Help With Login Scripts

I'm very new with PHP, i just design my login page. But seems like i can't login using my own email and password. Can any one tell me where i'm doing wrong. Can any one help with this.Thanks . The scripts i'm using is as follows:


<?php
//
// db.private
// This file holds the $username and $password variables etc
// Read how to protect your password in db.private/db.inc
//
$hostname = "localhost";
$databaseName = "xxxxxxx"; // Change these values to your own database name
$username = "xxxxx"; // user id and password.
$password = "xxxxxx";
?>


<?php
// *** Start the session
session_start();
// *** Validate request to log in to this site.
$FF_LoginAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && $HTTP_SERVER_VARS['QUERY_STRING']!="") $FF_LoginAction .= "?".$HTTP_SERVER_VARS['QUERY_STRING'];
if (isset($HTTP_POST_VARS['email'])) {
$FF_valUsername=$HTTP_POST_VARS['email'];
$FF_valPassword=$HTTP_POST_VARS['password'];
$FF_fldUserAuthorization="";
$FF_redirectLoginSuccess="bookings/yourbookings.php";
$FF_redirectLoginFailed="failedlogin.php";
$FF_rsUser_Source="SELECT Email, password ";
if ($FF_fldUserAuthorization != "") $FF_rsUser_Source .= "," . $FF_fldUserAuthorization;
$FF_rsUser_Source .= " FROM customer WHERE Email='" . $FF_valUsername . "' AND password='" . $FF_valPassword . "'";
$connection = mysql_connect($hostname,$username,$password);
mysql_select_db($databaseName, $connection);
$FF_rsUser=mysql_query($FF_rsUser_Source, $connection) or die(mysql_error());
$row_FF_rsUser = mysql_fetch_assoc($FF_rsUser);
if(mysql_num_rows($FF_rsUser) > 0) {
// username and password match - this is a valid user
$MM_Username=$FF_valUsername;
session_register("MM_Username");
if ($FF_fldUserAuthorization != "") {
$MM_UserAuthorization=$row_FF_rsUser[$FF_fldUserAuthorization];
} else {
$MM_UserAuthorization="";
}
session_register("MM_UserAuthorization");
if (isset($accessdenied) && false) {
$FF_redirectLoginSuccess = $accessdenied;
}
mysql_free_result($FF_rsUser);
session_register("FF_login_failed");
$FF_login_failed = false;

$resouser = $_POST['email'];
$resouser = stripslashes($resouser);
session_register('resouser');
$_SESSION['resouser'] = $resouser;

header ("Location: $FF_redirectLoginSuccess");
exit;
}
mysql_free_result($FF_rsUser);
session_register("FF_login_failed");

$FF_login_failed = true;
header ("Location: $FF_redirectLoginFailed");
exit;
}
?>

In the future, wrap your PHP code in [php][/php] tags

Are you getting an error?
What's happening?

Thanks For Reply.
The error i'm getting is when i put my email and password. It's generate the same page but emty Email and passowrd field.
So seems like its checking the database but not displaying it. But if i put wrong email and passowrd just came back with
your email and passowrd not registered.
Thanks

I trust you've put the X's in the DB variables for masking reasons right?
I ask because it appears your code was generated by Macromedia or something similar [often people forget to update those variables]

What's at bookings/yourbookings.php?
Is that your form, or is that the page you expect to see after logging in correctly?

It's possible that yourbookings.php isn't receiving the session variables properly so it's throwing you back to the login form.

Thats's right the x is just for masking reason. And after login page sucessful i like to see yourbooking.php.
The coding for yourbooking.php as follows:



<?php
//
// db.private
// This file holds the $username and $password variables etc
// Read how to protect your password in db.private/db.inc
//
$hostname = "studb.cms.gre.ac.uk";
$databaseName = "xxxxxx"; // Change these values to your own database name
$username = "xxxxxx"; // user id and password.
$password = "xxxxxxx";
?>

<?php
// *** Logout the current user.
$FF_Logout = $HTTP_SERVER_VARS['PHP_SELF'] . "?FF_Logoutnow=1";
if (isset($HTTP_GET_VARS['FF_Logoutnow']) && $HTTP_GET_VARS['FF_Logoutnow']=="1") {
session_start();
session_unregister("MM_Username");
session_unregister("MM_UserAuthorization");
$FF_logoutRedirectPage = "../logout.php";
// redirect with URL parameters (remove the "FF_Logoutnow" query param).
if ($FF_logoutRedirectPage == "") $FF_logoutRedirectPage = $HTTP_SERVER_VARS['PHP_SELF'];
if (!strpos($FF_logoutRedirectPage, "?") && $HTTP_SERVER_VARS['QUERY_STRING'] != "") {
$FF_newQS = "?";
reset ($HTTP_GET_VARS);
while (list ($key, $val) = each ($HTTP_GET_VARS)) {
if($key != "FF_Logoutnow"){
if (strlen($FF_newQS) > 1) $FF_newQS .= "&";
$FF_newQS .= $key . "=" . urlencode($val);
}
}
if (strlen($FF_newQS) > 1) $FF_logoutRedirectPage .= $FF_newQS;
}
header("Location: $FF_logoutRedirectPage");
exit;
}

// *** Restrict Access To Page: Grant or deny access to this page
$FF_authorizedUsers=" ";
$FF_authFailedURL="../login.php";
$FF_grantAccess=0;
session_start();
if (isset($HTTP_SESSION_VARS["MM_Username"])) {
if (true || !(isset($HTTP_SESSION_VARS["MM_UserAuthorization"])) || $HTTP_SESSION_VARS["MM_UserAuthorization"]=="" || strpos($FF_authorizedUsers, $HTTP_SESSION_VARS["MM_UserAuthorization"])) {
$FF_grantAccess = 1;
}
}
if (!$FF_grantAccess) {
$FF_qsChar = "?";
if (strpos($FF_authFailedURL, "?")) $FF_qsChar = "&";
$FF_referrer = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && strlen($HTTP_SERVER_VARS['QUERY_STRING']) > 0) $FF_referrer .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
$FF_authFailedURL = $FF_authFailedURL . $FF_qsChar . "accessdenied=" . urlencode($FF_referrer);
header("Location: $FF_authFailedURL");
exit;
}

$colname_Bookings = "1";
if (isset($HTTP_SESSION_VARS['resouser'])) {
$colname_Bookings = (get_magic_quotes_gpc()) ? $HTTP_SESSION_VARS['resouser'] : addslashes($HTTP_SESSION_VARS['resouser']);
}
$connection = mysql_connect($hostname,$username,$password);
mysql_select_db($databaseName, $connection);
$query_Bookings = sprintf("SELECT ConfirmID, ReservationDate, ExpectedCheckinDate, RoomRate FROM reservation WHERE CustomerEmail = '%s'", $colname_Bookings);
$Bookings = mysql_query($query_Bookings, $connection) or die(mysql_error());
$row_Bookings = mysql_fetch_assoc($Bookings);
$totalRows_Bookings = mysql_num_rows($Bookings);
?>

When you post code, try wrapping it in [php][/php] tags; this will keep your indentation and colorize your code making it easier for us to read.

the first peice of code you posted says:
$FF_redirectLoginSuccess="bookings/yourbookings.php";

you were just calling it "yourbooking.php"... might there be a spelling mistake in your code?

Sorry the second scripts taken from:

bookings/yourbookings.php";


I checked this no spelling mistake