How do I define my $_SESSION['amyusername']; and $_SESSION['amypassword']; properly?
Full code:
$host = "localhost";
$username = "root";
$password = "";
$db_name = "login";
$tbl_name = "medlemmer";
if ($_POST['amyusername'] && $_POST['amypassword']) {
//Opret forbindelse til Databasen via MySQL.
mysql_connect("$host", "$username", "$password") or die ("Kunne ikke oprette forbindelse til databasen!");
mysql_select_db("$db_name");
$amyusername = mysql_real_escape_string($_POST['amyusername']);
$amypassword = mysql_real_escape_string($_POST['amypassword']);
$amypassword = md5($amypassword);
$sql = "SELECT * FROM $tbl_name WHERE Brugernavn = '$amyusername' AND Password = '$amypassword' ";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if ($count == 1) {
while($row = mysql_fetch_array($result)) {
if($row["Rank"] == "C") {
$_SESSION['amyusername'];
$_SESSION['amypassword'];
header("Location: admin_success.php");
}
else {
echo "Du er ikke Admin!";
header("refresh: 3, admin.php");
}
}
}
else {
echo "Indtast et gyldig ADMIN login";
header("refresh: 3, admin.php");
}
}
else {
echo "Du skal indtaste et brugernavn og password!";
header("refresh: 3, admin.php");
}
?>
Where the code isn't defined properly:
if($row["Rank"] == "C") {
$_SESSION['amyusername'];
$_SESSION['amypassword'];
header("Location: admin_success.php");
}
It just passes through and lets everybody in no matter if they are admin or nor. I've tried for 3 hours getting it to work. It might be because $SESSION['amyusername']; and $SESSION['amypassword']; is not defined properly or what? I do not know what I should do.