I'm new to PHP, and I want to make possible to access a page only if a person is logged in. login2.php:
<?php
$host="hostxyz";
$dbusername="userxyz";
$dbpassword="xyz";
$db_name="dbxyz";
$tbl_name="tblxyz";
mysql_connect("$host", "$dbusername", "$dbpassword")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$username=$_POST['username'];
$password=$_POST['pwd'];
$encryptedpwd=sha1($password);
$username = stripslashes($username);
$encryptedpwd = stripslashes($encryptedpwd);
$username = mysql_real_escape_string($username);
$encryptedpwd = mysql_real_escape_string($encryptedpwd);
$sql="SELECT * FROM $tbl_name WHERE username='$username' and pwd='$encryptedpwd'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
$_SESSION['username'] = $username;
$_SESSION['pwd'] = $encryptedpwd;
header("location:login_success.php");
}
else {
echo "Username e/o password errata.";
}
?>
login_success.php:
<?php
session_start();
if($_SESSION['username']){
header("location:area_utenti.php");
}
?>
<html>
<body>
Login Successful
</body>
</html>
area_utenti.php (member_area.php translated):
<?php
session_start();
if(!isset($_SESSION['username'])) {
header("location:dologin.html");
}
?>
<html>
<head>
<title>Area Utenti</title>
</head>
<body>
<p>Sei loggato, bravoh!</p>
</body>
</html>
dologin.html is simply a page where unregistered/unlogged users are redirected if they try to access to member area. The problem is that after I log in, I should be redirected to area_utenti.php, but area_utenti.php redirects me to dologin.html. What did I do wrong? Sorry for bad English.
P.S.: I tried to search for solutions on StackOverflow, and I tried to apply them, but they didn't work.
