PLEASE PLEASE i need help with sesstions md5

tysoncane

Ok i am very new at this and i know i am doing soemthing wrong. I built a login and datebase and register page this all works i got all this from a book but i had to move around in the book becouse the help is a little unclear i think i know the answer but i thought i would ask

My question is i have used sesstion i think it is called md5 to protect my web site and it logs in the page fine. My question is what do i put on the other pages to protect them too so they can not just put it i there url
here is the code i am using

this is the log in page

<?php

require_once ('./includes/config.inc.php');

$page_title = 'Login';

if (isset($_POST['submitted'])) {

require_once('./mysql_connect.php');


if (!empty($_POST['email'])) {
	$e = escape_data($_POST['email']);
} else {
	echo '<p><font color="red" size="+1">You forgot to enter your email address!</font></p>';
	$e = FALSE;
}


if (!empty($_POST['pass'])) {
	$p = escape_data($_POST['pass']);
} else {
	$p = FALSE;
	echo '<p><font color="red" size="+1">You forgot to enter your password!</font></p>';
}

if ($e && $p) {


	$query = "SELECT user_id, first_name FROM users WHERE (email='$e' AND pass=SHA('$p')) AND active IS NULL";
	$result = mysql_query ($query) or trigger_error("Query: $query\n<br /> MySQL Error: ".mysql_error());

	if (@mysql_num_rows($result) == 1) {


	$row = mysql_fetch_array($result, MYSQL_NUM);
	mysql_free_result($result);
	mysql_close();
	session_start();
	$_SESSION['user_id'] = $row[0];
	$_SESSION['first_name'] = $row[1];
	$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);


	$url = 'http://' .$_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

	if ((substr($url, -1) == '/') or (substr($url, -1) == '\\')) {
		$url = substr ($url, 0, -1);
		}

		$url .='/index2.php';

		ob_end_clean(); 
		header("Location: $url");
		exit();

		} else { 
			echo '<p><font color="red" size="=+1">Either the email address and password entered do not match those on file or you have not yet activated your account.</font></p>';
			}

	} else { 
		echo '<p><font color="red"  size="=+1">Please try again.</font></p>';
	}

	mysql_close();

}
?>

this is the page that it redirects too
<?php # Script 9.16 - loggedin.php (4th verstion after scriots 9.2, 9.7 and 9.11)#User is redirediredted here from the login.php
session_start(); // Start the sesstion.
session_name('YourVisitID');

// If no sesion value is present, redirect the user
if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] !=md5($_SERVER['HTTP_USER_AGENT'])) ) {

	// startdefining the url.
	$url = 'http://' .$_SERVER['HTTP_HOST'] .dirname($_SERVER['PHP_SELF']);
	// Check for a trailing slash.
	if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
		$url = substr ($url, 0, -1); // chop off the slash.
}
$url .='/index2.php'; // add the page 

exit(); // Quit the script

}
?>

thank you so much ahead of time

Virii

I don't entirely understand the question, md5 hashing is something you can do to make a password more secure, not sure what you are having it do with a session. Please explain the question a little further.

LoganK

Why are you spelling "session" "sesstion"?

Also, if you just copied code from a book, we're not going to be able to help you much. You do understand PHP, right?

tysoncane

I did fix the problem i got the code what i am trying to ask is difrent now what seems to happen when somone is trying to go to a page by typing in a URL all they get is a blank page what can i do to make that page say something like you must be loged in with that code am i doing something wrong