View Single Post
  #2 (permalink)  
Old June 2nd, 2008, 03:43 PM
philip_cole philip_cole is offline
Friend of Wrox
Points: 894, Level: 11
Points: 894, Level: 11 Points: 894, Level: 11 Points: 894, Level: 11
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Sep 2005
Location: London, , United Kingdom.
Posts: 166
Thanks: 2
Thanked 33 Times in 33 Posts
Default

I haven't got the book, but I think I've found the source code you are using:
<?php
session_start();
$_SESSION['username'] = $_POST['user'];
$_SESSION['userpass'] = $_POST['pass'];
$_SESSION['authuser'] = 0;

//Check username and password information
if (($_SESSION['username'] == 'Joe') &&
    ($_SESSION['userpass'] == '12345')) {
  $_SESSION['authuser'] = 1;
} else {
  echo "Sorry, but you don't have permission to view this page, you loser!";
  exit();
}
?>

When you run this page, PHP will look for POSTed (form textbox) values named user and pass. If you run it directly without going via login.php, these obviously will not exist, and so you will get the error above.
Also double check that your login.php has <form method="post"> as opposed to method="get" and that the names of the fields correspond to the ones you are using in movie1.php (user and pass).

As an aside, you can add a simple check to make sure the POST values are set before you use them:
<?php
session_start();

<?php
session_start();

if(isset($_POST['user'])) {
  // if the index 'user' is set (exists) in the $_POST array, then use it
  $_SESSION['username'] = $_POST['user'];
}
else {
  // was not set, so set to a empty value
  $_SESSION['username'] = '';
}

// do the same for password
if(isset($_POST['pass'])) {
  $_SESSION['userpass'] = $_POST['pass'];
}
else {
  $_SESSION['userpass'] = '';
}

$_SESSION['authuser'] = 0;

//Check username and password information as before ...

HTH
Phil