any chance someone can look at this for me please

[Accurax]

Ive got a little problem with my sessions, let me explain what im doing and maybe someone can see where im going wrong here..... as allways ... thanks in advance.

Ok, i have 3 pages .... login.php, checkuser.php & secretpage.php

basically, a user will fill in there username and password in login.php and then checkuser.php will make sure everythings in order, and then they should be allowed to veiew secretpage.php .... simple eh?

ok heres login.php, its actually a simple htm file, its only still got the php extension because i was playing with it earlier.

Code: Select all

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<form method="POST" action="checkuser.php">
  <input type="text" name="username" />
 User name 
 <p>
    <input type="text" name="password" />
  Password</p>
  <p>
    <input type="submit" name="Submit" value="Submit" />
  </p>
</form>
</body>
</html>

And heres checkuser.php

Code: Select all

<?php
session_start();
include("Vars.inc");


$connection=mysql_connect($host, $user, $passwd)
        or die ("Could not connect !");
$db = mysql_select_db($database, $connection)
        or die ("Could not connect to Database");

$username = $_POST['username'];
$password = $_POST['password'];
$pass = md5($password);

$query = "SELECT password FROM customer WHERE user_name='$username'";
$result = mysql_query($query)
        or die ("could not find user");
$row = mysql_fetch_array($result);

if ($pass == $row['password'] )
{
    session_register("auth");
    @$_SESSION['auth'] = "yes";
    echo "login successfull<br />";
}
else
{
    echo "invalid password<br />";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<ul>
<li><a href="secretpage.php">secret page</a></li>
</ul>
</body>
</html>

Pretty straigh forward.... the above 2 files work perfectly, the problem comes when i want to access further secure pages, such as secretpage.php

heres secretpage.php at the momnent

Code: Select all

<?php
session_start();
if ( @$SESSION['auth'] != "yes" )
    {
        header("location: hacker.php");
        exit();
    }
else
    {
        echo "You are now logged in!";
    }
    
?>
<html>
<head><title>Secret Page </title></head>
<body>

This is my testing secret page.
</body></html>

At the moment all i can manage to do is get thrown out towards hacker.php .... which is clearly not what i want here.

I know its something to do with the way im handleing the sessions...... any idea's please??

[Accurax]

its ok i got it.... I missed a damn underscore.... lol

[JacobHaug]

hahaha...they are really important...lol

[Ryan Fait]

I see that.