Hello ive got this code of the net just wanted some1 2check it 2make sure, also ive got these two peices of code the ones ive highlighted them in red, but dnt understand wa it means by saying put this code in first line of web page any ideas, ive got the basic loggin form which is linked from homepage. any 1 got any ideas?? thanks dave

// Put this code in first line of web page.

// Check if session is not registered , redirect back to student login.
// Put this code in first line of web page.

Login Successful

$host="host"; // Host name
$username="dk"; // Mysql username
$password="d"; // Mysql password
$db_name=""; // Database name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form

// encrypt password

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM members WHERE username='$myusername' and password='$encrypted_mypassword'";

// Mysql_num_row is counting table row
// If result matched $myusername and $mypassword, table row must be 1 row

// Register $myusername, $mypassword and redirect to file "login_success.php"
else {
echo "Wrong Username or Password";

Hi there, I'm a bit confused:

  • I don't see a reason for calling session_start(); session_destroy(); I'd say that you can safely ignore this
  • The other "Put this code in first line of web page" is correct though. All your protected web pages must have .php extension and contain this as the first thing in the file
    if (!session_is_registered("myusername")) {

Otherwise the code seems to be ok, let me know if you're having any problems.

Hello so your saying put that code in everypage that needs a password and username 2access it but call the page something like homepage.php, and the code above goes in the top section. so when someone logs in it takes them 2 a page with this code in "Put this code in first line of web page" am i right thanks

I'm sorry I got lost in your post so let me reword it.
Let's say that you have pages homepage.php, courses.php, students.php and you want to protect all three - valid username+password is required to access them.
So you put the session_start()... code into each.

When someone opens one of them and is not logged in, he will be redirected to locationtudentLogin.php - that's the page with $host=...
He will log in there and stay logged in even when he leaves the page. Then he can access one of the protected page and he will see their content.

Is it clearer now?

Basically, its like this. You have for example 3 pages. homepage.php, courses.php and students.php.
homepage.php is a login script, where the user can login. You should check if the user is a valid user. You shouldn't let the user to go to page2 or page3 (ie., courses.php and students.php) if the user hasn't logged in. For this, you can use sessions. Once the user has logged in, add his username to the session. ($_SESSION=$username; ). Then on page2 and page3, check if $_SESSION is not null. If its null, then he isn't a valid user, so redirect him back to homepage.php. If he's a valid user, show him page2. That can be done as shown by petr.pavel in post2.

k ive kind of got it now so im gona put this code in the first page after the user logs in..
<?phpsession_start();if (!session_is_registered("myusername")) { header("locationtudentLogin.php");}?>

Then after his filled in the first form he will go 2the next screen where i need 2put this code in and so on and on page 3


when user signs in keeps saying "Wrong Username or Password";

when user signs in keeps saying "Wrong Username or Password";

So what did you do to try to find out why? C'mon, we're not going to do your homework for you, we can just explain things if you ask specific questions.

Try to insert echo $sql; after $sql="SELECT * FROM members WHERE username='$myusername' and password='$encrypted_mypassword'"; to see what's being executed. Then you can execute the sql yourself and see if it returns something.
This way you will verify that:
* username and password is properly submitted
* a db record for this user really exist - and there's only one, not more of them
* the query is correct

My impression is that you're just starting with PHP and you're trying to jump right into the middle of a project without learning the basics first.