Hi (again) Guys!
Now I got my old problem solved, but now I have a problem with sessions. In my code admin.php the user is verified by a MySQL database, and then a session: 'user' is registered. Well when the user presses a link to a another page called news.php it will be checked if the session is the same as in the same script, or if it's even registered (to prevent people trying to break in). But everytime i redirect to news.php I get a file included ip.php wich tells me Im about to break in.
What to do, to keep the session 'user' at the same value, or is it another problem?
admin.php:
<?php
include('config.php');
con_db();
$usr = $POST['usr'];
$pwd = $POST['pwd'];
$result = mysql_query("select pass from brugere where user = '$usr'")
or die (mysql_error());
$row = mysql_fetch_array($result);
if($row[pass] == $pwd){
$navn = mysql_query("select navn from brugere where user = '$usr'");
echo '<center><h3>Hej ';
while ($data = mysql_fetch_array($navn))
{
echo $data[navn];
}
echo '<BR /></h3><h5>You are logged in with admin-rights</h5></center><BR />';
echo '<center><a href="forside.php?side=nyhed"><h4>Tilføj Nyhed</h4></a></center>';
session_start();
$_SESSION['user'] = "Administrator";
}
else
{
include('ip.php');
}
?>
news.php
<?php
session_start();
if(!$_SESSION['user'] == "Administrator"){
include('ip.php');
exit;
}
else
{
?>
kode..kode..kode..
<?php
}
?>
