Login Form Trouble

[CoolAsCarlito]

As of right now any user who knows the link to my admin panel can go to it directly. What I want to do is see if the the user is logged in (session exists). And if they are not logged in meaning no session exists then to kick them back to the login.php script.

However on my login page after I log in its as if with the top code goes right back to it for some reason? Any fixes?

index.php (admin page)

PHP Code:

<?php

session_start(); // Access the existing session

// Include the variables page
include ('inc/variables.php');

// If no session is present, redirect the user:
if(!isset($SESSION['id'])) {
    header("Location: login.php");
    exit();
}

?>

login.php

PHP Code:

<?php

if (isset($_POST['submitted'])) {
    
    require_once ('inc/login_functions.php');
    require_once ('inc/dbconfig.php');
    list ($check, $data) = check_login($dbc, $_POST['username'], $_POST['password']);
    
    if ($check) { // OK!
    
    // Set the session data:.
    session_start();
    $_SESSION['id'] = $data['id'];
    $_SESSION['firstname'] = $data['firstname'];
    
    // Store the HTTP_USER_AGENT:
    $SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);
    
    // Redirect:
    $url = absolute_url ('loggedin.php');
    header("Location: $url");
    exit();
    
    }else {
    // Unsuccessful!
    $errors = $data;
    }
    
    mysqli_close($dbc);
    
} // End of the main submit conditional.

include ('inc/login_page.php')

?>

login_page.php

PHP Code:

<?php

// This page prints any errors associated with logging in and creates the login, including the form.

// Prints any error messages, if they exists:
if (!empty($errors)) {
    echo '<h1>Error!</h1>
    <p class="error">The following error(s) occured:<br />';
    foreach ($errors as $msg) {
        echo " - $msg<br />\n";
    }
    echo '</p><p>Please try again.</p>';
}

// Display the form:
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="description" content="Caracole" />
<title>E-Fed Manager</title>
<link HREF="favicon.ico" type="image/x-icon" rel="icon" />
<link HREF="favicon.ico" type="image/x-icon" rel="shortcut icon" />
<link rel="stylesheet" type="text/css" href="css/tripoli.simple.css" media="screen, projection, print" />
<link rel="stylesheet" type="text/css" href="css/base.css" media="screen, projection, print" />
<link rel="stylesheet" type="text/css" href="css/layout.css" media="screen, projection, print" />
<link rel="stylesheet" type="text/css" href="css/style.css" media="screen, projection, print" />
<link rel="stylesheet" type="text/css" href="css/theme.css" media="screen, projection, print" />
<link rel="stylesheet" type="text/css" href="css/icons.css" media="screen, projection, print" />
<script type="text/javascript" SRC="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript">
    //<![CDATA[
    document.write('<link rel="stylesheet" type="text/css" href="css/js/js.css" media="screen, projection, print" />');
    //]]>

$(document).ready(function(){

    $(".close").click(function(){
        $(this).parents(".message").hide("puff");
    });
    
});    


</script>
<!--[if IE]>
        <link rel="stylesheet" type="text/css" href="css/ie/ie.css" media="screen, projection, print" />
    <![endif]-->
     <!--[if lt IE 7]>
    <script src="js/DD_belatedPNG_0.0.7a-min.js" type="text/javascript"></script>
    <script>

        DD_belatedPNG.fix(' #header, h1, h1 a, .close, .field,.paginate .current, .icon, .required-icon');

    </script>
      <link rel="stylesheet" href="css/ie/ie6.css" type="text/css" media="screen, projection"/>
    <![endif]-->
</head>
<body>
    <!-- Content -->
    <div id="login" class="content">    
        <div class="roundedBorders login-box">
            <!-- Title -->
            <div id="title" class="b2">
                <h2>Log In</h2>
                <!-- TitleActions -->
                <div id="titleActions">
                    <div class="actionBlock">
                    <a href="#">Forgot your password ?</a>
                    </div>
                </div>
                <!-- /TitleActions -->
            </div>
            <!-- Title -->
    
            <!-- Inner Content -->
            <div id="innerContent">
                <form action="login.php" method="post">
                    <div class="field">
                        <label for="username">Username</label>
                        <input type="text" class="text" id="username" name="username" />
                    </div>
                    <div class="field">
                        <label for="password">Password</label>
                        <input type="password" class="text" id="password" name="password"/>
                    </div>
                    <div class="clearfix login-submit">
                        <span class="fleft">
                            <input type="checkbox" name="remember-me" id="remember-me" />
                            <label for="remember-me">Remember me</label>
                        </span>
                        <span class="fright">
                            <button class="button" type="submit" name="submit"><strong>Log In</strong></button>
                        </span>
                    </div>
                    <input type="hidden" value="TRUE" name="submitted" />
                </form>
            </div>
            <!-- /Inner Content -->
            <div class="bBottom"><div></div></div>
        </div>
    </div>

</body>
</html>

[firepages]

you need to call session_start() on every page you wish to use sessions... including login.php ... not sure if that's your problem but needs to be there anyway