I have a registration script created and a database and all that good stuff, but now I am creating a log in script.

Basically what I want to do is for them to enter their password and username, use a query to verify it was correct, and then execute some code otherwise redirect them.

Now if they successfully log in, I want to use a method to be able to check on each page I want them to be logged in and see if they are, well, already logged in.

Now, this would involve cookies, or sessions. I don't know which one I should use. If I use a session, it says I should use the start session function. Now, if I use the start session function on each page, won't that let a person be able to just access a member - only page and just start a session, since start session is on each page? Or am I just looking at it wrong?

And with cookies, how would I verify they are logged in. Would I just check that the cookie exists, and if it does execute whatever code, and if not redirect them?

Extra info is appreciated.

I suggest you use sessions, because some browsers won't support cookies. You can set a session like this:


<?php
session_start();
$_SESSION['remember']=$_POST['uname'];
?>


You can use that inside the verification page for the login part. Then to check if they are there:


<?php
session_start();
if (isset($_SESSION['remember']) && $_SESSION['remember'] != "") {
echo "Logged in as <b>".$_SESSION['remember']."</b>";
}
else {
echo "Not logged in";
}
?>


Make sense?

sessions produce extra server load though. you could always check and if they dont have cookies, then redirect them to a page that uses sessions instead.

Or, give them a choice to use cookies or sessions ;)

Okay, so I check if the session that is started once they log in is set, and if it is, I continue the session, etc. etc. So if I store information like their username in the session (so I could take it out and use it for the game I'm making when they are attacking, buying stuff, etc.), the information would remain there until they log out, which would destroy the session, right? If that is right then I understand now. So start session, name the session, store the username, then the rest of the "must be logged in" pages I make sure the session is set, and whenever I need, retrieve the username and, well, use it.

I'm probably for now going to use sessions, and maybe give them an option later on, which most of the players probably won't even know the difference between sessions or cookies.

No, sessions only last until the session ends, or the browser closes. So giving an option is the best way.

Or, give them a choice to use cookies or sessions ;)
I like your thinking. Although, are most users smart enought o know which would be benefecial, or actually work for them? Maybe just like "If your browser doesnt support cookies, click yes" or something.

how do you do a log ion script iv been trying to figure that out for 6 months now.

I suggest going to http://www.hotscripts.com/ and search for login system tutorial in the user mangement section of the PHP category. ;)