I am having trouble getting my login to verify. I realize that this is not the most secure login code ever but it will work for my purpose if I can get it to work at all. Right now if you have an incorrect login it will redirect you to the login again page. If you enter the correct login it will take you to the home. However you can still just type in teh home page directly and access it without having to log in. I am not sure why. Any help would be greatly appreciated.
Verification code for username and password. The login page directs here and this page directs it to either the relogin or the home page.
CODE
<?php
// start session
session_start();
// convert username and password from _POST or _SESSION
if($_POST){
$_SESSION['username']=$_POST["username"];
$_SESSION['password']=$_POST["password"];
}
// query for a user/pass match
$result=mysql_query("SELECT * FROM Admin
WHERE AdminID='" . $_SESSION['username'] . "' AND AdminPassword='" . $_SESSION['password'] . "'");
// retrieve number of rows resulted
$row=mysql_num_rows($result);
// print login form and exit if failed.
if($num == 1){
$_SESSION['authorized'] = "Yes";
header('Location: Homepage');
exit();
}
else{
header('Location: LoginAgainPage');
exit();
}
?>
This is the code that heads the pages. It is supposed to verify the session is authorized and if the session authorized is not yes then it redirects to teh login page. Otherwise the user is allowed to view the home page. However the page is allowing the page to be viewed just by typing in the web address without logging in.
CODE
<?php
session_start();
if ($_SESSION['authorized']!="yes")
{
header("Location: LoginPage");
$message = "You are not logged in or you used a wrong username or password. Please try again.";
}
?>
NOTE: The Location: have been changed. They are proper links.
| 