I am able to login to my user page and admin page without giving password and username. when usertype is selected and click on login both are getting loggedin. here is my login.php code
<?php
$servername="SERVER";
$username="USER";
$password="PWD";
$dbname="DB";
$conn = mysqli_connect($servername, $username, $password, $dbname);
echo("conneciton");
if(isset($_POST['Login'])){
$user=$_POST['user'];
$pass = $_POST['pass'];
$usertype=$_POST['usertype'];
$query = "SELECT * FROM multiuserlogin WHERE username='".$user."' and password = '".$pass."' and usertype='".$usertype."'";
$result = mysqli_query($conn, $query);
if($result){
while($row=mysqli_fetch_array($result)){
echo'<script type="text/javascript">alert("you are login successfully and you are logined as ' .$row['usertype'].'")</script>';
}
if($usertype=="admin"){
?>
<script type="text/javascript">
window.location.href="index.php"</script>
<?php
}else{
?>
<script type="text/javascript">
window.location.href="user.php"</script>
<?php
}
}else{
echo 'no result';
}
}
?>
<html>
<head>
<!-- title and meta -->
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>admin</title>
<!-- /title and meta -->
<script src="js/jquery.js"></script>
<!-- Bootstrap -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<!-- Include all compiled plugins (below), or include individual files as needed -->
<script src="js/bootstrap.min.js"></script>
<link href="css/adminindex.css" rel="stylesheet">
</head>
<body class='bg-image'>
<center><div class="col-md-4 col-sm-4 col-xs-10 formclass">
<form action="" method="post" name="Login_Form">
<table>
<tr>
<td colspan="2" align="left" valign="top"><h3>Login</h3></td>
</tr>
<tr>
<td valign="top">Username:</td><td><input type="text" name="user" placeholder="enter your username"
</td>
</tr>
<tr>
<td >Password:</td><td><input type="text" name="pass" placeholder="enter your password"</td>
</tr>
<tr>
<td>
Select user type:</td><td> <select name="usertype">
<option value="admin">admin</option>
<option value="user">user</option>
</select>
</td>
</tr>
<tr>
<td><input type="submit" name="Login" value="Login"></td>
</tr>
</table>
</form> </div>
</center>
</body>
</html>
my database table name is multiuserlogin and column are username password usertype
Please help me on this, i need to verify my username password and then only able to login
Your if statement
if($result){
is always true, because it contains the query not the results. So you are logged in as the usertype you have selected.
Adjust the db information and try this out:
$conn = new mysqli("SERVER", "USER", "PWD", "DB");
if (!$conn->connect_error) {
echo("connected");
if(isset($_POST['Login'])){
$user = $_POST['user'];
$pass = $_POST['pass'];
$query = "SELECT * FROM multiuserlogin WHERE username='".$user."' and password = '".$pass."' LIMIT 1";
$result = $conn->query($query);
$logged_user = $result->fetch_array(MYSQLI_ASSOC);
$conn->close();
if(is_array($logged_user) && $logged_user['username'] == $user) {
echo '<script type="text/javascript">alert("you are login successfully and you are logined as ' . $logged_user['usertype'] .'")</script>';
if($logged_user['usertype'] == "admin"){
echo '<script type="text/javascript">window.location.href="index.php"</script>';
} else {
echo '<script type="text/javascript">window.location.href="user.php"</script>';
}
} else {
echo 'no result';
}
}
}
Dont forget to validate for preventing SQL injections.
Related
I can't get the users name to get updated or to deleted the user. Whatever i try doesn't work. When i click on the update button it just goes to the index page and nothing happens and the same happens when i click on the delete button too.
this is the codes i have on my server.php page:
<?php
session_start();
// initializing variables
$idmedlemmer = "";
$brukernavn = "";
$email = "";
$fornavn = "";
$etternavn = "";
$errors = array();
// connect to the database
$db = mysqli_connect("localhost", "root", "", "mymusic");
// Update User
if (isset($_POST['update'])) {
// receive all input values from the form
$brukernavn = mysqli_real_escape_string($db, $_POST['brukernavn']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($brukernavn)) { array_push($errors, "Feltet kan ikke være tomt"); }
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT brukernavn FROM medlemmer LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['brukernavn'] === $brukernavn) {
array_push($errors, "Brukernavn eksisterer allerede");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
mysqli_query($db, "UPDATE medlemmer SET brukernavn='$brukernavn' WHERE idmedlemmer=$idmedlemmer");
$_SESSION['message'] = "Brukernavnet har blitt oppdatert";
header('location: index.php');
}
}
// ...
// ...
// Delete User
if (isset($_GET['brukernavn']))
if (isset($_GET['slett'])) {
$query = sprintf("DELETE FROM medlemmer WHERE idmedlemmer='%s'");
mysqli_query($db, $query);
$_SESSION['brukernavn'] = $brukernavn;
$_SESSION['success'] = "Bruker har blitt slettet";
header('location: Login.php');
}
?>
And this is what i have on my update page:
<?php include('server.php')?>
<?php
if (isset($_GET['update'])) {
$brukernavn = $_GET['update'];
$record = mysqli_query($db, "SELECT * FROM medlemmer WHERE brukernavn=$brukernavn");
if (count($record) == 1 ) {
$n = mysqli_fetch_array($record);
$name = $n['brukernavn'];
}
}
?>
<html>
<head>
<title>Edit Data</title>
<link rel="stylesheet" type="text/css" href="stilark.css">
<meta charset="utf-8">
</head>
<body>
<form name="form1" method="post" action="index.php">
<table border="0">
<tr>
<td>Name</td>
<td><input type="text" name="brukernavn" value="<?php echo ($_SESSION['brukernavn']); ?>"></td>
</tr>
<tr>
<td><input type="hidden" name="idmedlemmer" value="<?php echo $idmedlemmer;?>"></td>
<td><input type="submit" name="update" value="update"></td>
</tr>
</table>
</form>
and this is what i have on my delete page:
<?php include('Server.php')?>
<!DOCTYPE html>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="stilark.css">
<head>
<title>Slett Bruker</title>
</head>
<body>
Tilbake
<br/><br/>
<form name="form1" method="post" action="index.php">
<table border="0">
<tr>
<td><input type="hidden" name="idmedlemmer" value="<?php echo $_GET['idmedlemmer'];?>"></td>
<td><input type="submit" name="slett" value="slett"></td>
Delete
</tr>
</table>
</body>
</html>
I have tried to check on youtube videoes and read many articles but i just cant seem to get anywhere so i am totaly stuck and appreciate all the help i can get. Hope that you can help me
I have a page with a contact form.
I'm trying to make some error messages appear next to the fields if the fields are empty/invalid. If all fields are OK the field's contents are sent to a database.
The validation itself works. If the fields are empty or invalid it does not submit them into the database. However no error messages are shown next to the fields.
Here are the codes
Page with the contact form named palaute3.php:
<?php
session_start();
$_SESSION["nimiVirhe"]="";
$_SESSION["spostiVirhe"]="";
$_SESSION["palauteVirhe"]="";
$servername = "localhost";
$username = "username";
$password = "passwd";
$dbname = "dbname";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Game Over</title>
<link href="https://fonts.googleapis.com/css?family=Press+Start+2P" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="tyyli1.css"/>
<style type="text/css">
#import url('https://fonts.googleapis.com/css?family=Press+Start+2P');
</style>
</head>
<body>
<div id="container">
<div id="header">
</div>
<div id="menuBG">
</div>
<ul class="navlist">
<li>Etusivu
</li>
<li>Leffat
</li>
<li>Pelit
</li>
<li>Ota yhteyttä
</li>
</ul>
<div id="content">
<h3>Palaute</h3>
<p>Anna Palautetta sivujen ulkonäöstä tai vinkkejä uusiksi arvosteluiksi!</p>
<p><span class="error">Kaikki kentät ovat pakollisia</span></p>
<form method="post" action="validointi.php">
<table width="450px">
<tr>
<td valign="top">
<label for="nimi">Nimi</label>
</td>
<td valign="top">
<input type="text" name="nimi" /><span class="error"><?php echo $_SESSION["nimiVirhe"];?></span>
</td>
</tr>
<tr>
<td valign="top">
<label for="sposti">Sähköposti</label>
</td>
<td valign="top">
<input type="text" name="sposti" /><span class="error"><?php echo $_SESSION["spostiVirhe"];?></span>
</td>
</tr>
<tr>
<td valign="top">
<label for="palaute">Palaute</label>
</td>
<td valign="top">
<textarea name="palaute" maxlength="1000" cols="30" rows="6"></textarea><span class="error"><?php echo $_SESSION["palauteVirhe"];?> </span>
</td>
</tr>
<tr>
<td colspan="2" style="text-align:center">
<input type="submit" value="Lähetä" name="submit">
</td>
</tr>
</table>
</form>
<?php
session_unset();
?>
<p>
Palautteet tähän
</p>
<?php
$sql = "SELECT id, palaute FROM dbtable";
$result = mysqli_query($conn, $sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "id: " . $row["id"]. " - Palaute: " . $row["palaute"]. "<br>";
}
} else {
echo "0 results";
}
$conn->close();
?>
</div>
<div id="footer">
<p>© Game Over 2018 All rights reserved</p>
</div>
</div>
</body>
</html>
Here is the validation:
<?php
session_start();
$_SESSION["nimiVirhe"]="";
$_SESSION["spostiVirhe"]="";
$_SESSION["palauteVirhe"]="";
if (isset($_POST['submit'])) {
if (empty($_POST["nimi"])) {
$_SESSION["nimiVirhe"] = " Nimi on pakollinen.";
}
else {
$nimi = $_POST["nimi"];
$_SESSION["nimi"]=$nimi;
if (!preg_match("/^[a-zA-Z ]*$/",$nimi)) {
$_SESSION["nimiVirhe"] = " Nimi on väärässä muodossa.";
}
}
if (empty($_POST["sposti"])) {
$sposti = $_SESSION["sposti"];
$_SESSION["spostiVirhe"] = " Sähköposti on pakollinen.";
}
else {
$sposti = $_POST["sposti"];
$_SESSION["sposti"]=$sposti;
if (!filter_var($sposti, FILTER_VALIDATE_EMAIL)) {
$_SESSION["spostiVirhe"] = " Sähköpostiosoite on väärässä muodossa.";
}
}
if (empty($_POST["palaute"])) {
$_SESSION["palauteVirhe"] = "<br>Palaute on pakollinen.";
}
else {
$palaute = $_POST["palaute"];
$_SESSION["palaute"]=$palaute;
}
if($_SESSION["nimiVirhe"] == "" && $_SESSION["spostiVirhe"] == "" && $_SESSION["palauteVirhe"] == ""){
header("Location: yhteystesti.php");
return;
} else {
header("Location: palaute3.php");
return;
}
}
?>
The database insertion works fine so I'm not going to include it here.
Any idea what am I doing wrong here?
PS: This is a school assignment and the teacher tried to make it work but couldn't.
Ath the top of your palaute3.php file you have this
$_SESSION["nimiVirhe"]="";
$_SESSION["spostiVirhe"]="";
$_SESSION["palauteVirhe"]="";
So you re-init your session error messages before using this them.
Those 3 lines should be in the validation page, but not in your error page !
Remove that and it will work.
I want that when I select admin and enter username and password it should go to admin.html and if I enter details for student or teacher it goes to student.html and teacher.html respectively.
I am not able to find out the issue in the code. No error is logged but still it's not working. Database is already created in phpmyadmin with name ezgradingsystem that has a table named loginform with columns named ID, username, `password' and 'type' (that will differentiate between admin, teacher and student login).
Still it's not working. When I enter user name and password it takes me back to index.php page.
Here is the code
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Login Form </title>
<link rel="stylesheet" type="text/css" href="style.css">
<link rel="stylesheet" type="text/css" href="styles1.css"
</head>
<body>
<h1>
<span>E</span>
<span>Z</span>
<span> </span>
<span>G</span>
<span>R</span>
<span>A</span>
<span>D</span>
<span>I</span>
<span>N</span>
<span>G</span>
<span> </span>
<span>S</span>
<span>Y</span>
<span>S</span>
<span>T</span>
<span>E</span>
<span>M</span>
</h1>
<div class="loginBox">
<img src="user.png" alt="user" class="user"><br>
<br>
<br>
<br>
<h2 >Log in Here</h2>
<form method="POST" >
<select name = "type">
<option value="-1">Login As
</option>
<option value="Admin">Admin</option>
<option value="Student">Student</option>
<option value="Teacher">Teacher</option>
</select></td>/
<p>Username</p>
<input type="text" name="username" placeholder="Enter your username here">
<p>Password</p>
<input type="password" name="password" placeholder="Enter password here">
<input type="submit" name="" value="Sign In">
</form>
<br><br><br>
</div>
</body>
</html>
<?php
$con =mysql_connect("localhost","root","");
if(!$con)
{
echo "unable to establish connection".mysql_error();
}
$db=mysql_select_db("ezgradingsystem",$con);
if(!$db)
{
echo "Database not found".mysql_error();
}
if(isset($_POST['submit']))
{
$type=$_POST['type'];
$username=$_POST['username'];
$password=$_POST['pwd'];
$query="select * from loginform where username='$username' and password ='$password'and type='$type'";
$result=mysql_query($query);
while($row=mysql_fetch_array($result))
{
if($row['username']==$username && $row['password']==$password && $row['type']=='admin')
{
header("Location: admin.html");
}
elseif($row['username'] ==$username && $row['password']==$password && row['type']=='student')
{
header("Location: student.html");
}
elseif($row['username']==$username && $row['password']==$password && row['type']=='teacher')
{
header("Location: teacher.html");
}
}
}
?>
Maybe you use your type as your condition on if , try use this
`
if(isset($_POST['submit']))
{
$type=$_POST['type'];
$username=$_POST['username'];
$password=$_POST['password'];
$query="select * from loginform where username='$username' and password ='$password'and type='$type'";
$result=mysql_query($query);
while($row=mysql_fetch_array($result))
{
if($type=='Admin')
{
header("Location: admin.html");
}
elseif($type=='Student')
{
header("Location: student.html");
}
elseif($type=='Teacher')
{
header("Location: teacher.html");
}
}
}
?>`
I am creating a website for my Computer Science project.
I am also new to PHP/HTML coding.
Basically, the idea is this. I have a login page which either takes you into the website or doesn't let you in. However, I want the website to tell the user that the username/pass isn't correct when the get rejected.
Here is the login page:
<html>
<link rel="stylesheet" type="text/css" href="Style.css">
<body>
<center>
<h1 style="font-size:70px;">FitnessHub<h1>
<p>Enter Username & Password to get started</P>
<form action="Welcome.php" method="post">
<table>
<tr>
<td><input type="text" name="username" placeholder="Username" style="width:400px;height:30px;"></td>
</tr>
<tr>
<td><input type="password" name="password" placeholder="Password" style="width:400px;height:30px;"></td>
</tr>
</table>
<input type="submit" value="Login" style="width:100px;height:30px;">
<br>
</form>
<img src="fitnesshub.png" alt="logo" style="width:400px;height=300px;">
</center>
</body>
</html>
And here is the welcoming page when you successfully login:
<html>
<link rel="stylesheet" type="text/css" href="Style.css">
<body>
<h1> Hello <?php echo $_REQUEST[username] ?> </h1>
<p style="Font-Size:15px;">FitnessCenter can be used to book customers into multiple services<br>
Use the buttons to start using the database
</p>
<?php
$db = new mysqli("127.0.0.1", "root", "root", "fitnessbooking");
$query= $db->query("select Username from users where Username = '$_POST[username]' and Pass = '$_POST[password]'");
if ($query->num_rows ==1){
echo "";
}
else {
header("Location: http://localhost/pages/login.php");
exit;
}
?>
</body>
</html>
As I said, I am no expert at website stuff so please try to explain things in a way I can understand!
Thanks
In the redirection add ?fail=1 to pass the parameter
header("Location: http://localhost/pages/login.php?fail=1");
In the login page add
<?php
if ( isset($_GET['fail']) && $_GET['fail'] == 1 )
{
echo "Try again:)";
}
?>
Do all things in the login page like this.
<?php
session_start();
if(isset($_SESSION['auth'])){
header('Location: logged_in.php');
die();
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$db = new mysqli("127.0.0.1", "root", "root", "fitnessbooking");
if ($db->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$stmt = $db->prepare('select Username from users where Username = ? and Pass = ?');
$stmt->bind_param('ss', $_POST['username'], $_POST['password']);
$stmt->execute();
if($stmt->num_rows > 0){
$_SESSION['auth'] = true;
header('Location: logged_in.php');
die();
}
else{
$error_message = "Username Or password are invalid";
}
}
?>
<html>
<link rel="stylesheet" type="text/css" href="Style.css">
<body>
<center>
<h1 style="font-size:70px;">FitnessHub<h1>
<p>Enter Username & Password to get started</P>
<?php
//Display the error message
if (isset($error_message)){
echo "<p><strong>$error_message</strong></p>"
}
?>
<form action="Welcome.php" method="post">
<table>
<tr>
<td><input type="text" name="username" placeholder="Username" style="width:400px;height:30px;"></td>
</tr>
<tr>
<td><input type="password" name="password" placeholder="Password" style="width:400px;height:30px;"></td>
</tr>
</table>
<input type="submit" value="Login" style="width:100px;height:30px;">
<br>
</form>
<img src="fitnesshub.png" alt="logo" style="width:400px;height=300px;">
</center>
</body>
</html>
The other page leave like that:
<?php
session_start();
if(!isset($_SESSION['auth'])){
die('Access denied');
}
<html>
<link rel="stylesheet" type="text/css" href="Style.css">
<body>
<h1> Hello User </h1>
<p style="Font-Size:15px;">FitnessCenter can be used to book customers into multiple services<br>
Use the buttons to start using the database
</p>
</body>
</html>
If you want, store the username in the session to have it usable.
Use this sample.
<html>
<link rel="stylesheet" type="text/css" href="Style.css">
<body>
<center>
<?php if((!empty($_GET['login'] )&& ($_GET['login'] == 'false')): ?>
<p>username or password incorrect</P>
<?php endif;?>
<h1 style="font-size:70px;">FitnessHub<h1>
<p>Enter Username & Password to get started</P>
<form action="Welcome.php" method="post">
<table>
<tr>
<td><input type="text" name="username" placeholder="Username" style="width:400px;height:30px;"></td>
</tr>
<tr>
<td><input type="password" name="password" placeholder="Password" style="width:400px;height:30px;"></td>
</tr>
</table>
<input type="submit" value="Login" style="width:100px;height:30px;">
<br>
</form>
<img src="fitnesshub.png" alt="logo" style="width:400px;height=300px;">
</center>
</body>
</html>
And your wellcome page is.
<html>
<link rel="stylesheet" type="text/css" href="Style.css">
<body>
<h1> Hello <?php echo $_REQUEST[username] ?> </h1>
<p style="Font-Size:15px;">FitnessCenter can be used to book customers into multiple services<br>
Use the buttons to start using the database
</p>
<?php
$db = new mysqli("127.0.0.1", "root", "root", "fitnessbooking");
$query= $db->query("select Username from users where Username = '$_POST[username]' and Pass = '$_POST[password]'");
if ($query->num_rows ==1){
echo "";
}
else {
header("Location: http://localhost/pages/login.php?login=false");
exit;
}
?>
</body>
</html>
I am creating a webshop and I have the login working but I ran into a problem. I need to use sessions in order to display and hide certain pages. It's a login screen for the backend of my webshop so it makes sense that it should be secured and hidden from people who aren't allowed to access the backend. I know that I need to start a session at the top of the pagebut then what? I searched Google but I can't find a solution wich I can apply to my code.
<?php
session_start();
*my information*
// Create connection
$conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if(isset($_POST['submit'])) {
$uname = $_POST['username'];
$wwoord = $_POST['wachtwoord'];
$query = "SELECT * FROM Medewerkers WHERE medewerker_username='$uname' && medewerker_password='$wwoord'";
$result = mysqli_query($conn, $query);
if($result) {
$_SESSION['ingelogd'] = true;
echo"U bent ingelogd!";
header("location: index.php");
} else {
echo "Inloggegevens incorrect.";
}
}
?>
<html lang="en"><head>
<meta charset="UTF-8">
<title>Admin panel</title>
<link rel="stylesheet" type="text/css" href="tables.css">
</head>
<body>
<div id="content">
<ul>
<li>Admin panel</li>
<li>Medewerkersoverzicht</li>
<li>Medewerkers toevoegen</li>
<li>Klantenoverzicht</li>
<li>Productoverzicht</li>
<li>Product toevoegen</li>
<li>Reparatieoverzicht</li>
<li>Contactoverzicht</li>
</ul>
<h1>Admin login</h1>
<form role="form" method="post" action="index.php" class="contactForm">
<table>
<tr>
<td><label for="username">Username</label></td>
<td><input type="text" name="username" class="" id="username"> <br><br></td>
</tr>
<tr>
<td><label for="wachtwoord">Wachtwoord</label></td>
<td><input type="password" name="wachtwoord" class="" id="wachtwoord"><br><br></td>
</tr>
<tr>
<td><button type="submit" name="submit" class="button">Inloggen</button><br></td>
</tr>
</table>
</form>
</div>
</html>
Once the session is started check for the existence of the session variable- if it already exists then redirect the user.
<?php
if( !isset( $_SESSION ) ) session_start();
/* if the session already exists, redirect user */
if( isset( $_SESSION['ingelogd'] ) ) header("location: index.php");
/* don't echo content outwith the document body ~ other than suitable head content */
$msg='';
$conn = new mysqli( $dbhost, $dbuser, $dbpass, $dbname );
if ( $conn->connect_error ) die("Connection failed");/* don't reveal too much information about db ! */
if( isset( $_POST['submit'] ) ) {
$uname = $_POST['username'];
$wwoord = $_POST['wachtwoord'];
$query = "SELECT * FROM Medewerkers WHERE medewerker_username='$uname' && medewerker_password='$wwoord'";
/* best practise: don't mix OO & procedural code */
$result = $conn->query( $query );
if( $result ) {
$_SESSION['ingelogd'] = true;
header("location: index.php");
} else {
/* assign error message as a variable to echo later */
$msg="Inloggegevens incorrect.";
}
$conn->close();
}
?>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Admin panel</title>
<link rel="stylesheet" type="text/css" href="tables.css">
</head>
<body>
<div id="content">
<ul>
<li>Admin panel</li>
<li>Medewerkersoverzicht</li>
<li>Medewerkers toevoegen</li>
<li>Klantenoverzicht</li>
<li>Productoverzicht</li>
<li>Product toevoegen</li>
<li>Reparatieoverzicht</li>
<li>Contactoverzicht</li>
</ul>
<h1>Admin login</h1>
<?php
echo $msg;/* error message */
?>
<form role="form" method="post" action="index.php" class="contactForm">
<table>
<tr>
<td><label for="username">Username</label></td>
<td><input type="text" name="username" class="" id="username"><br><br></td>
</tr>
<tr>
<td><label for="wachtwoord">Wachtwoord</label></td>
<td><input type="password" name="wachtwoord" class="" id="wachtwoord"><br><br></td>
</tr>
<tr>
<td><button type="submit" name="submit" class="button">Inloggen</button><br></td>
</tr>
</table>
</form>
</div>
</body>
</html>
Just coverting #Divyesh Savaliya 's comment into code.
<?php session_start(); ?>
<?php if(isset($_SESSION['ingelogd'])){ ?>
// ... the rest of your code in index.php
<?php } else {
header('location: login.php'); // if your login page is login.php
}?>
actually, since you don't fill the session if login fails, it is better to store some information about the user (such as the username or user id) in the session and check using isset instead of storing boolean in the session.
you will want this value later.