Originally Posted by Angrypoonani
You first do not need to set the $_SESSION as global; it is a super global already and can be accessed at any time.
will not work as all header commands must be output before any other output. In your example the HTML and BODY tags will have already output so the header redirect will not work and should throw a warning.
You should do a 'Not logged In' check at the very top of your php page. make sure that you do not have any whitespace or anything output before you issue the header redirect.
I also wonder where you are storing your password. You should never store just a clear text password in a file or a database record instead HASH and SALT the stored password and then verify when the user enters their username, and password that you run the HASH with the same SALT to verify that they match otherwise you redirect.
Your use of globals is worrisome.