//always start the session before anything else!!!!!! session_start(); if(isset($_post['username']) $$ $_post['password']){ $username = $_post['username']; //name of the text field for usernames $password = $_post['password']; //likewise here just for the password //connect to the db $user = ''; $pswd = ''; $db = ''; $conn = mysql_connect('localhost', $user, $pswd); mysql_select_db($db, $conn); //run the query to search for the username and password the match $query = "select * from users where user_name = '$username' and password = password('$password')"; $result = mysql_query($query) or die("unable to verify user because : " . mysql_error()); //this is where the actual verification happens if(mysql_num_rows($result) == 1){ //the username and password match //so e set the session to true $_session = true; //and then move them to the index page or the page to which they need to go header('location: index.php'); }else{ $err = 'incorrect username / password.' ; } //then just above your login form or where ever you want the error to be displayed you just put in echo $err; /**********then below you will have your login form and everything else*********/
session_start(); //this checks to see if the $_session variable has been not set //or if the $_session variable has been not set to true //and if one or the other is not set then the user gets //sent to the login page if(!isset($_session) || $_session !== true){ header('location: login.php'); } echo "you are currently logged in";
***this article is sourced from http://forums.tizag.com/showthread.php?t=798