Still this won't pass the session to the next page.... is there a way to
pass parameters in the url but mask them? maybe that would be easier, since
I do have code that works passing the adminID on the url ...
can a parameter be hashed after the fact? I tried echo-ing the fields on
the next page and they are not passing...
my code that still doesn't work:
<?php
// start session
session_start();
include("inc/dbconn_open.php") ;
$errs = error_reporting ('E_ALL');
if (isset($_POST['UserName'])) {$UserName = $_POST['UserName'];} else
{$UserName = '';}
if (isset($_POST['Password'])) {$Password = $_POST['Password'];} else
{$Password = '';}
$msg = '';
if (!empty($UserName)) {
$sql = "SELECT * FROM admin WHERE UserName ='$UserName' and Password
='$Password' "
or die(mysql_error());
$result = mysql_query ($sql);
$row = mysql_fetch_object ($result);
If (mysql_num_rows($result) > 0) {
$_SESSION['AdminLogin'] = $row['AdminID'];
header ("Location: Main.php");
} else {
$msg = "Invalid Login";
}
}
?>
