Sessions in PHP not blocking users

Question

I'm creating a website with a login and using sessions to prevent users from accessing particular pages unless they're logged in. I have a session checker (at the bottom) and it doesn't see a session so I don't think I'm registering it correctly but I've checked the web a few times and it stated that the way I'm doing it $_SESSION['myusername'] = $myusername; was the newer way but I'm thinking that's my issue. Thanks so much for taking the time to help I greatly appreciate it.

Login Script:

Check for Login Procedure:

$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$encrypted_mypassword=md5($mypassword);


$sql="SELECT * FROM users WHERE username='$myusername' and password='$encrypted_mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
$_SESSION['myusername'] = $myusername; 
header("location: control.php");
}
else {
header("location: failed.php");
}
?>

My sessions banner that I add to the pages I don't want to allow access to unless logged in:

And lastly my logout script:

Any help would be greatly appreciated. I apologize for so much information just wanted to make sure I had everything listed. I'm not exactly sure what I'm doing wrong. I have another script that I'm using to see if sessions are running and I don't even see a session there.

AbraCadaver · Accepted Answer

You need session_start() on every page that does anything with the session or $_SESSION vars, so add it to Check for Login Procedure.

And this:

if( isset($_SESSION['myusername']) ){
header("Location: login.php");

Should be NOT ! :

if( !isset($_SESSION['myusername']) ){
header("Location: login.php");

Sessions in PHP not blocking users

Answers (1)

Related Questions