info wont go over.

PunkGo

hi, im still workin on the rpg and i was wondering how come my login info wont carry over to some pages...ithink that may b why its not working... u can see it at www.counter-craft-central.com/game/login.php and login as punkgo and password is 1 then i have the pages rigged up to say the username and pass on next page....heres the login.php code.

<?php

mysql_connect('localhost', 'punkgo_punkgo', '*****')
or die(mysql_error());

mysql_select_db('punkgo_test')
or die(mysql_error());

echo "
<form action='http://www.counter-craft-central.com/game/logincheck.php' method='post'>
<strong>Login</strong><br><br>
Username:
<input type='text' name='username' size='10'><br><br>
Password:
<input type='password' name='password' size='10'><br><br>
<input type='Submit' name='submit' value='Login'>
<input type='reset' name='reset' value='Reset'>"
;
?>

heres logincheck.php

<?php
session_start();

$_SESSION['username'];
$_SESSION['password'];
mysql_connect('localhost', 'punkgo_punkgo', ****)
or die(mysql_error());

mysql_select_db('punkgo_test')
or die(mysql_error());

$password = $_POST['password'];
$username = $_POST['username'];

$result = mysql_query("SELECT * FROM user WHERE username = '$username' AND password = '$password'");
if( mysql_num_rows( $result ) == 1 ) {
$_SESSION['logged'] = 1;
}
if( $_SESSION['logged'] == 1 ) {
echo "<a href='http://www.counter-craft-central.com/game/buyweapon.php'>here</a><br>";
echo "$username  $password";
}
?>

heres buyweapon.php

<?php
session_start();
$_SESSION['username'];
$_SESSION['password'];
mysql_connect("localhost", "punkgo_punkgo", "****")
or die(mysql_error());

mysql_select_db("punkgo_test")
or die(mysql_error());


$password = $_POST['password'];
$username = $_POST['username'];

if($_SESSION['logged'] = 1){
echo "
<b>COST OF ITEM IS 4 POINTS!(type 4 in)</b>
<form method='post' action='checkweapon.php'>
<input type='text' name='costofring'>
<input type='submit' value='GO!'>
</form>";
echo "$username  $password";
}

?>

heres checkweapon.php

<?php
session_start();
$_SESSION['username'];
$_SESSION['password'];

mysql_connect("localhost", "punkgo_punkgo", "****")
or die(mysql_error());

mysql_select_db("punkgo_test")
or die(mysql_error());

$password = $_POST['password'];
$ring = $_POST['costofring'];
$neededpoints = mysql_query("SELECT points FROM user WHERE username='$username'");
$result = mysql_fetch_array($neededpoints);
$cost = 4;

echo "debug: $result";
echo "user: $username<br>";

if($result >= $cost){
mysql_query("update user set points=points-$cost where username=$username");
}
else {
echo 'wrong';
}
?>

any suggestions?

Weedpacket

These lines

$_SESSION['username'];
$_SESSION['password'];

aren't doing anything. Certainly, their valeus are not being checked at all.

I think you're wanting

$username = $_SESSION['username'];
$password = $_SESSION['password'];