无法使用密码保护页面/区域

I'm trying to create a password protected area of a website. I'd like to allow access by checking username and password from a MySql table, then start a session and allow access to a number of pages while the session is active. If someone tries to directly access one of these pages directly, I'd like to redirect them to login page.

My code for the login page is:

     if (isset($_POST['submit']))
        {     
    include("config.php");
    session_start();
    $username=$_POST['username'];
    $password=$_POST['password'];
    $passwordc=md5($password);        

    $query = "SELECT username FROM admin WHERE username='$username' AND password='$passwordc'";
     $result2 = $conn->query($query);

    if ($result2->num_rows != 0) {          

    $_SESSION["username"] = $user;
      echo "<script language='javascript' type='text/javascript'> location.href='admin_view.php' </script>";   
    }else{
      echo "<script type='text/javascript'>alert('User Name Or Password Invalid!')</script>";
    }

    }

It seems to work (correctly redirects if username and password matches, shows alert if not). What I fail to do, is actually protect my pages from display if session is not active.

   session_start();
if (!$_SESSION["username"]) {
    header("Location: login.php");
}

I'm not a programmer or fully-educated web developer. I know HTML and CSS, and I'm barely able to use ready-to-use php and js scripts following readme files. Any help would be greatly appreciated.

modify your login code as

 if (isset($_POST['submit']))
    {     
   include("config.php");
  $username= $crud->escape_string($_POST['username']);
  $password= $crud->escape_string($_POST['password']);
   $passwordc=md5($password); 
   $query = "SELECT username FROM admin WHERE username='$username' AND 
   password='$passwordc'";
   $result2 = $conn->query($query);
  if ($result2->num_rows != 0) { 
   session_start();         
  $_SESSION["username"] = $user;
  header("Location:admin_view.php");   
}else{
  $Message = urlencode("user name password invalid!");
                      header("Location:login.php?Message=".$Message);
}
   }

if your values successfully stored in session then you can use like

session_start();
if(!isset($_SESSION['username'])) 
  {
  header("Location: login.php");  
  }

on everypage top you must store name from query into session