how to use cookies to prevent entering a webpage without login

if the user has not logged in, but click to the order page, then it should be redirect to the login page.
yet, it is not functioned as expected. it just hold in the login page, and cannot login or proceed to order page. wt is the problem??


login check:

Code:

---

<?php

if ($_POST['submit']) {
        //get username and password
      $membername = $_POST['loginID_member'];
      $password = $_POST['password_member'];

        if ($email=="correct" && $pass=="correct"){
            setcookie('logged','1');
                    header("Location: order_form.php"); //Redirect to home page
       
  //    else echo "Wrong combinaton!";
//  } 

        exit();
        }
}


$email = $_POST['loginID_member'];
$pass = $_POST['password_member'];
$_SESSION['email']= $_POST['loginID_member'];
//$_SESSION['password']= $_POST['password_member'];
setcookie("email", $email, time()+3600);

if ($email&&$pass)
{
//connect to db
$connect = mysql_connect("127.0.0.1","root","") or die("not connecting");
mysql_select_db("fooddeliveryshop") or die("no db :'(");
$query = mysql_query("SELECT * FROM member WHERE memberemail='$email'");
$numrows = mysql_num_rows($query);


if ($numrows!=0)
{
$match = mysql_query("SELECT * FROM member WHERE memberemail='$email' and memberpw='$pass'");
$numrows2 =  mysql_num_rows($match);
//echo ($match);
  if ($numrows2!=0)
  {
        $row = mysql_fetch_assoc($query);
    $dbusername = $row['memberemail'];
    $dbpassword = $row['memberpw'];
        echo ('Success. Please wait.') ;
        echo($_SESSION['email']);
        echo $_COOKIE['email'];
        if (isset($_COOKIE)) {
    foreach ($_COOKIE as $name => $value) {
        $name = htmlspecialchars($name);
        $value = htmlspecialchars($value);
        echo "$name : $value <br />\n";
                echo ("YES");
    }}
       
    header("Location: order_form.php");
}
    else  die ('<script type="text/javascript">alert("Incorrect username/password!");location.replace("member_login.php")</script>');
       
}
else
  echo "<script>alert('User does not exist!');window.location.href= 'member_login.php';</script>";
}


else
    die('<script type="text/javascript">alert("Please enter a username and password!");location.replace("member_login.php")</script>');


//disconnect with db
  mysql_close($connect);
?>

---

order page:

Code:

---

<?php
session_start();

if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {

header ("Location: member_login.php");

}
?>

---

You're not calling session_start() at the top of your login page.

*SO, it's not setting the session variable that you're checking in the order_form.php page... it's infinitely going to loop back to the login page until the session var is set.

crobinson42's answer should solve your immediate problem.

If you'd like to make that login script more efficient and user-friendly, I'd be happy to offer some additional suggestions.