hey guys,

I have a script which is :



<?php
include "connection.php";

// Connect to server and select databse.
if (!$con)
{
die('Could not connect: ' . mysql_error() );
}
mysql_select_db($db, $con);

// username and password sent from signup form
$user=$_POST['myusername'];
$pass=$_POST['password'];

$sql="SELECT * FROM our_info WHERE username='$user' and password='$pass'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $user, $pass and redirect to file "failed.html"
session_register("$user");
session_register("$pass");
header("location:../main.php");
}
else {
header("location:../failed.html");
}
?>

and then on the next page i have this:



<?
session_start();
$t = date("h:i:s", time());
$_SESSION['admin_login_time'] = $t;
$_SESSION['myusername'] = $user;
if(!session_is_registered(myusername)){
header("location:index.php");
}
?>


Why doesnt it display the $user and how do i get it to show the login time rather than the current time?

can anyone help?

session_register() is pretty much deprecated now. Just call session_start() and write to the $_SESSION array.
$user=$_POST['myusername'];
$pass=$_POST['password'];

$sql="SELECT * FROM our_info WHERE username='$user' and password='$pass'"; SQL injection vulnerability. You forgot to validate your input.
header("location:../main.php"); The value of the Location header must be an absolute URL.