Hi, I know relatively little about php and am attempting to set up an account-based website with certain webpages being protected.

Everything seems to be working fine with my members.php page, which is in the same directory of my hosting account as the login.php and checklogin.php files. It does what I want it to do which is to check if the user is logged in and, if so, to display the members.php page; but if the user is not logged in it redirects them the the login.php page. My problem is that I want a couple of pages in other directories in my hosting account to work in the same manner.

members.php, login.php, and checklogin.php are all in the base directory ( /members.php; /login.php; /checklogin.php). One of the pages I want to protect is located at /members/gallery/hideout/index.html

What code would I need to put in that non-base directory file in order for it to act like the members.php file which is working fine?



Here are the scripts I'm using:

----------------------------------------------------------------

members.php:

<?php
session_start();
if(!session_is_registered(Username)){
header("location: http://www.nemovoid.com/login.php";);
}
?>

<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Nemo Void</title>
<script language="javascript">AC_FL_RunContent = 0;</script>
<script src="AC_RunActiveContent.js" language="javascript"></script>
</head>
<body bgcolor="#000000">

<center>

<br><br><br>

<!--url's used in the movie-->
<!--text used in the movie-->
<!-- saved from url=(0013)about:internet -->
<script language="javascript">
if (AC_FL_RunContent == 0) {
alert("This page requires AC_RunActiveContent.js.");
} else {
AC_FL_RunContent(
'codebase', 'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0';,
'width', '600',
'height', '450',
'src', 'postlogin',
'quality', 'high',
'pluginspage', 'http://www.macromedia.com/go/getflashplayer';,
'align', 'middle',
'play', 'true',
'loop', 'true',
'scale', 'showall',
'wmode', 'window',
'devicefont', 'false',
'id', 'postlogin',
'bgcolor', '#000000',
'name', 'postlogin',
'menu', 'false',
'allowFullScreen', 'false',
'allowScriptAccess','sameDomain',
'movie', 'postlogin',
'salign', ''
); //end AC code
}
</script>
<noscript>
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0"; width="600" height="450" id="postlogin" align="middle">
<param name="allowScriptAccess" value="sameDomain" />
<param name="allowFullScreen" value="false" />
<param name="movie" value="postlogin.swf" /><param name="menu" value="false" /><param name="quality" value="high" /><param name="bgcolor" value="#000000" /> <embed src="postlogin.swf" menu="false" quality="high" bgcolor="#000000" width="600" height="450" name="postlogin" align="middle" allowScriptAccess="sameDomain" allowFullScreen="false" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer"; />
</object>
</noscript>
</body>
</html>

----------------------------------------------------------------

login.php:

<html>

<head>

<title>Nemo Void :: login! </title>

<style type="text/css">

text {
font-family: verdana, arial, helvetica; color: #ffffff
}

A:link {
COLOR: #33cc33; FONT-FAMILY: Verdana, Arial, Helvetica
}
A:visited {
COLOR: #33cc33; FONT-FAMILY: Verdana, Arial, Helvetica
}
A:active {
COLOR: #33cc33; FONT-FAMILY: Verdana, Arial, Helvetica
}
A:hover {
COLOR: #33cc33; FONT-FAMILY: Verdana, Arial, Helvetica
}
INPUT {
BORDER-RIGHT: yellow 1px solid; BORDER-TOP: yellow 1px solid; FONT-SIZE: 8pt; BORDER-LEFT: yellow 1px solid; COLOR: yellow; BORDER-BOTTOM: yellow 1px solid; FONT-FAMILY: Verdana, Arial, Helvetica; BACKGROUND: #000000
}
-->

</style>

</head>

<body text="#ffffff" bgcolor="#000000">

<center>

<img src="http://www.nemovoid.com/images/login.jpg">;

<br><br><br>

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#000000">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#000000">
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="Username" type="text" id="Username"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="Password" type="password" id="Password"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>


</body>
</html>

----------------------------------------------------------------

checklogin.php:

<?php
$host="EDITED OUT FOR THIS POST"; // Host name
$sqlusername="EDITED OUT FOR THIS POST"; // Mysql username
$sqlpassword="EDITED OUT FOR THIS POST"; // Mysql password
$db_name="EDITED OUT FOR THIS POST"; // Database name
$tbl_name="EDITED OUT FOR THIS POST"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$sqlusername", "$sqlpassword")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$Username=$_POST['Username'];
$Password=$_POST['Password'];

// To protect MySQL injection (more detail about MySQL injection)
$Username = stripslashes($Username);
$Password = stripslashes($Password);
$Username = mysql_real_escape_string($Username);
$Password = mysql_real_escape_string($Password);

$sql="SELECT * FROM $tbl_name WHERE username='$Username' and password='$Password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $Username and $Password, table row must be 1 row

if($count==1){
// Register $Username, $Password and redirect to file "members.php"
session_register("Username");
session_register("Password");
header("location:members.php");
}
else {
echo "Wrong Username or Password";
}
?>

----------------------------------------------------------------

index.html [this is the one in the other directory]:

<?php
session_start();
if(!session_is_registered(Username)){
header("location: http://www.nemovoid.com/login.php";);
}
?>

<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Nemo Void :: Hideout</title>
</head>
<style type="text/css">
html,body {
margin:0;
padding:0;
}
</style>
<body bgcolor="#000000">
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,0,0";
width="100%" height="100%">
<param name="allowFullScreen" value="true" />
<param name="movie" value="http://www.nemovoid.com/members/gallery/hideout/gallery.swf"; />
<param name="quality" value="best" />
<param name="scale" value="noScale" />
<embed src="http://www.nemovoid.com/members/gallery/hideout/gallery.swf"; quality="best" scale="noScale" width="100%" height="100%" allowFullScreen="true" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer"; />
</object>
</body>
</html>

----------------------------------------------------------------


Since I'm using the same:

<?php
session_start();
if(!session_is_registered(Username)){
header("location: http://www.nemovoid.com/login.php";);
}
?>

in both the members.php and the index.html files, why does it work for members.php but not for index.html? I hope I'm asking all of this clearly. As I noted before, I'm really really new to php so please realize that my level of understanding is fairly low. Either a detailed explaination or just the straight code that I'd need to insert would be really, really helpful!

Thanks so much!