<?php
session_start(); # start up the session
$host="localhost"; // Host name 
$db_username="root"; // Mysql username 
$db_password=""; // Mysql password 
$db_name="shop"; // Database name 
$tbl_name="users"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$db_username", "$db_password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$username=@$_POST['username']; 
$psswd=@$_POST['password']; 
$password = md5(trim($psswd));

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM users WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['logged_in'] = true;
header("location:login_success.php");
}
else 
{
header("location:registration.php");
}

?>

ok,i have this login.php script but i want to create some parts of my web to be availabale only for logged users i've tried with $_SESSION[logged_in]=false; but it doesnt work

Member Avatar for Zagga

To ensure only logged-in users enter a particular page, add this code to the top of the page.

<?php
session_start();
if (!isset($_SESSION['logged_in']) || ($_SESSION['logged_in'] == false)){
    header("location:your_login_page.php");
    exit();
}
?>

You say you tried this and it didn't work. Could you be a bit more specific please?
Did you get any error messages?
What happened that wasn't supposed to?
What didn't happen that was supposed to?

thanks a lot a tried this but i forgot to put session start() on the top of the code. Now its work.

i'm new in PHP but this is my last question how to display the name of the logged user i tried with this one but it shows me an error that username is undefined index

<?php echo $_SESSION['username']?>

And should i connect to my database and table and then ,to put this code on the place where i like .

In order for you to be able to access data at $_SESSION['username'], you have to have assigned data to there previously. It worked for $_SESSION['loggedin'] because you assigned a value to it on line 33. To store the username, you can add this after line 33:

$_SESSION['username'] = $username;
Member Avatar for Zagga

As EvolutionFallen said but also don't forget you need to put session_start() at the top of ALL pages that set, change or display $_SESSION variables.

<?php
session_start();
echo $_SESSION['username'];
?>

You don't need to connect to the database when you display session variables. The username probably comes from a database so you may need connect to retrieve it before you can set it as a session variable.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.