Your links seem to be of no help. Anyways I will give a little intro as to how to work with basic login and sessions.
login.html: The form which should be in the login.html page. Method MUST be POST as you are passing sensitive information to another page. Also note the names of the input fields.
<form role="form" method="POST" action="login_result.php">
<label for="UID">UserID:</label>
<input class="form-control" type="text" name="UID" required>
<br>
<label for="pwd">Password:</label>
<input class="form-control" type="password" name="pwd" required><br>
<button class="btn btn-default" type="submit">Login</button>
</form>
login_result.php: This is where the validation takes place.
<?php $username = trim($_POST['UID']); //UID is the name of the username input field
$pass = trim($_POST['pwd']); //So is pwd
if(strcmp($username,"admin") === 0 && strcmp($pass,"admin") === 0 )
{
session_start(); //start session
$_SESSION['username'] = $username;
//store userdata for further use.
//My page is simple so it just stores the username
header("Location: note.php"); //redirect to your "success" page
}
else
{
//Wrong credentials
header("Location: login.html");
}?>
The verification is basic here. I usually employ hashing but for now this will do fine
note.php: Reuse the Session variable to display the username like,
<h3>Welcome, <?php echo $_SESSION['username']; ?> </h3>
You must also check for each page if the session is active, and redirect to the login if its not, else there is no meaning to the login.
in_all_pages: Add this at the beginning,
<?php
session_start(); //start the session
if (!isset($_SESSION['username']) || empty($_SESSION['username']))
{
//redirect to the login
header("Location: login.html");
exit();
}
Remember to destroy the session like:
logout.php:
<?php
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
header("Location: login.html");
?>