i think sessions are better... cookies someone could actually go in and read while they are stored on your cpu.. not likely, but possibly.... sessions are great.. but the user has to logout because i have noticed that sometimes the SESSIONID is still a link in the browser.... but.. the logout fixes that... correct?.. anwho.... to the code.. this worked well for me.. basic.. and does what you are asking for

on your login page

<?
session_start();

if ($user && $pass)
{
  // if the user has just tried to log in

  $db_conn = mysql_connect("localhost", "username", "pword");
  mysql_select_db("databasename");
  $query = "select * from tablenamegoeshere where name='$user' and pass='$pass'";
  $result = mysql_query($query);
  if (mysql_num_rows($result) >0 )
  {
    // if they are in the database register the user id
    $valid_user = $user;
    session_register("valid_user");
  }
$goto = header ("Location: [url]http://www.locationyouaregoingto.com[/url]");
}
?>

i also put this in the middle of my page to display whether or not they are logged in..

<? 

  if (session_is_registered("valid_user"))
  {
   	echo "$goto";
  }
  else
  {
    if (isset($user))
    {
      // if they've tried and failed to log in
      echo "Could not log you in";
    }
    else 
    {
      // they have not tried to log in yet or have logged out
      echo "You are not logged in.<br>";
    }
	}
	?>

members page or page you directed to.. at the top goes...

<?
session_start();
?>

then in the middle that page it displays that you are logged in as... username... and if not it says you are not.. and that code is here.....

                   <?
  // check session variable

  if (session_is_registered("valid_user"))
  {
    echo "You are logged in as: $valid_user <br>";
  }
  else
  {
    echo "<p>You are not logged in.<br>";
  }


?>

to logout.. you need to make this page..... and send link it to a logout button.. which will destroy the session...

<?
  session_start();

  $old_user = $valid_user;  // store  to test if they *were* logged in
  $result = session_unregister("valid_user");
  session_destroy();
?>

then again...you can echo out like above.. if they are logged in or not...

hope that helps...

I've come up with this... But it just displays a blank page.

<?php
$bartitle = "Login";
$pagetitle = "Login";
$category = "Accounts";
$catitems = "accounts.inc.php";
include("header.inc.php");
?>
<?php
session_start();
if($entuser && $entpass)
{
$sql = "SELECT * FROM users WHERE username = '$entuser' and password = '$entpass'";
$res = mysql_query($sql);
if(mysql_num_rows($res) > 0 )
{
$valid_user = $entuser;
session_register("valid_user");
}
}
?>
<?php
include("footer.inc.php");
?>

Doesn't show the includes or anyting. Know why?

no.. i have no clue.. i havent used includes with anything ive messed around with... i just recently figured out how to do the login ...in your code is it allowing you to login? and is it redirecting you to your members page at all?

do u have a url?

Don';t worry I've fixed it. Working great now. Thanks!

great!!

Using that script, how can I display a logged in username on another page? The session_is_registered function doesn't seem to be working.

this should go where you want it on the page......

<?
  // check session variable

  if (session_is_registered("valid_user"))
  {
    echo "Welcome $valid_user! <br>";
  }
  else
  {
    echo "<p>You are not logged in.<br>";
  }


?>

something like that... assuming that you used valid_user as your variable... experiment with the <br> as well.. you may not want them

I have left the login page unmodded except for DB syntax adjustments, and I have the post-login-redirect page coded like this

<?
  // check session variable
	session_start();

  if (session_is_registered("valid_user"))
  {
    echo "Welcome $valid_user! <br>";
  }
  else
  {
    echo "<p>You are not logged in.<br>";
  }


?>

Yet it just displays "You are not logged in."

that code works with 4.3 for sure.. i had 4.0.6 and it wouldnt work.. www.php.net has syntax there..

Originally posted by radioJGH
that code works with 4.3 for sure.. i had 4.0.6 and it wouldnt work.. www.php.net has syntax there..

Im using 4.3 btw

Here's the source I'm using:

login.php

<?
session_start();

if ($user && $pass)
{
  // if the user has just tried to log in

require('CONFIG FILE');
  $query = "select * from users where user_name='$user' and user_pass='$pass'";
  $result = mysql_query($query);
  if (mysql_num_rows($result) >0 )
  {
    // if they are in the database register the user id
    $valid_user = $user;
    session_register("valid_user");
  }
$goto = header ("Location: session.php");
}
?>

Actual Login Page

 form name="loginform" action="login.php" method="post">
          Name:  <input type="text" name="user"><br>
		  Password:  <input type="password" name="pass"><br>
          <input name="submit" type="submit" value="Login">
     </form>

session.php

<?
  // check session variable
    session_start();

  if (session_is_registered("valid_user"))
  {
    echo "Welcome $valid_user! <br>";
  }
  else
  {
    echo "<p>You are not logged in.<br>";
  }


?>

no your php version the code is using to execute the code..

phpinfo()

or which version you have of PHP installed.. or if you have a server you upload to and pay for.. contact them and ask

CRAP

didnt see you had 4.3

dunno man, that works

do you have the variables that hold user and pass consistent throughout your document.... also.. make sure your database is right with it to.. i used it with mySQL

The variables seem to be consistent. One note...if I use incorrect login I am taken to a blank screen, whereas when I enter correct info I am brought to the "You Are Not Logged In" screen, some something must be working properly. Do you see anything wrong with the session variables?

$goto = header ("Location: session.php");

should be

$goto = header ("Location: http://yourwholeurlhere/session.php");

thats seriously the easiest way i do it... then you dont have to second guess if you are looking in the right directory for it....or you can guess.... im not to sure.. but i have had to use \"session.php\" or \"session.php"\ cant remember which one...

whast the url to your site?

I tried that and still get the same result. I don't think the URL is the problem because it is going to session.php and not giving me a 404 error or anything like that.

is register local variables on in your phpinfo() file?

do you have a website i can check it out at?

register_globals On On

Yup. I don't have any other problem with sessions on my site (I use them in an error page to tell users which forms they forgot to fill out on my site's mailform). I would rather not post a URL at the current time because it is still in 'beta' mode so to speak and is still in the early stages of development.

cool.. yea.. the code i gave you should work... maybe you forgot a $when you needed one or maybe you didnt need one ... could your session.php be messed up? go back and paste in the code i put on there.. and then make your slight changes to it