Untitled

<?php

session_start();

//Connection and select database go in here

// username and password sent from form
$myusername=$_POST['Email'];
$mypassword=$_POST['User_Password'];

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT User_ID, Email, User_Password FROM $tbl_name WHERE Email='$myusername' and User_Password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row counts table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// is_auth to make sure they can view other pages that need credentials.
$_SESSION['is_auth'] = true;
$_SESSION['User_ID'] = $result->User_ID;

// Once the sessions variables have been set, redirect them to the landing page / home page.
header('location: ../View/main.php');
exit;
 }

else {
$error = "Please enter an email and password to login.";
}
header("location:../View/mainUnauthenticated.php");

<?php

    session_start();
echo $_SESSION['User_ID'];

// Test the session to see if is_auth flag was set (meaning they logged in successfully)

// If test fails, send the user to homepage and prevent rest of page being shown.

if (!isset($_SESSION["is_auth"])) {
header("location: ../View/mainUnauthenticated.php");
exit;
    }
else if (isset($_REQUEST['logout']) && $_REQUEST['logout'] == "true") {
// At any time we can logout by sending a "logout" value which will unset the "is_auth" flag.
// We can also destroy the session if so desired.
unset($_SESSION['is_auth']);
session_destroy();
// After logout, send them back to homepage
header("location: ../View/mainUnauthenticated.php");
exit;
}
?>

<?php include('../Controller/is_auth.php')

?>


<p>
<input type="text" name="User_ID" id="User_ID" value="<?php echo $_SESSION['User_ID'];?>"/>
</p>