2 questions on authentication

spanishsteps

HI ya everybody,

I've written a very simple user-authentication script.Since, I've got only one user, i neither use a database nor a flat use.
I've got 2 questions with my script.
1.when i login to this page, this message "Unauthorized Access - Please Login" appears always.
2.when the user name and the password is matched, it shows header.php, fine!If the user trys to directly goto this page, i.e
http://localhost/myproject/main.php, it would be fine if its re-directed to login.php.How can i do this one??
I'm not sure if i'm doing correct by placing session_name("userinfo") on the top of everypage.
Could somebody of you can help me with this.

thank you

<?php 
session_name("userinfo"); 
session_start();

$myuser = "admin";
$mypass = "phpbuilder";

if ($pass =="" || $user=="")
$error= 2;

if (($pass != $mypass && $pass !="") || ($user != $myuser && $user!=""))
$error= 1;

if ($user == $myuser && $pass == $mypass)

{
header ('location: main.php');

}

else
{
echo"<form action=\"$PHP_SELF\" method=\"POST\">\n";

}

?>

<? 

//To check if no user name and password is entered.
	if ($error==1){ 
	echo "<font color=\"#FF0000\" face=\"vendana\" size=\"2\">"; 
	echo "Invalid Login - Please try again"; 
	echo "</font>"; 
	echo "<br>"; 
	session_destroy(); 
} 

//To check if user name and password entered is wrong

if ($error==2){ 
echo "<font color=\"#FF0000\" face=\"vendana\" size=\"2\">"; 
echo "Unauthorized Access - Please Login"; 
echo "</font>"; 
echo "<br>"; 
session_destroy(); 
} 

//To set the form for input

?> 
<body bgcolor="white" text="black">
<form name="form1">
<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p>
</form>
<form name="form2">
    <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p>
    <p>&nbsp;</p>
    <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p>
    <table align="center" border="1" width="324" bgcolor="#CCCCCC" bordercolordark="black" bordercolorlight="black">
        <tr>
            <td width="314" height="37">
                <p align="center"><span style="font-size:9pt;"><font face="Verdana">Please enter the user name and the password</font></span></p>
                <p>&nbsp;&nbsp;<span style="font-size:11pt;">&nbsp;</span><font face="Verdana"><span style="font-size:11pt;">User 
                name </span>&nbsp;&nbsp;&nbsp;&nbsp;</font>&nbsp;<input type="text" name="user">&nbsp;</p>
                <p>&nbsp;&nbsp;&nbsp;<span style="font-size:11pt;"><font face="Verdana">Password</font></span> 
                &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="password" name="pass"></p>
                <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="submit" name="formbutton1" value="Log in" style="font-family:Verdana;"></p>
                <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p>
            </td>
        </tr>
    </table>
</form>
<p>&nbsp;</p>
</body>

dalecosp

Hey, if you don't mind, stick a carriage return amidst all those spaces so this thread isn't so wide ... 😉

I don't ever use session names...don't see where you need to on this script.

Try including this edit to your code:

if ($user == $myuser && $pass == $mypass) {
   $_SESSION['auth_user']=1;
   header ('location: main.php'); 
   }

Then, on each page you want protected:

if ($_SESSION['auth_user']!=1) {
   header("Location: login.php");
   }

Finally, let's rethink the logic. Why don't you just a] test for good combination, set the auth var and call the header. b] test for null fields/invalid login, print the error, then exit(). c] include the form in an else() so that you get that message for all other conditions....

HTH,