Help with Login using Sessions

ravegti

I am new to PHP, but I am learning fast. I have already set up pages that you can "sign up" to a MySQL database. And have set up a login page that reads from the database. But now I want to make my page actually work, rather than just typing in "...validuser.php" and logging on through the back door.

This is the code I use for my login...

<?php

$email=$POST['email'];
$password=$POST['password'];

if($dbconnected==0){require('connect_db.inc.php');}

$sql="SELECT * FROM Customer WHERE Email='$email'";
$result=mysql_query($sql,$db);
$row=mysql_fetch_array($result);

if($password==$row['Password'])

{
header("Location: index.php?phpid=loggedin");
}
else
{
header("Location: index.php?phpid=invalid");
}

What do I need to do to add sessions to this code? I know how to check the sessions on the "secure" pages, but I just dont know how to set them. Thanks for your help.

gwchamb

But now I want to make my page actually work, rather than just typing in "...validuser.php" and logging on through the back door.

As simplistic as it sounds, all you really need to do is:

1) Set a session variable indicating a successful login.

2) Add code to each of your PHP scripts to verify that the user is logged-in. For example:

<?
    // Put this in a globally-accessible script
    // and include() or require() it.

function is_loggedin()
{
    return(isset($_SESSION["logged_in"]));
}

// Begin session handling
session_start();

// If the user isn't "logged-in," then
// redirect them to the login script.

if (!is_loggedin()) {
    header("Location: login.php");
}
?>

Hope this helps!

-- Gary