In auth.php page (which is included in every page). session_start(); if(

1. In auth.php page (which is included in every page).
2. session_start();
3. if(!isset($_SESSION["username"])){
4. header("Location: login.php");
5. exit(); }
6.  
7. session_start();
8.  
9. // If form submitted, insert values into the database.
10. if (isset($_POST['username'])){
11.  
12. $username = stripslashes($_REQUEST['username']); // removes backslashes
13. $username = mysqli_real_escape_string($conn,$username); //escapes special characters in a string
14. $password = stripslashes($_REQUEST['password']);
15. $password = mysqli_real_escape_string($conn,$password);
16.  
17. //Checking is user existing in the database or not
18. $query = "SELECT * FROM `users` WHERE username='$username' and password='".md5($password)."'";
19. $result = mysqli_query($conn,$query) or die(mysql_error());
20. $rows = mysqli_num_rows($result);
21. if($rows==1 ){
22. $_SESSION['username'] = $username;
23. header("Location: index.php"); // Redirect user to index.php
24. }else{
25. header("Location: login.php"); // Redirect user to index.php;
26. }
27. };