Session Login Help for Beginners

wilna

Hi
I have been working threw tutorials on the Internet, but can someone just clarify for me if my session login script is enough?

Page1.htm
Normal Login *.htm page which has a form and requires a login and password and which sends the information to eg page2.php

Page2.php
session_start();
$user = $HTTP_POST_VARS['username'];
$pass = $HTTP_POST_VARS['password'];
Then connects to mysql, check if usernames exists:
if ($num_rows == 0) {
.....Displays text and link that takes user back to login/register page....
}
else {
$SESSION['user'] = $user;
$SESSION['auth'] = true;
Display's text that takes user to next page
}

page3.php
session_start();
if($_SESSION['auth'])
{
..........Do your thing.............
} else {
Kick em out
}

Is this enough? Did I miss something? What about session register - where does this fit in? Please help a newbie!

Drakla

session register is old hat - just use the $SESSION superglobal array for everything. Also use $POST instead of $HTTP_POST_VARS if your version of php is anything like modern. Same with $GET and $COOKIE

wilna

Thank you, so I do not have to worry about using session register somewhere? My script is OK?

Pehape

i never use session register in my script...