--- Dre <[EMAIL PROTECTED]> wrote: > $username = trim(addslashes($_POST['user_name'])); > $pass = trim(addslashes($_POST['password']));
I recommend using mysql_escape_string() or mysql_real_escape_string() instead of addslashes(). > if((empty($_POST['user_name'])) || (empty($_POST['password']))) > { > header('Location: index.php'); > include("login_form"); > exit(); > } The Location header requires an absolute URL. Also, including login_form wouldn't display the form, even if you remembered to add the file extension. > header('Location: /members/main.php'); Same thing as above with this header. > if ($_SESSION['uname'] = = "") There is no space in the == comparison operator. > header('Location: ../../index.php'); Same thing again with this header. > After I login using the correct user name and password I get > always re-directed to that index page as if I'm not logged in Instead of redirecting when someone isn't logged in, use the following code instead: echo "<p>Cookie: [{$_COOKIE['PHPSESSID']}]</p>"; echo "<p>URL: [{$_GET['PHPSESSID']}]</p>"; It is likely that the browser is not identifying itself. Do you have cookies enabled? Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php