sessions problem

skyloon

i use this code to verify the username & password, but how to pass the username in every pages such as 'welcome andy' if andy login and 'welcome jack' if jack login.
this script is unsecure, what script should i include in every pages so when i enter http://localhost/payroll.php it will ask me to login first.

<?
session_start();
if ($username && $password)
{
$Connect = mysql_connect("localhost", "root", "");
mysql_select_db("mw");
$result = mysql_query("select * from account where username='$username' and password='$password'");

if (mysql_num_rows($result) > 0)
{
$valid_user = $username;
session_register("valid_user");
}
}
?>

<?
if (session_is_registered("valid_user"))
{

$SESSION['valid_user'] = $POST['username'];
echo "<center><br><br>You are logged in as: $valid_user <br><br>";
echo "<center><a href=\"logout.php\">Log out</a><br>";
}
else
{
if (isset($username))
{
echo "<center>Could not log you in";
}
else
{
echo "<center>You are not logged in.<br>";
}
echo "<form method=post action=\"login.php\">";
echo "<center><table>";
echo "<tr><td>Username:</td>";
echo "<td><input type=text name=username></td></tr>";
echo "<tr><td>Password:</td>";
echo "<td><input type=password name=password></td></tr>";
echo "<tr><td colspan=2 align=center>";
echo "<input type=submit value=\"Log In\"></td></tr>";
echo "</table></form>";
}
?>

TTT

echo "welcome ".$_SESSION['valid_user'];
🙂
you just have to session_start(); in every page

skyloon

what u said is not work.

Weedpacket

Don't mix session_register('valid_user') and $valid_user with $_SESSION['valid_user']. The manual explicitly advises against doing this many times for a reason. Use one method or the other; preferably the latter.

At least your code will be a bit simpler.

And what do you mean "not work"?