here is my code for optverify.php if the input number is wrong its redirect to index.php its not giving error.its should give a error for wrong otp but please help me to solve this issue
<?php
// Create a unique instance of your session variables
session_start();
if(isset($_SESSION['usr_id']))
{
$uid=$_SESSION['usr_id'];
} else {
header("Location:login.php");
}
require_once 'include/DB_Functions.php';
$db = new DB_Functions();
if (isset($_POST['verifyotp'])) {
$otpsms = $_POST['smsotp'];
$otpemail = $_POST['emailotp'];
$user = $db->verifyotp($uid);
if($user){
$user['smsotp'] = $otpsms;
$user['emailotp'] = $otpemail;
header("Location:index.php");
} else {
$errormsg = "Invalid otp";
}
}
?>
and my codes for data base function are below
public function verifyotp($uid){
$stmt = $this->con->prepare("SELECT uid,smsotp,emailotp FROM users WHERE uid = '$uid'");
$stmt->bind_param("i", $uid);
if ($stmt->execute()) {
$stmt->bind_result($uid,$smsotp,$emailotp);
$stmt->fetch();
$user = array();
$user["uid"] = $uid;
$user["smsotp"] = $smsotp;
$user["emailotp"] = $emailotp;
$stmt->close();
return $user;
} else
{
return $stmt;
}
}
Not tested but this should work !! Let me know if this doesn't work. will delete this answer.
Updated
Change this $user = $db->verifyotp($uid); to $user = $db->verifyotp($uid, $otpsms, $otpemail);
then modify your function like below if you are willing to test 3 parameters (1) id (2) smsotp (3) emailotp.
public function verifyotp($uid, $sotp, $eotp){
$stmt = $this->con->prepare("SELECT uid,smsotp,emailotp FROM users WHERE uid = '$uid' And smsotp='$sotp' And emailotp ='$eotp'");
$stmt->bind_param("i", $uid);
if ($stmt->execute()) {
$stmt->bind_result($uid,$smsotp,$emailotp);
$stmt->fetch();
$user = array();
$user["uid"] = $uid;
$user["smsotp"] = $smsotp;
$user["emailotp"] = $emailotp;
$stmt->close();
return $user;
} else
{
return $stmt;
}
}
Related
Hi I am creating an android app and made a fetch API that can get the converted json data
Here's my code
lib.php
public function fetchUserData($username)
{
try
{
$stmt = $this->db->prepare("SELECT * FROM user_profile WHERE username=:username");
$stmt->execute(array(':username' => $username));
$userRows = $stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() > 0)
{
return true;
}
else
{
return false;
}
}
catch(PDOException $ex)
{
echo $ex->getMessage();
}
}
and on my fetch_api.php
<?php
require_once '../database/database.php';
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
// edittext from android
$username = $_POST['username'];
$arr = array();
if($user->fetchUserData($username))
{
$arr['success'] = 1;
$arr['message'] = "Success fetching data";
echo json_encode($arr);
}
else
{
$arr['success'] = 0;
$arr['message'] = "Failed fetching data";
echo json_encode($arr);
}
}
?>
Right now I can successfully get the
{
"success": 1,
"message": "Success fetching data"
}
Now I want to display all of my data like fullname, address, phonenumber etc to be displayed .
When I am trying to do it like this
lib.php
public function fetchUserData($username)
{
try
{
$stmt = $this->db->prepare("SELECT * FROM user_profile WHERE username=:username");
$stmt->execute(array(':username' => $username));
$userRows = $stmt->fetch(PDO::FETCH_ASSOC);
if($userRows)
{
$response["success"] = 1;
$response["message"] = "User Profile";
$response["user"] = array();
foreach($userRows as $rows)
{
$user = array();
$user["username"] = $rows['username'];
$user["fullname"] = $rows['fullname'];
array_push($response["user"], $user);
}
echo json_encode($response);
}
else
{
$response["success"] = 0;
$response["message"] = "Failed Fetching";
die(json_encode($response));
}
}
catch(PDOException $ex)
{
echo $ex->getMessage();
}
}
It's giving me the error saying
illegal string offset warning on username and fullname
I hope I am clear on my problem . Please ask me if my question is not clear so I can edit my question . Thank you.
ADDED
when I directly use json_encode like this
public function fetchUserData($username)
{
try
{
$stmt = $this->db->prepare("SELECT * FROM user_profile WHERE username=:username");
$stmt->execute(array(':username' => $username));
$userRows = $stmt->fetch(PDO::FETCH_ASSOC);
json_encode($userRows);
}
catch(PDOException $ex)
{
echo $ex->getMessage();
}
}
it gives me this result
{"success":0,"message":"Failed fetching data"}
As I understand the problem that you are facing is how to return rows from the class methods, when it should only return true on success and false on fail.
You got something like that:
<?php
class user{
...
public function fetchUserData($username)
{
try
{
$stmt = $this->db->prepare("SELECT * FROM user_profile WHERE username=:username");
$stmt->execute(array(':username' => $username));
$userRows = $stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() > 0)
{
return true;
}
else
{
return false;
}
}
catch(PDOException $ex)
{
echo $ex->getMessage();
}
}
...
}
?>
You need to add a public property like $userRows to it and assign that property with your method:
class user{
public $userRows; // added here
...
public function fetchUserData($username)
{
try
{
$stmt = $this->db->prepare("SELECT * FROM user_profile WHERE username=:username");
$stmt->execute(array(':username' => $username));
$this->userRows = $stmt->fetch(PDO::FETCH_ASSOC); // changed here
And after that you can:
<?php
...
if($user->fetchUserData($username)){
echo json_encode($user->userRows);
}else{
echo "error occured";
}
Hopefully it helped.
I'm currently learning php and trying to write session data to my database without success.
I have a setup with Apache24, PHP 7 environment and Postgresql database.
When I instantiate sessionhandling class ($sess = new sessionhandling) in my other PHP file nothing is written to database. However, when I pass variable to and call the write function ($sess->write), data is written to the database.
(Hope this is not a duplicate of any other questions raised. Done a lot of searches on Stackoverflow and Google, but not found any answers that solve my challenge)
My session handler code is as follows:
<?php
Include(dirname(__DIR__).'\Userstories\db\Connection.php');
class sessionhandling extends Connecting implements SessionHandlerInterface {
public function __construct(){
// Set handler to overide SESSION
session_set_save_handler(
array(&$this, "open"),
array(&$this, "close"),
array(&$this, "read"),
array(&$this, "write"),
array(&$this, "destroy"),
array(&$this, "gc")
);
register_shutdown_function('session_write_close');
// Start the session
session_start();
session_write_close;
}
public function open($save_path, $id) {
if(self::get()->connect()) {
return true;
} else {
return false;
}
}
public function close() {
if(self::get()->connect()->pdo = Null) {
return true;
} else {
return false;
}
}
public function read($id) {
//$pdo = Connecting::get()->connect();
$ipdo = self::get()->connect();
$q_udata = "SELECT data FROM sessions WHERE id=:id";
$stmt=$ipdo->prepare($q_udata);
$stmt->bindvalue(':id', $id);
$stmt->execute();
if($stmt->execute()) {
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$ipdo = NULL;
return $row['data'];
} else {
$ipdo = NULL;
return '';
}
}
public function write($id, $data){
$id = (string) $id;
$data = (string) $data;
$access = time();
$ipdo = self::get()->connect();
$c_id = "SELECT id FROM sessions WHERE id=:id";
$stmt=$ipdo->prepare($c_id);
$stmt->bindvalue(':id', $id);
$stmt->execute();
$idarray=$stmt->fetch(PDO::FETCH_ASSOC);
$row_id = $idarray['id'];
if(empty($row_id)) {
$sessionids = 'INSERT INTO sessions(id, data, access) VALUES(:id, :data, :access)';
$stmt = $ipdo->prepare($sessionids);
$stmt->bindvalue(':id', $id);
$stmt->bindvalue(':access', $access);
$stmt->bindvalue(':data', $data);
$stmt->execute();
session_write_close();
} else {
$rep_data = "UPDATE sessions SET data = :data, access = :access WHERE id = :id";
$stmt=$ipdo->prepare($rep_data);
$stmt->bindvalue(':id', $id);
$stmt->bindvalue(':access', $access);
$stmt->bindvalue(':data', $data);
$stmt->execute();
session_write_close();
}
if($stmt->execute()) {
$ipdo = NULL;
return true;
} else {
$ipdo = NULL;
return false;
}
}
public function destroy($id) {
$ipdo = self::get()->connect();
$del_data = "DELETE FROM sessions WHERE id =:id";
$stmt = $ipdo->prepare($del_data);
$stmt->bindvalue(':id', $id);
$stmt->execute();
if($stmt->execute()) {
$ipdo = NULL;
return true;
} else {
$ipdo = NULL;
return false;
}
}
public function gc($max) {
$old = time() - $max;
$ipdo = self::get()->connect();
$cleanup = "DELETE * FROM sessions WHERE access < :old";
$stmt = $ipdo->prepare($cleanup);
$stmt->bindvalue(':old', $old);
$stmt->execute();
if($stmt->execute()) {
$ipdo = NULL;
return true;
} else {
$ipdo = NULL;
return false;
}
}
}
?>
When I remove the 'implements SessionHandlerInterface' sessionhandling class and remove the parameters $save_path, $id from open function, I get the following error: "Warning: session_start(): Failed to read session data: user (path: ) in C:\Users\Public\Server\Apache24\htdocs\Userstories\sessionhandling.php on line 19"
Is it reuiqred to define the $save_path when using DB for session handling? If so, what should the $save_path be?
Any advise on how to get my session handler to write to DB is very much appreciated.
I made ut work by changing my read function to this and ensuring that a string is returned:
public function read($id) {
//$pdo = Connecting::get()->connect();
$ipdo = self::get()->connect();
$q_udata = "SELECT data FROM sessions WHERE id=:id";
$stmt=$ipdo->prepare($q_udata);
$stmt->bindvalue(':id', $id);
$stmt->execute();
if($stmt->execute()) {
$row = $stmt->fetch(\PDO::FETCH_ASSOC);
$ipdo = NULL;
$data = $row['data'];
return (string) $data;
} else {
$ipdo = NULL;
return '';
}
}
I know this has been pointed out in other posts, but I thought that my $data = $row['data'] would return a string in the first place.
I am making an app that will list employees by a certain store in a listview. My current function in my DB_Functions.php file is:
public function getEmployeeList($name) {
$stmt = $this->con->prepare("SELECT employee_name FROM employees WHERE name = ?");
$stmt->bind_param('s', $name);
if ($stmt->execute()) {
$employee_list = $stmt->get_result()->fetch_assoc();
$stmt->close();
if (empty($employee_list)) {
return NULL;
} else {
return $employee_list;
}
}
}
and in my employees.php file I have the following code:
<?php
require_once 'include/DB_Functions.php';
$db = new DB_Functions();
$response = array('error' => FALSE);
if (isset($_POST['name'])) {
$name = $_POST['name'];
$employee_list = $db->getEmployeeList($name);
if ($employee_list != false) {
$response['error'] = FALSE;
//EMPLOYEE LIST OBJECT HERE
} else {
$response['error'] = TRUE;
$response['error_msg'] = 'No employees have been added to this profile.';
echo json_encode($response);
}
} else {
$response['error'] = TRUE;
$response['error_msg'] = 'You have not logged in to your store\'s account, please log in first.';
echo json_encode($response);
}
?>
I would like to have an employee_list object in the commented space above. Something like:
$response['employee_list']['0'] = $employee_list['0'];
$response['employee_list']['1'] = $employee_list['1'];
$response['employee_list']['2'] = $employee_list['2'];
etc... etc...
After that JSONObject is returned to the android app, the contents will be listed in a listview. I would need a for loop (I think) because the employee number will never be known since each store will be able to add and remove employees as they wish. Can someone point me in the right direction and also advise if I am using the correct approach as far as the rest of the code. Thanks.
First, in your DB_Functions.php, you should be returning the mysqli_result object.
Hence your DB_Functions should be this:
public function getEmployeeList($name) {
$stmt = $this->con->prepare("SELECT employee_name FROM employees WHERE name = ?");
$stmt->bind_param('s', $name);
if ($stmt->execute()) {
// we get the mysqli_result object without calling the fetch_assoc() on it
$result = $stmt->get_result();
$stmt->close();
// if the count is less than 1, no result found, hence return null
if ($result->num_rows < 1) {
return null;
} else {
// we return the mysqli_result object without calling the fetch_assoc() on it
return $result;
}
}
}
In your employees.php, what you want is something like this:
<?php
require_once 'include/DB_Functions.php';
$db = new DB_Functions();
$response = array('error' => FALSE);
if (isset($_POST['name'])) {
$name = $_POST['name'];
$result = $db->getEmployeeList($name);
// do an early check for if result returns null or is not set
if (is_null($result) || !$result) {
$response['error'] = TRUE;
$response['error_msg'] = 'No employees have been added to this profile.';
} else {
$response['error'] = FALSE;
//EMPLOYEE LIST OBJECT HERE
// since $result->fetch_assoc() returns one row at a time, you want to loop through each row and get the appropriate data
while ($row = $result->fetch_assoc()) {
// inject the current into the employee_list array
$response['employee_list'][] = $row;
}
}
} else {
$response['error'] = TRUE;
$response['error_msg'] = 'You have not logged in to your store\'s account, please log in first.';
}
// echo response gets called no matter what
echo json_encode($response);
Hope it helps
I'm trying to set a session variable in php using Slim. I want the users id to be stored as a variable to use elsewhere. I think I have the syntax or order wrong in my functions.
Here is my function to set the variable:
function loadAdmin()
{
//Set new session and save user id to variable
if (!isset($_SESSION)) {
session_start();
}
$app = \Slim\Slim::getInstance();
$token = $app->request->headers->get('token');
$token_exists = getToken_Validate();
if($token_exists) {
$sql = "SELECT id, title AS admin_title, last_name AS admin_last_name
FROM admin WHERE token=:token";
try {
$db = getDB();
$stmt = $db->prepare($sql);
$stmt->bindValue(':token', $token);
$stmt->execute();
$admin = $stmt->fetchAll(PDO::FETCH_OBJ);
$db = null;
echo json_encode($admin);
$_SESSION['uid'] = $stmt['id'];
} catch(PDOException $e) {
echo '{"error":{"text":'. $e->getMessage() .'}}';
}
} else {
echo '{"err": "failed"}';
}
}
Here is my function to use the variable when fetching specific data:
function loadDashboard()
{
session_start();
$uid = $_SESSION['uid'];
$token_exists = getToken_Validate();
if ($token_exists) {
//Get number of rows from multiple tables
$sql = "SELECT
(SELECT COUNT(*) FROM users WHERE id=:uid) AS total_students,
(SELECT COUNT(*) FROM subjects) AS total_subjects,
(SELECT COUNT(*) FROM notes) AS total_notes";
try {
$db = getDB();
$stmt = $db->prepare($sql);
$stmt->bindValue(':uid', $uid);
$stmt->execute();
$users = $stmt->fetchAll(PDO::FETCH_OBJ);
$db = null;
echo json_encode($users);
} catch(PDOException $e) {
echo '{"error":{"text":'. $e->getMessage() .'}}';
}
} else {
echo '{"err": "failed"}';
}
}
The Slim error I get after trying to loadDashboard is:
Undefined index: uid
Sorry if my PHP is awful, any help is appreciated.
Turns out it had nothing to do with Slim.
$_SESSION['uid'] = $stmt['id']; was not storing anything to the variable.
I had to first bind the id column to a variable:
$stmt->bindColumn('id', $uid);
Then I could set that variable as a session variable:
$_SESSION['uid'] = $uid;
Here is the full working function:
function loadAdmin()
{
if (!isset($_SESSION)) {
session_start();
}
$app = \Slim\Slim::getInstance();
$token = $app->request->headers->get('token');
$token_exists = getToken_Validate();
if($token_exists) {
$sql = "SELECT
id,
title AS admin_title,
last_name AS admin_last_name
FROM admin WHERE token=:token";
try {
$db = getDB();
$stmt = $db->prepare($sql);
$stmt->bindValue(':token', $token);
$stmt->execute();
$stmt->bindColumn('id', $uid);
$admin = $stmt->fetchAll(PDO::FETCH_OBJ);
$db = null;
$_SESSION['uid'] = $uid;
echo json_encode($admin);
}
catch(PDOException $e) {
echo '{"error":{"text":'. $e->getMessage() .'}}';
}
}
else {
echo '{"err": "failed"}';
}
}
Basically I have the following website which allows account customers to login to the website by filling in the appropriate details:here
I have created a seperate login page which is identical with the login values already filled in: here
and I have basically added in the following code:
$(document).ready(function(){
$('#btn-login').click();
});
This is so it automatically logs in as a guest when you go to the second link. Although it works okay, when you logout as a guest and try to log back in via the second link it redirects to the first link (login.php) and I can't understand why since all the second link is doing is submitting the correct values.
Is there a better way of doing this or is there a way of preventing this from happening?
If I remove the redirect, if you logout then try to go to the automatic login link, it takes you to the page and has all the details filled in but it doesn't log you in automatically.
Any help would be much appreciated.
See below code for the login (session-controller.php)
<?php
require_once("controllers/server.filter.php");
require_once('models/server.php');
require_once("models/useraccount.php");
require_once("models/sql.php");
class SessionController {
private static $login_status;
private static $redirect_url;
public static $form_action;
## Getters ##
private static function get_loginstatus() {return self::$login_status;}
## Setters ##
private static function set_loginstatus($in_str) {self::$login_status = $in_str;}
## Functions ##
public static function validate_user() {
UserAccount::set_username($_REQUEST['txt-username']);
UserAccount::set_password($_REQUEST['txt-password']);
$pdo = new SQL();
$dbh = $pdo->connect(Database::$serverIP, Database::$serverPort, Database::$dbName, Database::$user, Database::$pass);
try {
// Does user exist?
$query = "SELECT COUNT(UserName) FROM tblusers WHERE UserName = :in_username";
$stmt = $dbh->prepare($query);
$param = Filter::san_str_html(UserAccount::get_username());
$stmt->bindParam(':in_username', $param, PDO::PARAM_STR);
$stmt->execute();
$number_of_rows = $stmt->fetchColumn();
$stmt->closeCursor();
if ($number_of_rows <= 0) {
self::set_loginstatus("The user does not exist in our database, please try again.");
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
} else {
// User verified, check password...
self::verify_password();
}
}
catch (PDOException $pe) {
die("Error: " .$pe->getMessage());
}
$pdo = null;
}
private static function verify_password() {
$pdo = new SQL();
$dbh = $pdo->connect(Database::$serverIP, Database::$serverPort, Database::$dbName, Database::$user, Database::$pass);
try {
// Does the password given match the password held?
$query = "SELECT COUNT(*) FROM tblusers WHERE UserName = :in_username AND Password = :in_password";
$stmt = $dbh->prepare($query);
$param1 = UserAccount::get_password();
$param2 = Filter::san_str_html(UserAccount::get_username());
$stmt->bindParam(':in_username', $param2, PDO::PARAM_STR);
$stmt->bindParam(':in_password', $param1, PDO::PARAM_STR);
$stmt->execute();
$number_of_rows = $stmt->fetchColumn();
}
catch (PDOException $pe) {
die("Error: " .$pe->getMessage());
}
$pdo = null;
if ($number_of_rows == 1) {
$_SESSION['username'] = UserAccount::get_username();
// Begin verification..
self::set_useraccount(true);
} else {
self::set_loginstatus("Verification failed! Password incorrect, please try again.");
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
}
}
private static function verify_account() {
// Account types: 9 = Disabled, 0 = Normal/Restricted, 1 = Administrative
if (UserAccount::get_accounttype() == 9) {
self::set_loginstatus("Verification failed! This account has been disabled."); ## Account disabled
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
} else
// User login types: 9 = Disabled, 0 = Normal/Restricted, 1 = Administrative
if (UserAccount::get_usertype() == 9) {
self::set_loginstatus("Verification failed! This login has been disabled."); ## User login disabled
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
} else {
// Set redirect url here
if (UserAccount::get_accounttype() == 1) {
self::$redirect_url = 'controlpanel.php';
}
if (UserAccount::get_accounttype() == 0 && UserAccount::get_usertype() == 1) {
self::$redirect_url = 'controlpanel.php';
}
if (UserAccount::get_accounttype() == 0 && UserAccount::get_usertype() == 0) {
self::$redirect_url = 'newbooking.php';
}
// All ok, set user and account properties
return true;
}
}
public static function set_useraccount($redirect_bool) {
// If username session is set...
if (isset($_SESSION['username'])) {
UserAccount::set_username($_SESSION['username']);
// Query Database for the rest of the data
$pdo = new SQL();
$dbh = $pdo->connect(Database::$serverIP, Database::$serverPort, Database::$dbName, Database::$user, Database::$pass);
try {
$query = "SELECT AccountName
FROM tblusers
WHERE UserName = :in_username";
$stmt = $dbh->prepare($query);
$param1 = UserAccount::get_username();
$stmt->bindParam(':in_username', $param1, PDO::PARAM_STR);
$stmt->execute();
// Parse
$row = $stmt->fetch(PDO::FETCH_BOTH);
$stmt->closeCursor();
}
catch (PDOException $pe) {
die("Error: " .$pe->getMessage());
}
UserAccount::set_accountname($row['AccountName']);
try {
$query = "SELECT a.Id, a.AccountName, a.AccountNumber, a.AccountEmail, a.AccountTel,
a.AccountContact, a.AccountType, a.PaymentType, u.UserName,
u.FullName, u.UserEmail, u.UserTel, u.UserType
FROM tblaccounts a JOIN tblusers u
ON a.AccountName = u.AccountName
WHERE a.AccountName = :in_accname
AND u.UserName = :in_username";
$stmt = $dbh->prepare($query);
$param2 = UserAccount::get_accountname();
$param3 = UserAccount::get_username();
$stmt->bindParam(':in_accname', $param2, PDO::PARAM_STR);
$stmt->bindParam(':in_username', $param3, PDO::PARAM_STR);
$stmt->execute();
// Parse
$row = $stmt->fetch(PDO::FETCH_BOTH);
}
catch (PDOException $pe) {
die("Error: " .$pe->getMessage());
}
// Set properties and sessions variables
UserAccount::set_id($row['Id']);
UserAccount::set_accountname($row['AccountName']);
UserAccount::set_accountnumber($row['AccountNumber']);
UserAccount::set_accountemail($row['AccountEmail']);
UserAccount::set_fullname($row['FullName']);
UserAccount::set_accounttel($row['AccountTel']);
UserAccount::set_accountcontact($row['AccountContact']);
UserAccount::set_accounttype((int)$row['AccountType']);
UserAccount::set_paymenttype((int)$row['PaymentType']);
UserAccount::set_useremail($row['UserEmail']);
UserAccount::set_usertel($row['UserTel']);
UserAccount::set_usertype((int)$row['UserType']);
if (self::verify_account()) {
switch (UserAccount::get_paymenttype()) {
case 0:
$_SESSION['ua-paymenttype-asstr'] = 'Credit/Debit Card';
self::$form_action = 'addressdetails.php';
break;
case 1:
$_SESSION['ua-paymenttype-asstr'] = 'Account';
self::$form_action = 'makebooking.php';
break;
case 2:
$_SESSION['ua-paymenttype-asstr'] = 'Cash';
self::$form_action = 'makebooking.php';
break;
}
switch (UserAccount::get_usertype()) {
case 9:
$_SESSION['ua-usertype-asstr'] = 'Disabled/Suspended';
break;
case 0:
$_SESSION['ua-usertype-asstr'] = 'Standard';
break;
case 1:
$_SESSION['ua-usertype-asstr'] = 'Account Administrator';
break;
}
switch (UserAccount::get_accounttype()) {
case 9:
$_SESSION['ua-accounttype-asstr'] = 'Disabled/Suspended';
break;
case 0:
$_SESSION['ua-accounttype-asstr'] = ' ';
break;
case 1:
$_SESSION['ua-accounttype-asstr'] = '(SA)';
break;
}
// Redirect
if ($redirect_bool) {
self::redirect(true);
}
}
} else {
self::set_loginstatus("Pre-requisite failure! Browser not supporting cookies!");
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
}
}
private static function redirect($auth_bool) {
//parent::set_sessionstate(true); ## Set session to active -- persistance to DB
//self::$determine_session_type(); ## Set session type -- persistance to DB
if ($auth_bool == true) {
$doc_root = $_SERVER['DOCUMENT_ROOT'];
self::set_loginstatus('');
$_SESSION['login-status'] = self::get_loginstatus();
header("Location: ".self::$redirect_url);
} else {
header("Location: login.php");
}
}
}
?>
I'm not sure since you're not showing the actual login/logout code, but maybe you're not destroying the session correctly?
session_start();
session_destroy();
EDIT: Nevermind, I think I may have misread your problem.