OK, I've thought about your reply bradgrafelman, and re-read this entire post from start to finish several times, and now I want to run the logic by everyone to see if I understand it correctly. That way I might be able to figure this out on my own. So, here goes...
First off every time I have seen a log in page that redirects back to a prior page that log in page did not contain the opening
session_start();
Only the pages that were linked to it contained this. So, I'm assuming this is unnecessary on the log in page.
Secondly these lines
if($username == TRUE){
$_SESSION['UserName'] = $username['USER_NAME'];
header("Location: http://mysite.com".$url");
exit();
}
First check to see if a valid log in has been entered, and if so, the username variable is set to the session ID variable and then the page is redirected back to the previous page.
The lines that sit on the top of every page including the log in
<?php
session_start();
if(isset($_SESSION['url'])) {
$url = $_SESSION['url'];
}
else {
$url = "index.php";
}
Start the session ID that has been created from the valid log in then check as to whether the current url matches the url that the user is on and, if so redirects them back to the previous page, or, if not, send them to the index.php page. This only happens if a valid log in was created. Other wise this line occurs
if($username == FALSE)
{
$Password = null;
showForm('Invalid log in information.');
exit();
}
Which keeps them on the log in page and send up the error message.
Therefore, the line
if (!isset($_SESSION['ValidLogIn'])){
does nothing because there is no ValidLogIn session ID being set so this needs to be removed.
Because these lines
$UserName = $_POST['txtUserName'];
$Password = $_POST['txtPassword'];
//validate username and password match
if($Password != Password($UserName) && isset($_POST['btnSubmit']))
{
showForm('User Name And Password Do Not Match!');
exit();
}
check to see if a valid check in is made pass the variable $UserName down to the valid check which if true sets the session ID.
Therefore, I should change this line on the header page (where I want to change the log in to log out etc
if (isset($_SESSION['ValidLogIn'])){
needs to be changed to
if (isset($_SESSION['UserName])){
Is this correct??