You may think this is simple. But im doing everything right and its not working.
I want it so that only logged in members can see a page. But when i logout and go to the page the content turns up!
Its sodding simple and its not working. Any ideas?

Thanks
- Luke

Sessions:


<?php
session_start();

if(isset($_SESSION['session_var']))
{

// Content goes here

}
else
{

die(); // End html

}
?>


Cookies


<?php
ob_start();

if(isset($_COOKIE['session_var']))
{

// Content goes here

}
else
{

die(); // End html

}
?>

right its working but it keeps showing me the content that the logged out person should see.

Paste your code.

login.php

<?php
echo("
<form action='validation.php' method='post'>
Username: <input type='text' name='username' size='20'><br><br>
Password: <input type='password' name='password' size='20'><br><br>
<input type='submit' name='submit' value='login'>
</form>
");
?>

validation.php

<?php
require("includes/connect.php");
$username=$_POST['username'];
$password=$_POST['password'];
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
session_register("username");
session_register("password");
echo("<meta HTTP-EQUIV='REFRESH' content='2; url=main.php'>");
}
else {
echo "Wrong Username or Password";
}
?>


main.php

<?php
session_start();
if(!session_is_registered("username"))
{
echo("user sees thus");
}
?>

Ew, ew, ew.



<?php
session_start();
require("includes/connect.php");

function clean($var)
{

$var = htmlspecialchars( $var, ENT_QUOTES );

if( get_magic_quotes_gpc( ) ) {

$var = stripslashes( $var );

}

$var = htmlentities( $var );
$var = mysql_real_escape_string( $var );

return $var;

}

// Declare variables
$username = clean($_POST['username']);
$password = clean($_POST['password']);

// Define SQL Query and execute it
$sql = "SELECT * FROM `".$tbl_name."` WHERE `username` = '".$username."' AND`password` = '".$password."'";
$result = mysql_query($sql) or die("MySQL could not execute the query: ".mysql_error());

// Count the rows
$count = mysql_num_rows($result) or die("MySQL could not execute the query: ".mysql_error());

if($count === 1)
{

$_SESSION["username"] = $username;
/* We're not making a session for the password as why is it needed?.. */
echo("<meta HTTP-EQUIV='REFRESH' content='2; url=main.php'>");

}
else
{

echo "Wrong Username or Password";

}
?>


<?php
session_start();

if(isset($_SESSION["username"]))
{

echo("user sees thus");

}

?>

Thanks for the help pal! Your a good un' :P
+rep if i can ;)

No problem (:

I hope your script works now ^^.

It doesnt lol but i know why now. Thanks again!
Sorry cant rep you :( stupid vb