I am having index.php page as follow which have a login form, that calls login.php page. It creates session values over there.
<?php
session_start();
$con=mysqli_connect("localhost","root","","sam");
if (mysqli_connect_errno($con))
{
echo "Could not connect " . mysqli_connect_error();
}
$id = $_SESSION["id"];
$user_login = $_SESSION["user_login"];
$password_login = $_SESSION["password_login"];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Samsung Ops Guide</title>
<link href="css/index.css" rel="stylesheet" type="text/css" />
</head>
<body>
Tracker
<form action="login.php" method="post" id="login">
<input id="email" placeholder="T-ID" type="text" name="em" />
<input id="email" placeholder="Password" type="password" name="pwd"/>
<input id="loginButton" type="submit" value="Login" name="log" />
</form>
<div id="error1"></div>
</body>
</html>
<?php
if (isset($_SESSION["user_login"]) && isset($_SESSION["password_login"])) {
$query = mysqli_query($con,"select * from employees where Tid='$user_login' and password='$password_login'");
while($row = mysqli_fetch_array($query)){
$ptype = $row["designation"];
}
if($ptype=="agent")
{
header("location:/new/l1/");
}
if($ptype=="l2")
{
header("location:/new/l2/");
}
}
?>
Then having a login.php page which is called when the login form is called.
Login form calls and fetch values from the database and create session according to that.
login.php is as follows :
<?php
session_start();
include "inc_files/connection.php"; // it is only creating a connection with database nothing else
$user_login=$_POST['em'];
$password_login=$_POST['pwd'];
$password_login = md5($password_login);
if(empty($user_login) || empty($password_login))
{
die (retmsg(0,"Please fill T-ID and Password"));
}
$query = mysqli_query($con,"select * from employees where Tid='$user_login' and password='$password_login'");
$read = mysqli_num_rows($query);
if(!$read)
{
die (retmsg(0,"Incorrect T-ID or Password"));
}
else
{
while($row = mysqli_fetch_array($query)){
$id = $row["id"];
$ptype = $row["designation"];
}
$_SESSION["id"] = $id;
$_SESSION["user_login"] = $user_login;
$_SESSION["password_login"] = $password_login;
if (isset($_SESSION["user_login"]) && isset($_SESSION["password_login"]))
{
if ($ptype == "l1")
{echo retmsg(1,"l1");}
if ($ptype == "l2")
{echo retmsg(1,"l2");}
}
}
function retmsg($status,$txt)
{
return json_encode(array('status' => $status, 'txt' => $txt));
}
?>
i am getting an error that
$id = $_SESSION["id"];
$user_login = $_SESSION["user_login"];
$password_login = $_SESSION["password_login"];
are not defined. in index.php
Here, the session variables will be set only when you have logged in. At first time, they are not set and you are trying to access them in these lines (in index.php).
$id = $_SESSION["id"];
$user_login = $_SESSION["user_login"];
$password_login = $_SESSION["password_login"];
firstly you have to check whether they are set, and then access it like:
if(isset($_SESSION["id"]))
$id = $_SESSION["id"];
if(isset($_SESSION["user_login"]))
$user_login = $_SESSION["user_login"];
if(isset($_SESSION["password_login"]))
$password_login = $_SESSION["password_login"];
When you are using the same page for form submission, you can access
$user_login=$_POST['em'];
$password_login=$_POST['pwd'];
only if the form is submitted. ie, On page load the form won't be submitted, which means there won't be any POST variables in the page. So surely it will create problem (the same issue we have discussed above). So here, you have to make sure that the form variables are accessed only if the form is submitted. You can do it by the following lines,
if (!empty($_POST)) // if there are any posted variables
{
$user_login=$_POST['em'];
$password_login=$_POST['pwd'];
$password_login = md5($password_login);
..............................
}
Also make sure that you have added all the code for form submission inside this if condition.
I don't know the exact error. Let try with single quotes.
$id = $_SESSION['id'];
$user_login = $_SESSION['user_login'];
$password_login = $_SESSION['password_login'];**
Related
i had some problems with this code, seen some guides and arrived to this. I just started php few days ago. How exactly do you do a search of database, then compare the user input to the database username and password?
the $sqlQuery i left it empty for the sql search and maybe someone can explain what you call the "->" symbol in the loop?
I allready managed to understand and do a sign up but the tutorials never explain exactly what is going and just type.
Thanks.
<?php
include 'db.php';
include 'info.php';
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sqlQuery = '';
$result = mysqli_query($connection,$sqlQuery);
if($result->num_rows > 0){
session_start();
echo 'welcome';
}else{
echo 'failed';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Log In</title>
</head>
<body>
<form action="login.php">
Username: <input type="text" name="username">
Username: <input type="password" name="password">
<input type = "submit" value = " Submit "/><br />
</form>
</body>
</html>
PHP PDO login with session - It's secure
index.php,general message.php, logout.php, site life.php (this page for session and put it in the other pages by required)
Database:
connection.php
<?php
$dsn = "mysql:host=localhost;dbname=mg";
$username = "root";
$password = "";
$options = array(
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',
);
try{
$conn = new PDO($dsn,$username,$password,$options);
} catch (PDOException $e){
echo "Error!".$e->getMessage();
}
?>
index.php:
<?php
session_start();
if(isset($_SESSION['user'])){
header("location: general message.php");
}
require "connection.php";
if(isset($_POST['login'])){
$user = $_POST['username'];
$pass = md5($_POST['password']);
$messeg = "";
if(empty($user) || empty($pass)) {
$messeg = "Username/Password con't be empty";
} else {
$sql = "SELECT username, password FROM users WHERE username=? AND
password=? ";
$query = $conn->prepare($sql);
$query->execute(array($user,$pass));
if($query->rowCount() >= 1) {
$_SESSION['user'] = $user;
$_SESSION['time_start_login'] = time();
header("location: general message.php");
} else {
$messeg = "Username/Password is wrong";
}
}
}
?>
Site life.php (and I will put it in the the other pages by require "site life.php")
//The lives of session is one hour 60*60=3600
<?php
session_start();
if(isset($_SESSION['user'])){
if((time() - $_SESSION['time_start_login']) > 3600){
header("location: logout.php");
} else {
$_SESSION['time_start_login'] = time();
}
} else {
header("location: logout.php");
}
?>
logout.php
<?php
session_start();
session_destroy();
header("location: index.php");
?>
General message.php I put this in the header (to make a refresh every hour):
// 60*60=3600 one hour
<meta http-equiv="Refresh" content="3600" >
<?php
require ('site life.php');
?>
The -> is an object operator. so you can access attribute num_rows from $result.
This is the naive example (vulnerable to SQL injection) to give you an idea, it works.
<?php
include 'db.php';
include 'info.php';
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sqlQuery = "SELECT * FROM user WHERE username = '$username' and password = '$password'";
$result = mysqli_query($connection,$sqlQuery);
if($result->num_rows > 0){
session_start();
echo 'welcome';
}else{
echo 'failed';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Log In</title>
</head>
<body>
<form action="login.php">
Username: <input type="text" name="username">
Username: <input type="password" name="password">
<input type = "submit" value = " Submit "/><br />
</form>
</body>
</html>
So I need to pass a variable from one php to another php page but I dont know how to do it. I got this piece of code "$realname= $row['name'];" that stores the real name of the person to display it in another page after they successfully login, but when I try to use $realname variable in the other page it wont display it. How can I make this posible??? thanks in advance
page one login.php
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<?php
include 'functions.php';
if(loggedin())
{
header("Location: userarea.php");
exit();
}
if(isset($_POST['login']))
{
//get data
$username = $_POST['username'];
$password = $_POST['password'];
$rememberme = $_POST['rememberme'];
//validate
if($username&&$password)
{
$login = mysql_query("SELECT * FROM users WHERE username='$username'");
if(mysql_num_rows($login) == 1)
{
while($row = mysql_fetch_assoc($login))
{
$db_password = $row['password'];
if($password == $db_password)
$loginok= TRUE;
else
$loginok = FALSE;
if($loginok==TRUE)
{
$realname= $row['name'];
if($rememberme == "on")
setcookie("username", $username, time() + 7200);
else if ($rememberme == "")
$_SESSION['username'] = $username;
header("Location: userarea.php");
exit();
}
else
die("Incorrect username or password. Please try again or contact your local admin.");
}
}die("Incorrect username or password. Please try again or contact your local admin.gdfgdfgdfg");
}
else
die("Please enter a username and password.");
}
?>
<h>Welcome!</h>
<form action="login.php" method="POST">
Username:<br />
<input type="text" name="username"><p />
Password:<br />
<input type="password" name="password"><p / >
<input type="checkbox" name="rememberme"> Remember me<br />
<input type="submit" name="login" value="Log in">
</form>
</body>
</html>
Page 2 userarea.php (as you can see I declared $realname variable but I cant use it)
<html>
<body>
<?php
include 'functions.php';
if(!loggedin())
{
header("Location: login.php");
exit();
}
echo "Hello $realname";
?>
<h>Access Granted! Yeiy! </h>
Log out
</body>
</html>
This is exactly what sessions are for:
Sessions are a simple way to store data for individual users against a unique session ID. This can be used to persist state information between page requests. Session IDs are normally sent to the browser via session cookies and the ID is used to retrieve existing session data.
page one login.php
<?php session_start(); ?>
<!DOCTYPE html>
<html>
...
$_SESSION['realname'] = $row['name'];
Page 2 userarea.php
<?php session_start(); ?>
<!DOCTYPE html>
<html>
...
echo "Hello $_SESSION['realname']";
First pass $_SESSION['var_name']; on login page and then
start session_start() on the top of the userarea page and echo your session variable
echo $_SESSION['var_name'];
i am creating a profile page and a login page where i store the session id and then in the profile file i check if isset or not but the problem that i get is that the system always display an error message and i used print_r($_SESSION); the browser display :
Important data are missingArray ( [first_name] => [email] => )
how to fix this error?????
login.php
<?php
session_start();
error_reporting(E_ALL);
require_once('include/connect.php');
$message = "";
if(!empty($_POST['email']))
{
$email = $_POST['email'];
$pass = $_POST['pass'];
$email = strip_tags($email);
$pass = strip_tags($pass);
$email = mysql_real_escape_string($email);
$pass = mysql_real_escape_string($pass);
//$pass = md5($pass);
$sql=mysql_query( "SELECT user_id, email_address, first_name FROM user WHERE email_address='$email'AND password='$pass'LIMIT 1") or die("error in user table");
$login_check = mysql_num_rows($sql);
if($login_check > 0)
{
$row = mysql_fetch_array($sql);
$id = $row['user_id'];
$_SESSION['user_id'] = $id;
$firstname = $row['first_name'];
$_SESSION['first_name']= $firstname;
$email = $row['email_address'];
$_SESSION['email_address']= $email;
mysql_query("UPDATE user SET last_log_date=now() WHERE user_id='$id'");
header("Location: profile.php");
}//close if
else
{
$message = "incorrect Email or Password!!";
//exit();
}
}//close if
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>RegisterPage</title>
<link href='http://fonts.googleapis.com/css?family=Oswald:400,300' rel='stylesheet' type='text/css' />
<link href='http://fonts.googleapis.com/css?family=Abel|Satisfy' rel='stylesheet' type='text/css' />
<link href="default.css" rel="stylesheet" type="text/css" media="all" />
</head>
<body>
<div id="loginborder">
<p style="color:#FF0000" align="left"><?php print("$message") ?></p>
<!--Login form where user submit his registered email and password-->
<form action="login.php" method="post">
email-address:<br />
<input type="text" name="email" placeholder="Email Adress" />
<br />
<br />
Password:<br />
<input type="password" name="pass" placeholder="Password" />
<br />
<br />
<input type="submit" name="login" value="Login" />
<strong> Register</strong>
</form>
</div>
profile.php
<?php
session_start();
require_once('include/connect.php');
if(isset($_GET['user_id']))
{
$id=$_GET['user_id'];
var_dump($id);
}
elseif(isset($_SESSION['user_id']))
{
$id= $_SESSION['user_id'];
}
else
{
print "Important data are missing";
print_r($_SESSION);
exit();
}
$sql = mysql_query("SELECT * FROM user WHERE user_id='$id'") or die(mysql_error());
$row = mysql_fetch_array($sql);
$firstname=$row['first_name'];
$lastname=$row['last_name'];
$birth_date=$row['birth_date'];
$registered_date=$row['registered_date'];
//***************for upload img*****************//
$check_pic="members/$id/image01.jpg";
$default_pic="members/0/image01.jpg";
if(file_exists($check_pic))
{
$user_pic="<img src=\"$check_pic\"width=\"100px\"/>";
}
else
{
$user_pic="<img src=\"$default_pic\">";
}
echo $id, $firstname, $birth_date;
?>
You need to changes several things
First : get first_name and email in your request
'SELECT user_id,email,first_name FROM user WHERE email_address='$email'AND password='$pass'LIMIT 1'
Second, remove while loop and do
$row = mysql_fetch_array($sql);
You are limiting to 1 result so no need to loop inside result
Change $id=$_SESSION['user_id']; to $_SESSION['user_id'] = $id;
Also, limit to 1 the result from profile and remove loop (user_id => UNIQUE => LIMIT 1)
all you need to do is just store a value in a session variable [$_SESSION['username']] after everything checks out then select the data from the mysql table using the value in the session
----------------------------------for example------------------------------------------------------
on login.php
if($login_check > 0)
{
$_SESSION['email']=$email;//storing variable in SESSION
header("Location: profile.php");
}
else
{
$message = "incorrect Email or Password!!";
die();// kill the script
}
on profile.php
<?php
session_start();// start session
require_once('include/connect.php'); //include connection file
$sql = mysql_query("SELECT * FROM user WHERE email='(mysql_real_escape_string($_SESSION['email']))'") or die(mysql_error());
$row = mysql_fetch_array($sql);
// then just echo all the data you need
?>
i am creating a simple login and logout script using php and mysql but when i try to enter the login.php or the index file i get an error message that say :
**The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept
cookies.**
i do not know how to solve or what is the error if anyone help me i will be appreciate
index.php
<?php
require_once('connect.php');
ob_start();
session_start();
//checked wether the user is loged in or not
$user = $_SESSION['username'];
if(!isset($_SESSION['username']))
{
$user = $_SESSION['username'];
header("Location: index.php");
exit();
}
else
{
header("Location: home.php");
}
// login script
if(isset($_POST['username'])&& isset($_POST['password']))
{
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']);
$user_password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['password']);
$md5password = md5($user_password);
$sql = mysql_query("SELECT id FROM members WHERE username = '".$user_login."' AND password = '".$user_password."'") or die ("could not select from database");
$userCount = mysql_num_rows($sql);
if($userCount ==1)
{
while($row = mysql_fetch_array($sql))
{
$id = $row['id'];
}
$_SESSION['id'] = $id;
$_SESSION['username'] = $user_login;
$_SESSION['password'] = $user_password;
header("Location: index.php");
exit();
}
else
{
echo "that info is incorrect";
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form action="login.php" method="post">
<input name="username" type="text" value="username" size="32" />
<input name="pass" type="password" value="password" size="32" />
<input name="login" type="submit" value="login" />
</form>
</body>
</html>
<?php ob_end_flush(); ?>
home.php
<?php
//home.php
session_start();
$user = $_SESSION['username'];
if(!isset($_SESSION['username']))
{
header("Location: index.php");
exit();
}
else
{
echo "hi $user you are loged in //Welcome to our website Logout";
}
?>
logout.php
<?php
session_start();
session_destroy();
header("Location: index.php");
?>
In index.php you need to put this if condition on top after 'session_start();'
if($_SESSION['username'])
{
header("Location: home.php");
exit();
}
In while loop it should be header("Location: home.php"); instead of header("Location: index.php");
In home.php page you should put on top after opening php tag
ob_start();
session_start();
Hope it will work.
++++++++++++++++++++++++++++++++++++++++++
Use this code
index.php
<?php
require_once('connect.php');
ob_start();
session_start();
//checked wether the user is loged in or not
$user = $_SESSION['username'];
if($_SESSION['username'])
{
$user = $_SESSION['username'];
header("Location: home.php");
exit();
}
// login script
if(isset($_POST['username'])&& isset($_POST['password']))
{
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']);
$user_password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['password']);
$md5password = md5($user_password);
$sql = mysql_query("SELECT id FROM members WHERE username = '".$user_login."' AND password = '".$user_password."'") or die ("could not select from database");
$userCount = mysql_num_rows($sql);
if($userCount ==1)
{
while($row = mysql_fetch_array($sql))
{
$id = $row['id'];
}
$_SESSION['id'] = $id;
$_SESSION['username'] = $user_login;
$_SESSION['password'] = $user_password;
header("Location: home.php");
exit();
}
else
{
echo "that info is incorrect";
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form action="login.php" method="post">
<input name="username" type="text" value="username" size="32" />
<input name="pass" type="password" value="password" size="32" />
<input name="login" type="submit" value="login" />
</form>
</body>
</html>
<?php ob_end_flush(); ?>
home.php
<?php
ob_start();
session_start();
//home.php
$user = $_SESSION['username'];
if(!isset($_SESSION['username']))
{
header("Location: index.php");
exit();
}
else
{
echo "hi $user you are loged in //Welcome to our website Logout";
}
?>
logout.php is correct
First, in index.php you don't need to "//checked wether the user is loged in or not", we should check that in home.php.
This code is causing your error : "The page isn't redirecting properly Firefox has detected that the server is redirecting the request for this address in a way that will never complete". You made a repetition (The session is not created but it is checked ...).
Second, in home.php, You have to write session_start() method, this is the code require when using session.
Refer my code:
index.php
<?php
ob_start();
session_start();
//check session is existed
if (isset($_SESSION['username'])) {
header("Location: home.php");
}
if (isset($_POST['username']) && isset($_POST['password'])) {
$user_login = $_POST['username'];
$user_password = $_POST['password'];
if ($user_login == 'namluu' && $user_password =='123456') {
$_SESSION['username'] = $user_login;
$_SESSION['password'] = $user_password;
header("Location: home.php");
exit();
} else {
echo 'Infor not correct';
exit();
}
}
?>
<html>
<head></head>
<body>
<form action="index.php" method="post">
<input type="text" name="username" />
<input type="text" name="password" />
<input type="submit" name="login" value="login" />
</form>
</body>
</html>
<?php
ob_end_flush();
?>
home.php
<?php
session_start();
//home.php
$user = $_SESSION['username'];
if(!isset($_SESSION['username']))
{
header("Location: index.php");
exit();
}
else
{
echo "hi $user you are loged in //Welcome to our website Logout";
}
?>
You haven't got session_start() at the top of home.php, which means you will have created an infinite loop between home.php and index.php.
Currently what is happening is when you access index.php, it recognises the session and redirects the user to home.php. As there is no session_start() in home.php, it doesn't recognise the session and redirects the user back to index.php. Thus you have an infinite loop.
i am creating a simple log in form with using of the sessions but the problem that when i press the login it redirect me to index.php but i need to go the home.php. in the logout.php i destroy the session and i redirect to index.php but is someway the login button redirect me to the index.php like ther were no a success in the login process how to fix this error i need so badly .
index.php
<?php
require_once('global.php');
if(#$logged == 1)
{
header("Location: home.php");
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>index page</title>
</head>
<body>
<h1> this is the index page</h1>
Login
</body>
</html>
global.php
<?php
session_start();
require_once('connect.php');
// cheking if the sessions are set
if(isset($_SESSION['username']))
{
$session_username = $_SESSION['username'];
$session_pass = $_SESSION['password'];
$session_id = $_SESSION['id'];
//cheking if the member exist
$query = mysql_query("SELECT * FROM members WHERE id = '".$session_id."' AND password = '".$session_pass."' LIMIT 1") or die("could not select memeber");
$count_count = mysql_num_rows($query);
if($count_count > 0)
{
$logged = 1;
while($row = mysql_fetch_array($query))
{
$session_username = $row['username'];
}
$_SESSION['username'] = $session_username;
$_SESSION['pass'] = $session_pass;
$_SESSION['id'] = $session_id;
}
else
{
header("Location: logout.php");
exit();
}
}
else
{
// if the user not loged in
$logged = 0;
}
?>
login.php
<?php
require_once('global.php');
$message = "";
if(isset($_POST['email']))
{
$email = $_POST['email'];
$pass = $_POST['password'];
// error handling
if((!$email) ||(!$pass))
{
$message = 'please insert both fields';
}
else
{
//secure data
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$query = mysql_query("SELECT * FROM members WHERE email = '".$email."' AND password = '".$pass."'LIMIT 1") or die("could not select data");
$count_query = mysql_num_rows($query);
if($count_query == 0)
{
$message = 'your info was inccorrect';
}
else
{
//start SESSIONS
$_SESSION['pass'] = $pass;
while($row = mysql_fetch_array($query))
{
$username = $row['username'];
$id = $row['id'];
}
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
}
header("Location: home.php");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>login to membership website </title>
</head>
<body>
<h1> login to my website</h1>
<p><?php print("$message"); ?></p>
<form action="login.php" method="post">
<input type="text" name="email" placeholder="email adress" /><br />
<input type="password" name="password" placeholder="password" /><br />
<input type="submit" value="Login" />
</form>
</body>
</html>
home.php
<?php
require_once('global.php');
if($logged == 0)
{
header("Location: index.php");
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<h1>this the home page</h1>
</body>
</html>
logout.php
<?php
session_start();
session_destroy();
/*
if(session_is_registered('username'))
{
echo "you are loged in we can not log you out";
exit();
}
*/
//else
//{
header("Location: index.php");
//}
?>
When you are checking session with $_SESSION['username'], you don't need the logged variable.
you can allow the user to access the page when $_SESSION['username'] exists and if it doesn't redirect him to login page
To be honest this is rather spagetti coded, a bit of a mess, but the problem is that login.php does not set $logged = true so login.php redirects to home.php and then home.php redirects to index.php
So try this
Login.php
<?php
require_once('global.php');
$message = "";
if(isset($_POST['email'])) {
$email = $_POST['email'];
$pass = $_POST['password'];
// error handling
if((!$email) ||(!$pass)) {
$message = 'please insert both fields';
}
else
{
//secure data
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$query = mysql_query("SELECT * FROM members WHERE email = '".$email."' AND password = '".$pass."'LIMIT 1") or die("could not select data");
$count_query = mysql_num_rows($query);
if($count_query == 0) {
$message = 'your info was inccorrect';
} else {
//start SESSIONS
$_SESSION['pass'] = $pass;
while($row = mysql_fetch_array($query)) {
$username = $row['username'];
$id = $row['id'];
}
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
// NEW LINE
$logged = 1;
}
header("Location: home.php");
}
}
?>