PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Furthermore, you should NEVER EVER store a password anywhere! You store a hash of the password + some random salt string (so you keep only an irreversible checksum), NOT the original password.
Finally, you ask why the message "Welcome" appears when you have not logged on: well that's exactly what main.php does (check the if)
giga wrote:Why would i need to put session_start in login.php?
Because you're doing session_register("username").
Which is deprecated by the way, it's better to use $_SESSION['some_name'] = 'some_value';
(edit) oh, I just noticed in the manual that session_start is called implicitly if you didn't do so yourself. But, with the function being deprecated and all, I'd stick to $_SESSION nonetheless.
First of all, this login is terrible. There is no security in the login. For your query you should use sprintf(); Also as mentioned before you need to md5 hash the password in both the login process and in the database it's stored in. easy enough: $password = md5($password); Also you need to begin the session in the login page and start the session based on the username: session_start(); to begin the session and $_SESSION['user'] = $username; So the session holds a value while the user is logged in. If you want an example of a login script I made with full explanations, follow this link: viewtopic.php?f=1&t=129897