Hi I use this code for my accesscontrol file: accesscontrol.php: <?php session_start(); include_once 'db.php'; include_once 'common.php'; if(isset($_POST['username'])) { $username = $_POST['username']; } else if(isset($_SESSION['username'])) { $username = $_SESSION['username']; } if(isset($_POST['pass'])) { $pass = $_POST['pass']; } else if(isset($_SESSION['pass'])) { $pass = $_SESSION['pass']; } if(!isset($username)) { ?> <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Please Log In for Access </title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> </head> <body> <h1> Login Required </h1> <p>You must log in to access this area of the site. If you are not a registered user, <a href="signup.php">click here</a> to sign up for instant access!</p> <p><form method="post" action="<?=$_SERVER['PHP_SELF']?>"> User ID: <input type="text" name="username" size="8" /><br /> Password: <input type="password" name="pass" SIZE="8" /><br /> <input type="submit" value="Log in" /> </form></p> </body> </html> <?php exit; } $_SESSION['username'] = $_POST['username']; $_SESSION['pass'] = $_POST['pass']; $username = $_POST['username']; $pass = $_POST['pass']; dbConnect("articles"); $sql = "SELECT * FROM user WHERE username = '$username' AND pass ='$pass'"; $result = mysql_query($sql); if (!$result) { error('A database error occurred while checking your '. 'login details.\\nIf this error persists, please '. 'contact you@example.com.'); } if (mysql_num_rows($result) == 0) { unset($_SESSION['username']); unset($_SESSION['pass']); ?> <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Access Denied </title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> </head> <body> <h1> Access Denied </h1> <p>Your user ID or password is incorrect, or you are not a registered user on this site. To try logging in again, click <a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant access, click <a href="signup.php">here</a>.</p> </body> </html> <?php exit; } $username = mysql_result($result,0,'username'); ?> PHP: Then I wanted to test the session I had set up. I coded these 4 simple pages: pro1.php: <?php include('accesscontrol.php'); ?> this is pro1<br> <a href=pro2.php>pro2</a> PHP: pro2.php: <?php include('accesscontrol.php'); ?> this is pro2<br> <a href=prono.php>prono</a> PHP: prono.php: this is prono<br> <a href=pro3.php>pro3</a> PHP: pro3.php <?php include('accesscontrol.php'); ?> pro3 PHP: pro means a protected page and prono mean available to everyone. I expected users to be logged in after filling 1 login form, and remain logged in after they visit pro2, prono, and want to view pro3 ( a protected page again) but i was not successful. Please help me where I'm wrong? the current result of the code is: pro1: first it is the login form, then the page is shown upon login After I click on the "pro2" link in pro1.php, this error occures: Notice: Undefined index: username in g:\programs(2)\easyphp1-8\www\ha\accesscontrol.php on line 48 Notice: Undefined index: pass in g:\programs(2)\easyphp1-8\www\ha\accesscontrol.php on line 49 Notice: Undefined index: username in g:\programs(2)\easyphp1-8\www\ha\accesscontrol.php on line 51 Notice: Undefined index: pass in g:\programs(2)\easyphp1-8\www\ha\accesscontrol.php on line 52 this is pro2 prono then, I click on prono and it's ok, ofcourse: this is prono pro3 Then I click on the pro3 link and I'm redirected to the login form. how do i fix it? thanks
This is not errors it's just notices... to turn off notices add this code line to top of your scripts: <?php error_reporting(E_ALL ^ E_NOTICE); //other code ?> PHP:
Thanks. Now no error appears. but how do i keek users logged in when they want to view pro3 and they have logged in for viewing pro1 and skipped a protected page by visiting a available-to-everyone page then returning to a protected one without closing their browser?