[RESOLVED] help with session management

fearfx

ok I've created my login page for my website, now after you login you are redirected to main.php

now on main.php how do I securely check if the user is actually logged in?

this is my login code below

<?php

require_once('config.php');

function htmlChars($data) {
	return htmlspecialchars(stripData($data), ENT_QUOTES);
}

function stripData($data) {
	return ini_get('magic_quotes_gpc') ? stripslashes($data) : $data;
}


if (isset($_POST['login'])) {
	if (empty($_POST['username']) || empty($_POST['password'])) {
	  $error = 'Please enter your username and password';
	}

else {
	// Get user & pass
	$user = $_POST['username'];
	$pass = md5($_POST['password']);
	// Check user
	$Q1 = mysql_query(sprintf("SELECT * FROM `admins` WHERE `username` = '%s';", $user));
	$T1 = mysql_num_rows($Q1);
	if ($T1) {
	// OK!! for username
	$Q2 = mysql_query(sprintf("SELECT * FROM `admins` WHERE `username` = '%s' AND `password` = '%s';", $user, $pass));
	$T2 = mysql_num_rows($Q2);
	if ($T2) {
				// OK!! for password
				// Create cookies
				session_start();
				setcookie("---", "1");
				setcookie("---[user]", $user);
				setcookie("---[session]", session_id());
				session_write_close();
				// Create message
				header ("Location: main.php");
				exit();
			  }
			  	else {
	  $error = 'Invalid username or password';
	}
  }
  else {
	$error = mysql_error();
  		}
     }
}

?>

<?php if (isset($error)) { echo "<center>" . "<tr><td class=\"error\">$error</td></tr>" . "</center>" . "<br>"; } ?>

<div align="center">
			<table width='100%' border='0' align="center" cellpadding='5' cellspacing='0'>
					    <tr>
					      <td colspan='2' align='center'>
					        <br />
					        <img src='images/login-lock.gif' width='53' height='64' alt='' border='0' />						</td>
						  </tr>
					    <tr>
					      <td colspan="2" align='right'><div align="center"><table class="fg">
		  <form method="POST" action="<?php echo $_SERVER['PHP_SELF'] ?>">
			<tr>
			  <td class="label">Username:</td>
			  <td class="field">
				<input type="text" name="username" size="20" maxlength="20" value="<?php if (isset($_POST['username'])) { echo htmlChars($_POST['username']); } ?>">
			  </td>
			</tr>
			<tr>
			  <td class="label">Password:</td>
			  <td class="field">
				<input type="password" name="password" size="16" maxlength="16" value="<?php if (isset($_POST['password'])) { echo htmlChars($_POST['password']); } ?>">  <a href="forgotten_password.php">Forgotten?</a>
			  </td>
			</tr>

		<tr><td class="label">&nbsp;</td><td class="field"><input type="Submit" name="login" value="Login"></td></tr>
	  </form>
	</table></div></td>
				    </tr>

				    <tr>
				      <td colspan='2'><br /></td>
					  </tr>
		 </table>
</div>

fearfx

also, I am wondering if what I wrote is secure by any means, any pointers would be greatly appreciated!