I am trying to set up an area where our members log in and then they can do a directory search. I got a password and login thing working and I then test to make sure they are a valid user and set the username to the session valid user.
If they manage to login I then send them to search_form.php where they can enter some search criteria. The method is "post" on that form and the action takes them to a member_list.php page where the query is generated and results are displayed.
How do I ensure on the search_form.php and the member_list.php that I am still working with the same session user? Do I just need to do a test to see if $_SESSION['valid_user'] exists or is there something else to it?
The login form requires them to validate using the following code:
//connect to database
$conn=db_connect();
if ($username && $passwd)
{
// they have just tried logging in
login($username, $passwd, $conn);
//returns true if their username and password match the database
// if they are in the database register the user id
$_SESSION['valid_user'] = $username;
}
else
exit ;
