Help! I am trying to protect pages. The protected pages eve.php & cindy.php cannot be accessed. The user can login and continue to the page, but the page is denying them access to itself. Cindy mustn't be able to see Eve's page & vice versa and the page mustn't be view without logging in. It appears that the variable $_SESSION["user"] is not carrying over, because it always returns false, and tells the user they are not logged in, when they have logged in correctly. If it's not, I need it to. I would like to keep the setup the same.
The setup is as follows login.php -> login2.php -> either cindy.php or eve.php If try to direct access page (cindy or eve), you are told you don't have permission to view the page, and are given a link to log in.
login.php:
<html>
<head>
<title>Login in page</title>
</head>
<body>
<form action="login2.php" method="POST">
Username: <input type=text name="username" size="20"><br>
Password: <input type=password name="password" size="20"><br>
<input type=submit name="submit_button" value="Login">
</form>
</body>
</html>
login2.php
<?PHP
if($POST['submit_button']){
$users = Array("eve","cindy");
$passwords = Array("test1","test2");
$ran=false;
for($x=0; $x<count($users);$x++)
{
if($users[$0]==$POST['username'])
{
if($passwords[$0]==$POST['password'])
{
session_start();
$SESSION["user"] = $_POST['username'];
$ran=true;
echo "<a href='eve.php'>login successful!!</a>";
break;
}
}
if($users[1]==$_POST['username'])
{
if($passwords[1]==$_POST['password'])
{
session_start();
$_SESSION["user"] = $_POST['username'];
$ran=true;
echo "<a href='cindy.php'>login successful!!</a>";
break;
}
}
}
if(!$ran){
echo "Login information is incorrect.";
}
}else{
echo "Login information is incorrect.";
}
?>
cindy.php
<?php
$username = "cindy";
if ($_SESSION['user'] != $username)
{?>
<?php
echo "You must be logged in with the proper permissions to view this page.";
echo "<p></p>";
echo "<a href='login.php'>Return to Login</a>";
?>
<?php
}
else {
?>
<html>
<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Cindy's Page</title>
</head>
<body>
<h2>Hello Cindy!</h2>
<p></p>
</body>
</html>
<?php
}
?>
eve.php
<?php
$username = "eve";
if ($_SESSION['user'] != $username)
{?>
<?php
echo "You must be logged in with the proper permissions to view this page.";
echo "<p></p>";
echo "<a href='login.php'>Return to Login</a>";
?>
<?php
}
else {
?>
<html>
<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Eve's Page</title>
</head>
<body>
<h2>Hello Eve!</h2>
<p></p>
</body>
</html>
<?php
}
?>
