ok ive made a script for login. i cant get it to work though.

ive managed to get it so i can login to the first page but im having trouble with the session. when i go to another page it asks me to login in again :(

here is the code:
<?
include"connect.php";
session_start(); // start session.
?>

<html>
<head>
<title>Login</title>
<head>
<body>
<?

if (!isset($_POST['username']) | !isset($_POST['password'])){
// escape from php mode.
?>
<form action="<? $_SERVER['PHP_SELF']?><? if($_SERVER['QUERY_STRING']){ echo"?". $_SERVER['QUERY_STRING'];}?>" method="POST">
<p align="center">Members only. Please login to access this document.</p>
<table align="center" border="0">
<tr>
<th>
Username:
</th>
<th>
<input type="text" name="username">
</th>
</tr>
<tr>
<th>
Password:
</th>
<th>
<input type="password" name="password">
</th>
</tr>
<tr>
<th colspan="2" align="right">
<input type="submit" value="Login">
</form>
</th>
</tr>
</table>
</body>
</html>
<?
exit();
}

// If all is well so far.
$username = $_POST['username'];
$password = $_POST['password'];
//session_register("username");
//session_register("password"); // register username and password as session variables.

// Here you would check the supplied username and password against your database to see if they exist.

$sql = "SELECT password FROM Users WHERE Username = '$username' AND Password = '$password'";
$fetch_em = odbc_exec($sqlconnect, $sql);
$numrows = odbc_fetch_row($fetch_em);

if($numrows != "0") {
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$valid_user = 1;
}
else {
$valid_user = 0;
}

// If the username exists and pass is correct, don't pop up the login code again.
// If info can't be found or verified....

if (!($valid_user))
{
session_unset(); // Unset session variables.
session_destroy(); // End Session we created earlier.
// escape from php mode.
?>
<form action="<? $_SERVER['PHP_SELF']?><? if($_SERVER['QUERY_STRING']){ echo"?". $_SERVER['QUERY_STRING'];}?>" method="POST">
<p align="center">Incorrect login information, please try again. You must login to access this document.</p>
<table align="center" border="0">
<tr>
<th>
Username:
</th>
<th>
<input type="text" name="username">
</th>
</tr>
<tr>
<th>
Password:
</th>
<th>
<input type="password" name="password">
</th>
</tr>
<tr>
<th colspan="2" align="right">
<input type="submit" value="Login">
</form>
</th>
</tr>
</table>
</body>
</html>
<?
exit();
}
?>

where am i going wrong?

if (!isset($_POST['username']) | !isset($_POST['password'])){

You need two || not |

Try that first and then if it doesn't work, come back.

opps i missed that but it still doesnt work

I would rewrite the code so all html output is AFTER the php code. I'm betting something is mixed up in there. Also refrain from using php short tags, use <?php instead of <? and <?php echo instead of <?=.

I shifted your code around and found out that the reason why it wont validate the second time is because you werent grabbing the user and pass from the session.

<?php
include"connect.php"; //no html output should be in this file or session_start() will return an error.
session_start(); // start session.
$valid_user = false;//declare $valid_user before any processing.
if (isset($_POST['username']) && isset($_POST['password'])){
//grab user from POST
$username = $_POST['username'];
$password = $_POST['password'];
}
else
{
//grab user from session
$username = $_SESSION['username'];
$password = $_SESSION['password'];
}
//validate user
if($username != NULL && $password != NULL) {
$sql = "SELECT password FROM Users WHERE Username = '$username' AND Password = '$password'";
$fetch_em = odbc_exec($sqlconnect, $sql);
$numrows = odbc_fetch_row($fetch_em);

if($numrows != "0") {
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$valid_user = 1;
}
else {
$_SESSION['password'] = NULL;
$_SESSION['username'] = NULL;
}
}
// escape from php mode.
if(!$valid_user)
{
?>
<html>
<head>
<title>User Login</title>
</head>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; if($_SERVER['QUERY_STRING']){ echo"?". $_SERVER['QUERY_STRING'];}?>" method="POST">
<p align="center">Members only. Please login to access this document.</p>
<table align="center" border="0">
<tr>
<th>
Username:
</th>
<th>
<input type="text" name="username" />
</th>
</tr>
<tr>
<th>
Password:
</th>
<th>
<input type="password" name="password" />
</th>
</tr>
<tr>
<th colspan="2" align="right">
<input type="submit" value="Login" />
</form>
</th>
</tr>
</table>
</body>
</html>
<?php
exit();
}

// If all is well so far.
//should be logged in.
?>