i've created a login page for my website which works correctly but if I just type the webpage in after the url I can access it without even logging in!
I need it so that you can only access a page if your logged in.
so my login page uses a form which in turn uses the check login script.
<?php
$host="localhost"; // Host name
$username="blank"; // Mysql username
$password="blank"; // Mysql password
$db_name="blank"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
Print "<html>";
Print "<head>";
Print "<link href='styles.css' rel='stylesheet' type='text/css' />";
Print "</head>";
Print "<body>";
Print "<img src=images/banner2.png alt='banner' />";
Print "<p>Wrong Username or Bad Password.</p>";
Print "<p>Or <a href='./index.html'>Click Here</a> to try again.</p>";
Print "</body>";
Print "</html>";
}
?>
and on each page I have:
<?php
session_start();
if(!session_is_registered(myusername)){
header("location: index.html");
}
?>
the password form works if you dont have a valid password then it says wrong password, but I can still access every page if I know their names.
thanks