PHP Login System ~ session.register and session.start errors (updated)<?phper

1. PHP Login System ~ session.register and session.start errors (updated)
2. <?php
3. error_reporting(E_ALL);
4. $host="localhost"; // Host name
5. $username="david_bpd"; // Mysql username
6. $password="documents123456"; // Mysql password
7. $db_name="david_bpd"; // Database name
8. $tbl_name="members"; // Table name
9.  
10. // Connect to server and select databse.
11. mysql_connect("$host", "$username", "$password")or die(mysql_error());
12. mysql_select_db("$db_name")or die("cannot select DB");
13.  
14. // username and password sent from form
15. $myusername=$_POST['myusername'];
16. $mypassword=$_POST['mypassword'];
17.  
18. // To protect MySQL injection (more detail about MySQL injection)
19. $myusername = stripslashes($myusername);
20. $mypassword = stripslashes($mypassword);
21. $myusername = mysql_real_escape_string($myusername);
22. $mypassword = mysql_real_escape_string($mypassword);
23.  
24. $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
25. $result=mysql_query($sql) or die(mysql_error());
26.  
27. // Mysql_num_row is counting table row
28. $count=mysql_num_rows($result);
29. if($count==1){
30. $_SESSION['myusername'] = $myusername;
31. echo '<meta http-equiv="refresh" content="0;url=/?module=admin&n=Login_success">';
32. }
33. elseif($count==0) {
34. echo '<meta http-equiv="refresh" content="0;url=/?module=admin&n=Login_Unsuccessful">';
35. }
36.  
37. <?php
38. session_start();
39. if (isset($_SESSION['myusername'])) {
40. if ($_SESSION['myusername'] == $myusername) {
41. //User should be allowed to be on page
42. } else {
43. echo '<meta http-equiv="refresh" content="0;url=/?module=admin&n=index">';
44. }
45.  
46. } else {
47. echo '<meta http-equiv="refresh" content="0;url=/?module=admin&n=index">';
48. }
49. ?>
50.  
51. <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
52. <tr>
53. <form action="/?module=admin&n=checklogin" method="post" enctype="multipart/form-data" name="form1" id="form1">
54. <td>
55. <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
56. <tr>
57. <td colspan="3"><strong>Administrator Login </strong></td>
58. </tr>
59. <tr>
60. <td width="78">Username</td>
61. <td width="6">:</td>
62. <td width="294"><input type="text" name="myusername" id="myusername"></td>
63. </tr>
64. <tr>
65. <td>Password</td>
66. <td>:</td>
67. <td><input name="mypassword" type="password" id="mypassword"></td>
68. </tr>
69. <tr>
70. <td>&nbsp;</td>
71. <td>&nbsp;</td>
72. <td> <button type="submit" name="Submit">Login</button>
73. <img src="../images/ajax-loader.gif" width="16" height="16" style="display: none"/>
74. <script>
75. $("button").click(function () {
76. $("img").show("slow");
77. });
78. </script>
79. </td>
80. </tr>
81. </table>
82. </td>
83. </form>
84. </tr>
85. </table>
86.  
87. <?php
88. session_start();
89. error_reporting(E_ALL);
90. $host="localhost"; // Host name
91. $username="david_bpd"; // Mysql username
92.  
93. <?php
94. session_start();
95.  
96. var_dump($_SESSION, $myusername); // The second one should be unset in your case you need to fix this!
97.  
98. $sessionHasUserName = isset($_SESSION['myusername']);
99. $userIsLoggedIn = $sessionHasUserName && $_SESSION['myusername'] == $myusername;
100.  
101. printf('<b>Session has User-Name?:</b> %d<br /><b>User is logged in?:</b>:%d<br />', $sessionHasUserName, $userIsLoggedIn);
102.  
103. if ($userIsLoggedIn)
104. {
105. //User should be allowed to be on page
106. } else {
107. echo '<meta http-equiv="refresh" content="0;url=/?module=admin&n=index">';
108. }
109.  
110. ?>