I'm not sure exactly what your problem is, cept that you say it doesn't work. Your code looks alittle too long to handle such a small task, Below is a piece of the code I created to use for my login/password sites, you may take it and use it for your needs. Creating a login script is as simple as this...
session_start();
if($username && $password)
{
//if the user has tried to log in
$db_conn = mysql_connect("localhost","$dbuser","$dbpass");
mysql_select_db("$dbname", $db_conn);
$query = "select * from auth where username='$username' and password=password('$password')";
$result = mysql_query($query, $db_conn);
if (mysql_num_rows($result) > 0)
{
// if they are in the database register the user id
$valid_user = $username;
session_register("valid_user");
}
}
Somewhere down the login page we need to do error checking and etc... this is what I used
if (session_is_registered("valid_user"))
{
//do something, they are valid and registered header location would go here.
}
else
{
if (isset($username))
{
//if they've tried and failed to log in
echo "<h6>Could not log you in, check username and password</h6><br />";
}
else
{
//they have not tried to log in yet or have logged out
echo "<h6>You are not logged in. <BR></h6><br />";
//here you can put your login form, simply ask for username and password.
}
}
On the pages you wish ONLY the registered user to view, put this little bit of code
session_start();
if (!session_is_registered("valid_user"))
{
//do something, this means the check failed and the user is not logged in..
}else{
//do something, this is where you put the information a valid logged in user views
}
If this is not what you are asking for, please reply with alittle more information and I'll see if I can help you further.
Regards,
Tony Devlin
