sessions ::confused::

m4rk

so i decided it was time to learn aboot sessions. i grabbed some tutorials yada yada yada and it worked...with register_globals on. with them off it just don't work. so i went to php.net and read the manual and found out that session_register() and all that crap can't be used with register_globals off. so i did the whole $_SESSION['username'] crap and changed session_is_registered to isset (like php.net recommened) but it still won't allow the user access.

 -- login.htm

<div align="center">
  <table border="0">
    <tr> 
      <td width="50%">Please login:</td>
      <td width="46%">&nbsp;</td>
    </tr>
    <tr> 
      <td>Username:</td>
      <td><form name="form1" method="post" action="login2.php">
          <input name="username" type="text" id="username">
       </td>
    </tr>
    <tr> 
      <td>Password:</td>
      <td><input name="password" type="password" id="password"></td>
    </tr>
    <tr> 
      <td>&nbsp;</td>
      <td><input type="submit" name="Submit" value="Login"> </form></td>
    </tr>
  </table>
</div>

and then the auth script:

<?
include 'db.php';
// Simpify vars
$username = $_POST['username'];
$password = $_POST['password'];

// Encrypt login value for comparison to database
$password = md5($password);

// Check for empty values
if(empty($username) || empty($password)) {
	header("Location: login.htm?empty");
	exit();

}

$chklogin = mysql_query("SELECT * FROM ums WHERE ums_user = '$username' AND ums_pass = '$password'");
$chkrows = mysql_num_rows($chklogin);
if($chkrows > '0'){
	// Query SQL for data
	$row = mysql_fetch_array($chklogin);
	$m_id = $row["ums_id"];
	$m_user = $row["ums_user"];
	$m_first = $row["ums_first"];
	$m_last = $row["ums_last"];
	$m_t1 = $row["ums_t1"];
	$m_t2 = $row["ums_t2"];
	$m_t3 = $row["ums_t3"];
	$m_last_login = $row["ums_last_login"];

// User exists
// Start sessions and redirect to protected area
session_start();

//Register session values
$_SESSION["SESSION"] = "cow";
$_SESSION["s_username"] = $m_user;
$_SESSION["s_firstname"] = $m_first;
$_SESSION["s_lastname"] = $m_last;
$_SESSION["s_tier1"] = $m_t1;
$_SESSION["s_tier2"] = $m_t2;
$_SESSION["s_tier3"] = $m_t3;
$_SESSION["s_last_login"] = $m_last_login;

// Simplify session vars

$user = $_SESSION["s_username"];
$first = $_SESSION["s_firstname"];
$last = $_SESSION["s_lastname"];
$t1 = $_SESSION["s_tier1"];
$t2 = $_SESSION["s_tier2"];
$t3 = $_SESSION["s_tier3"];
$last_login = $_SESSION["s_last_login"];

// Update last login time
$cur_time = time();
mysql_query("UPDATE ums SET ums_last_login = '$cur_time' WHERE ums_id = '$m_id'") or die("Unable to update data. Crap on a stick immediately");
// Redirect user to "My Area"
header("Location: myarea.php");
exit();
}else{
	header("Location: login.htm?failed");
	exit();
}

?>

and the protected page...

<?
// myarea.php - secure page

// session check
session_start();
if (!isset($_SESSION["s_username"])){
	header("Location: login.htm?scram");
	exit();
}
$user = $_SESSION["s_username"];
?>

<html>
<head>
<basefont face="Verdana">
</head>

<body>

<center>
  <p><font color="#FF0000">My Area</font> </p>
  <p>Welcome <?=$user?></p>
  <p><a href="#">My Prefs</a> | <a href="logout.php">Logout<br>
    </a></p>

</center> 
</body>
</html>

any thoughts?