw, the user is not directed to the required page, but the form appears again. What's wrong?
