I have tried placing this script in several different places whithin the HTMl but, still I don't get any results. Any ideas?

Try putting a space in here afetr Location:, eg,
header ("Location:http://members.example.com");

header ("Location: h*tp://members.example.com");

Still didn't do anything. The page opens up as if there is no script in it at all. Any ideas?

Does anyone have any ideas?

I think your redirect is failing and then because you have your html NOT in an else clause of your if test it just falls through so it looks like you always get the same response.

Add an else clause and then see what happens

This will tell you if you have a problem with the redirect not working or if the if test is not working.

I don't understand. It still shouldn't open the page I am trying to password protect should it?

Produces the same results with an "if" statement. It opens the HTML page like there is no script present.

Hi Joe,

At this point I like to put in some echo statements to do some debugging. My guess is that the $_SESSION['username'] checks are not doing what you think they should be doing.

<?php
session_start();
$newip = $_SERVER['REMOTE_ADDR'];

if (isset($_SESSION['username']) echo "username is set<br>";
if (empty($_SESSION['username']) echo "username is empty<br>";
echo "newip = $newip<br>";

if (!isset($_SESSION['username']) ¦¦
empty($_SESSION['username']) ¦¦ $newip!= $_SESSION['ip']) {
echo "I should be redirecting";
header ("Location:http://members.example.com");
exit; // My other suggestion is to put in this exit statement
}
?>

Its sounds like your if test is not working properly so the redirect isnt getting executed. Because the redirect does not execute your script finsihes and then runs straight on to the html underneath it.

Try the code below, which will only show the html when the if statement fails

<?php
session_start();
$newip = $_SERVER['REMOTE_ADDR'];
if (!isset($_SESSION['username']) ¦¦
empty($_SESSION['username']) ¦¦ $newip!= $_SESSION['ip']) {
header ("Location:http://members.example.com");
}else{
?>
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>TITLE</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>

<body>
</body>
</html>
<?php
}
?>

"; if (empty($_SESSION['username']) echo "username is empty
"; echo "newip = $newip
"; if (!isset($_SESSION['username']) ¦¦ empty($_SESSION['username']) ¦¦ $newip!= $_SESSION['ip']) { echo "I should be redirecting"; header ("Location:http://members.example.com"); exit; // My other suggestion is to put in this exit statement }?>

This is the message I receive when I follow Timotheos example

Robber,
The page just opens when I use your script. It is still doing the same thing as when I first reported the problem. Any other suggestions?

Yes that is useful, it means your if test is not evaluating to true. So none of those 3 conditions are being met.

You are getting that output from the other suggestion as there are a couple of brackets missing. Try

<?php
session_start();
$newip = $_SERVER['REMOTE_ADDR'];

if (isset($_SESSION['username'])) echo "username is set<br>";
if (empty($_SESSION['username'])) echo "username is empty<br>";
echo "newip = $newip<br>";

if (!isset($_SESSION['username']) ¦¦
empty($_SESSION['username']) ¦¦ $newip!= $_SESSION['ip']) {
echo "I should be redirecting";
header ("Location:http://members.example.com");
exit; // My other suggestion is to put in this exit statement
}
?>

Also, just to confirm, if you have logged in then it is working as it should, could that be the case?

Your if test is saying if any (NOT ALL) of the following is true redirect, otherwise display the html:
* There is no username set for the session
* The username for the session is empty
* The ip stored in the session doesn't match that of the ip currently making the request

So why not try adding the following just above your if test to see what is going on:

print "<p>Username = {$_SESSION['username']}</p>";
print "<p>Session IP = {$_SESSION['ip']}</p>";
print "<p>Remote Addr = {$_SERVER['REMOTE_ADDR']}</p>";

We'd expect the first to print out a username and the second and third to print the same IP.

Robber here is the response to message #14. This is what displays in the browser.

"; if (empty($_SESSION['username'])) echo "username is empty
"; echo "newip = $newip
"; if (!isset($_SESSION['username']) ¦¦ empty($_SESSION['username']) ¦¦ $newip!= $_SESSION['ip']) { echo "I should be redirecting"; header ("Location:http://members.example.com"); exit; // My other suggestion is to put in this exit statement }?>

Username = {$_SESSION['username']}

"; print "

Session IP = {$_SESSION['ip']}
"; print "

Remote Addr = {$_SERVER['REMOTE_ADDR']}
"; if (!isset($_SESSION['username']) ¦¦ empty($_SESSION['username']) ¦¦ $newip!= $_SESSION['ip']) { header ("Location:http://members.example.com"); }?>

This is the message I receive when I tried your second example.
When I login I can view the page I want but, when I am not logged in I can still type the URL in and access it that way.

What I want to do is if I am logged in be allowed access to the page but, if I am not logged in that I would be redirected to the login page. Make Sense? Have I went about this the wrong way?

Are you sure you have php enabled? Doesn't seem to be parsing any of the php.

How do I make sure that the PHP is enabled?

This is the error message I receive when I run the following script.
Parse error: parse error, unexpected T_STRING on Line 7

I couldn't see what the problem might be? Instead of this being in the HTML file I saved the whole page as PHP. Maybe that was why it wouldn't Parse before. Any suggestions for line 7?

<?php
session_start();
$newip = $_SERVER['REMOTE_ADDR'];
print "<p>Username = {$_SESSION['username']}</p>";
print "<p>Session IP = {$_SESSION['ip']}</p>";
print "<p>Remote Addr = {$_SERVER['REMOTE_ADDR']}</p>";
if (!isset($_SESSION['username']) ¦¦
empty($_SESSION['username']) ¦¦ $newip!= $_SESSION['ip']) {
header ("Location:http://members.example.com");
}
?>

These forum pages break the pipe character ( ¦ ) so you need to rekey them if you copy and paste code. That's probably your issue, you are copying and pasting and getting the broken pipe.

Thanks Coopster! That fixed it.

Last question. Using this script any user once logged in can type out another users URL and it opens. Is there a way to get more specific and make sure that only if designated users are logged in their specific page will only be viewed by them. So if another user is logged in and tries to access someone elses page they will not be allowed access?

<?php
session_start();
$newip = $_SERVER['REMOTE_ADDR'];
if (!isset($_SESSION['username']) ¦¦
empty($_SESSION['username']) ¦¦ $newip!= $_SESSION['ip']) {
header ("Location:http://members.example.com");
}
?>

Any Help on how to make sure only certain pages can be viewed by certain users?

It is fixed. I added this line ¦¦ ($_SESSION['username']!='guest')

It seemed to work fine. Thanks everyone for your help!