i am creating a simple login and logout script using php and mysql but when i try to enter the login.php or the index file i get an error message that say :
**The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept
cookies.**
i do not know how to solve or what is the error if anyone help me i will be appreciate
index.php
<?php
require_once('connect.php');
ob_start();
session_start();
//checked wether the user is loged in or not
$user = $_SESSION['username'];
if(!isset($_SESSION['username']))
{
$user = $_SESSION['username'];
header("Location: index.php");
exit();
}
else
{
header("Location: home.php");
}
// login script
if(isset($_POST['username'])&& isset($_POST['password']))
{
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']);
$user_password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['password']);
$md5password = md5($user_password);
$sql = mysql_query("SELECT id FROM members WHERE username = '".$user_login."' AND password = '".$user_password."'") or die ("could not select from database");
$userCount = mysql_num_rows($sql);
if($userCount ==1)
{
while($row = mysql_fetch_array($sql))
{
$id = $row['id'];
}
$_SESSION['id'] = $id;
$_SESSION['username'] = $user_login;
$_SESSION['password'] = $user_password;
header("Location: index.php");
exit();
}
else
{
echo "that info is incorrect";
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form action="login.php" method="post">
<input name="username" type="text" value="username" size="32" />
<input name="pass" type="password" value="password" size="32" />
<input name="login" type="submit" value="login" />
</form>
</body>
</html>
<?php ob_end_flush(); ?>
home.php
<?php
//home.php
session_start();
$user = $_SESSION['username'];
if(!isset($_SESSION['username']))
{
header("Location: index.php");
exit();
}
else
{
echo "hi $user you are loged in //Welcome to our website Logout";
}
?>
logout.php
<?php
session_start();
session_destroy();
header("Location: index.php");
?>
In index.php you need to put this if condition on top after 'session_start();'
if($_SESSION['username'])
{
header("Location: home.php");
exit();
}
In while loop it should be header("Location: home.php"); instead of header("Location: index.php");
In home.php page you should put on top after opening php tag
ob_start();
session_start();
Hope it will work.
++++++++++++++++++++++++++++++++++++++++++
Use this code
index.php
<?php
require_once('connect.php');
ob_start();
session_start();
//checked wether the user is loged in or not
$user = $_SESSION['username'];
if($_SESSION['username'])
{
$user = $_SESSION['username'];
header("Location: home.php");
exit();
}
// login script
if(isset($_POST['username'])&& isset($_POST['password']))
{
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']);
$user_password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['password']);
$md5password = md5($user_password);
$sql = mysql_query("SELECT id FROM members WHERE username = '".$user_login."' AND password = '".$user_password."'") or die ("could not select from database");
$userCount = mysql_num_rows($sql);
if($userCount ==1)
{
while($row = mysql_fetch_array($sql))
{
$id = $row['id'];
}
$_SESSION['id'] = $id;
$_SESSION['username'] = $user_login;
$_SESSION['password'] = $user_password;
header("Location: home.php");
exit();
}
else
{
echo "that info is incorrect";
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form action="login.php" method="post">
<input name="username" type="text" value="username" size="32" />
<input name="pass" type="password" value="password" size="32" />
<input name="login" type="submit" value="login" />
</form>
</body>
</html>
<?php ob_end_flush(); ?>
home.php
<?php
ob_start();
session_start();
//home.php
$user = $_SESSION['username'];
if(!isset($_SESSION['username']))
{
header("Location: index.php");
exit();
}
else
{
echo "hi $user you are loged in //Welcome to our website Logout";
}
?>
logout.php is correct
First, in index.php you don't need to "//checked wether the user is loged in or not", we should check that in home.php.
This code is causing your error : "The page isn't redirecting properly Firefox has detected that the server is redirecting the request for this address in a way that will never complete". You made a repetition (The session is not created but it is checked ...).
Second, in home.php, You have to write session_start() method, this is the code require when using session.
Refer my code:
index.php
<?php
ob_start();
session_start();
//check session is existed
if (isset($_SESSION['username'])) {
header("Location: home.php");
}
if (isset($_POST['username']) && isset($_POST['password'])) {
$user_login = $_POST['username'];
$user_password = $_POST['password'];
if ($user_login == 'namluu' && $user_password =='123456') {
$_SESSION['username'] = $user_login;
$_SESSION['password'] = $user_password;
header("Location: home.php");
exit();
} else {
echo 'Infor not correct';
exit();
}
}
?>
<html>
<head></head>
<body>
<form action="index.php" method="post">
<input type="text" name="username" />
<input type="text" name="password" />
<input type="submit" name="login" value="login" />
</form>
</body>
</html>
<?php
ob_end_flush();
?>
home.php
<?php
session_start();
//home.php
$user = $_SESSION['username'];
if(!isset($_SESSION['username']))
{
header("Location: index.php");
exit();
}
else
{
echo "hi $user you are loged in //Welcome to our website Logout";
}
?>
You haven't got session_start() at the top of home.php, which means you will have created an infinite loop between home.php and index.php.
Currently what is happening is when you access index.php, it recognises the session and redirects the user to home.php. As there is no session_start() in home.php, it doesn't recognise the session and redirects the user back to index.php. Thus you have an infinite loop.
Related
i had some problems with this code, seen some guides and arrived to this. I just started php few days ago. How exactly do you do a search of database, then compare the user input to the database username and password?
the $sqlQuery i left it empty for the sql search and maybe someone can explain what you call the "->" symbol in the loop?
I allready managed to understand and do a sign up but the tutorials never explain exactly what is going and just type.
Thanks.
<?php
include 'db.php';
include 'info.php';
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sqlQuery = '';
$result = mysqli_query($connection,$sqlQuery);
if($result->num_rows > 0){
session_start();
echo 'welcome';
}else{
echo 'failed';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Log In</title>
</head>
<body>
<form action="login.php">
Username: <input type="text" name="username">
Username: <input type="password" name="password">
<input type = "submit" value = " Submit "/><br />
</form>
</body>
</html>
PHP PDO login with session - It's secure
index.php,general message.php, logout.php, site life.php (this page for session and put it in the other pages by required)
Database:
connection.php
<?php
$dsn = "mysql:host=localhost;dbname=mg";
$username = "root";
$password = "";
$options = array(
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',
);
try{
$conn = new PDO($dsn,$username,$password,$options);
} catch (PDOException $e){
echo "Error!".$e->getMessage();
}
?>
index.php:
<?php
session_start();
if(isset($_SESSION['user'])){
header("location: general message.php");
}
require "connection.php";
if(isset($_POST['login'])){
$user = $_POST['username'];
$pass = md5($_POST['password']);
$messeg = "";
if(empty($user) || empty($pass)) {
$messeg = "Username/Password con't be empty";
} else {
$sql = "SELECT username, password FROM users WHERE username=? AND
password=? ";
$query = $conn->prepare($sql);
$query->execute(array($user,$pass));
if($query->rowCount() >= 1) {
$_SESSION['user'] = $user;
$_SESSION['time_start_login'] = time();
header("location: general message.php");
} else {
$messeg = "Username/Password is wrong";
}
}
}
?>
Site life.php (and I will put it in the the other pages by require "site life.php")
//The lives of session is one hour 60*60=3600
<?php
session_start();
if(isset($_SESSION['user'])){
if((time() - $_SESSION['time_start_login']) > 3600){
header("location: logout.php");
} else {
$_SESSION['time_start_login'] = time();
}
} else {
header("location: logout.php");
}
?>
logout.php
<?php
session_start();
session_destroy();
header("location: index.php");
?>
General message.php I put this in the header (to make a refresh every hour):
// 60*60=3600 one hour
<meta http-equiv="Refresh" content="3600" >
<?php
require ('site life.php');
?>
The -> is an object operator. so you can access attribute num_rows from $result.
This is the naive example (vulnerable to SQL injection) to give you an idea, it works.
<?php
include 'db.php';
include 'info.php';
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sqlQuery = "SELECT * FROM user WHERE username = '$username' and password = '$password'";
$result = mysqli_query($connection,$sqlQuery);
if($result->num_rows > 0){
session_start();
echo 'welcome';
}else{
echo 'failed';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Log In</title>
</head>
<body>
<form action="login.php">
Username: <input type="text" name="username">
Username: <input type="password" name="password">
<input type = "submit" value = " Submit "/><br />
</form>
</body>
</html>
So I need to pass a variable from one php to another php page but I dont know how to do it. I got this piece of code "$realname= $row['name'];" that stores the real name of the person to display it in another page after they successfully login, but when I try to use $realname variable in the other page it wont display it. How can I make this posible??? thanks in advance
page one login.php
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<?php
include 'functions.php';
if(loggedin())
{
header("Location: userarea.php");
exit();
}
if(isset($_POST['login']))
{
//get data
$username = $_POST['username'];
$password = $_POST['password'];
$rememberme = $_POST['rememberme'];
//validate
if($username&&$password)
{
$login = mysql_query("SELECT * FROM users WHERE username='$username'");
if(mysql_num_rows($login) == 1)
{
while($row = mysql_fetch_assoc($login))
{
$db_password = $row['password'];
if($password == $db_password)
$loginok= TRUE;
else
$loginok = FALSE;
if($loginok==TRUE)
{
$realname= $row['name'];
if($rememberme == "on")
setcookie("username", $username, time() + 7200);
else if ($rememberme == "")
$_SESSION['username'] = $username;
header("Location: userarea.php");
exit();
}
else
die("Incorrect username or password. Please try again or contact your local admin.");
}
}die("Incorrect username or password. Please try again or contact your local admin.gdfgdfgdfg");
}
else
die("Please enter a username and password.");
}
?>
<h>Welcome!</h>
<form action="login.php" method="POST">
Username:<br />
<input type="text" name="username"><p />
Password:<br />
<input type="password" name="password"><p / >
<input type="checkbox" name="rememberme"> Remember me<br />
<input type="submit" name="login" value="Log in">
</form>
</body>
</html>
Page 2 userarea.php (as you can see I declared $realname variable but I cant use it)
<html>
<body>
<?php
include 'functions.php';
if(!loggedin())
{
header("Location: login.php");
exit();
}
echo "Hello $realname";
?>
<h>Access Granted! Yeiy! </h>
Log out
</body>
</html>
This is exactly what sessions are for:
Sessions are a simple way to store data for individual users against a unique session ID. This can be used to persist state information between page requests. Session IDs are normally sent to the browser via session cookies and the ID is used to retrieve existing session data.
page one login.php
<?php session_start(); ?>
<!DOCTYPE html>
<html>
...
$_SESSION['realname'] = $row['name'];
Page 2 userarea.php
<?php session_start(); ?>
<!DOCTYPE html>
<html>
...
echo "Hello $_SESSION['realname']";
First pass $_SESSION['var_name']; on login page and then
start session_start() on the top of the userarea page and echo your session variable
echo $_SESSION['var_name'];
I have a log-in script for user login. The user information is stored in the MYSQL database. When i login for first time, it stores the information in the session and display the welcome message. But when i log-out and try to log-in again, the session array display empty although it is logged in.
Here are my codes:
reservation.php
<?php
session_start();
require_once("./includes/config_db.php");
$error1=array();
if(isset($_POST['submit'])){
if (preg_match ('%^[A-Za-z0-9]{4,8}$%', stripslashes(trim($_POST['user_id'])))) {
$e = escape_data($_POST['user_id']);
} else {
$e = FALSE;
$error1['user_id']="UserID Required!";
}
if (preg_match ('%^[A-Za-z0-9]{8,}$%', stripslashes(trim($_POST['password'])))) {
$p = escape_data($_POST['password']);
} else {
$p = FALSE;
$error1['password']="Password Required!";
}
if($e && $p){
$query="SELECT * FROM users WHERE(user_id='$e' AND password=SHA('$p')) AND active='NULL'";
$results=mysql_query($query);
if(mysql_affected_rows() == 1){
$row=mysql_fetch_array($results, MYSQL_NUM);
mysql_free_result($results);
$_SESSION['name']=$row[0];
$_SESSION['department']=$row[1];
$_SESSION['email']=$row[2];
$_SESSION['user_id']=$row[4];
$_SESSION['phone']=$row[5];
$_SESSION['pre']=$row[8];
//create second token
$tokenid=rand(10000,9999999);
$query2="UPDATE r_users SET token='$tokenid' WHERE user_id='$_SESSION[user_id]'";
$result2=mysql_query($query2);
$_SESSION['tokenid']=$tokenid;
session_regenerate_id();
mysql_close();
header("Location:local.php");
exit();
}else
{
$error1['active']="Either your Account is inactive or Email/Password is incorrect";
mysql_close();
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Reservation System</title>
<!--Link to external files-->
<link rel="stylesheet" type="text/css" href="css/reservation.css"></link>
</head>
<body class="body">
<div id="mainHeader">
<?php include('includes/ers_header.php'); ?>
</div>
<div id="content">
</div>
<div id="navigation">
<?php include('includes/ers_nav.php');?>
<h3>Member Login</h3>
<form id="login" action="reservation.php" method="post">
<?php if(!empty($error1['active'])) echo '<p><font color="red">'.$error1['active'].'</font></p>'; ?>
<label for="userid">User ID:</label>
<input type="text" name="user_id" <?php if (!empty($error1['user_id'])){ echo 'value="'.htmlentities($_POST['user_id']).'"';} ?> autofocus />
<?php if (!empty($error1['user_id'])){ echo '<p><font color="red">'.$error1['user_id'].'</font></p>';} ?>
<label for="password">Password:</label>
<input type="password" name="password" />
<?php if (!empty($error1['password'])){ echo '<p><font color="red">'.$error1['password'].'</font></p>';} ?>
<button class="submit" name="submit" type="submit">Login</button>
</form
</div>
</body>
</html>
ers_header.php:
<h1>XXXXXXXXXX</h1>
<h2>YYYYYYYYYYY</h2>
<h2>ZZZZZZZZZZZZ</h2>
<?php
require_once("./includes/config_db.php");
if(isset($_SESSION['name'])){
$sql="SELECT token FROM users WHERE(user_id='$_SESSION[user_id]')";
$result=mysql_query($sql);
if (mysql_affected_rows() == 1) { // A match was made.
$row = mysql_fetch_array ($result, MYSQL_NUM);
mysql_free_result($result);
mysql_close(); // Close the database connection.
if($_SESSION['tokenid'] == $row[0]){
echo '<p>Welcome';
echo " {$_SESSION['name']}";
$loggedin=1;
}else{
$loggedin=0;
}
}
}
if(isset($_SESSION['user_id']) AND (substr($_SERVER['PHP_SELF'] AND $loggedin,-10)!='logout.php')){
echo' Logout';
echo'</p>';
}
?>
logout.php
<?php
session_start();
require_once("./includes/config_db.php");
if ( !isset( $_SESSION['name'] ) ) {
header("Location: reservation.php");
exit();
} else {
$_SESSION = array(); // Destroy the variables.
session_destroy(); // Destroy the session itself.
setcookie( session_name(), ", time()-300, '/', ", 0 ); // Destroy the cookie.
header("Location:reservation.php");
}
I don't know what is the problem. I have tried a lot but couldn't find it out. Please can anyone figure out my mistake.
You really should only need to unset the $_SESSION array, not destroy the session and cookie data, try removing those lines, but also:
mysql_affected_rows should be mysql_num_rows
also this line of code is incorrect:
$query2="UPDATE r_users SET token='$tokenid' WHERE user_id='$_SESSION[user_id]'";
$_SESSION[user_id] should be $_SESSION["user_id"] and you should wrap it in {}. PHP probably gives warnings about this.
and this line of code is strange:
if(isset($_SESSION['user_id']) AND (substr($_SERVER['PHP_SELF'] AND $loggedin,-10)!='logout.php')
is the $loggedin,-10 really supposed to be in substr?
I am creating a form for log in and log out .
My problem is when a user submit their username and password then display welcome message with that username.Files are given below.
include.php
<?php
session_start();
$host = "VKSolutions";
$username = "VKSolutions";
$password = "VKSolutions#1";
$db = "VKSolutions";
#mysql_connect($host,$username,$password) or die ("error");
#mysql_select_db($db) or die("error");
?>
login.php
<?php
require_once('include.php');
$error = '';
$form = $_POST['submit'];
$user = $_POST['user'];
$password = $_POST['password'];
if( isset($form) ) {
if( isset($user) && isset($password) && $user !== '' && $password !== '' ) {
$sql = mysql_query("SELECT * FROM `accounts` WHERE user='$user' and
password='$password';");
if( mysql_num_rows($sql) != 0 ) { //success
$_SESSION['logged-in'] = true;
header('Location: members.php');
exit;
} else { $error = "Incorrect login info"; }
} else { $error = 'All information is not filled out correctly';}
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login</title>
</head>
<body>
<table width="80%" border="0"><form action="<?php $PHP_SELF; ?>" method="post" >
<tr>
<td><label>Employee Name:</label></td>
<td><input name="user" placeholder="Enter Name" type="text" value="<?php echo "$user";?>" /></td>
</tr>
<tr>
<td><label>Password:</label></td>
<td><input name="password" placeholder="Enter Password" type="password" /></td>
</tr>
<tr>
<td> </td>
<td><input valin="right" name="submit" type="submit" value="Log In" /></td>
</tr></form>
</table>
<?php
echo "<br /><span style=\"color:red\">$error</span>";
?>
</body>
</html>
members.php
<?php
require_once('include.php');
if ( !isset($_SESSION['logged-in']) || $_SESSION['logged-in'] !== true) {
header('Location: login.php');
exit;
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Staff Area</title>
</head>
<body>
<div style="margin-top:50px; color:#00F; margin-left:50px; font-size:18px; position:absolute">Welcome<?php echo "$user";?></div>
</body>
</html>
logout.php
<?php
session_start();
// if the user is logged in, unset the session
if (isset($_SESSION['logged-in'])) {
unset($_SESSION['logged-in']);
}
// now that the user is logged out,
// go to login page
header('Location: login.php');
?>
In my members.php it is log in but not display with username. I need that username.
Please find out what is wrong.
Thanks.
You need to create $_session variable since HTTP is a stateless protocol. Your variables defined in login.php is not available to members.php unless you store them in session.
first in the login.php
session_start();
$_SESSION['user'] = $_POST['user'];
then in your members.php file
session_start();
$user = $_SESSION['user'];
will allow you to access it.
Just use a session variable like $_SESSION['user']= $_POST['user']; and then display it using echo $_SESSION['user'].
Also make sure that you add session_start(); at the beginning of the php file.
You need to register your session username like this
session_start();
$_SESSION['user'] = $_POST['user'];
then retrieve your session username to display username message
echo $_SESSION['user'];
i am creating a simple log in form with using of the sessions but the problem that when i press the login it redirect me to index.php but i need to go the home.php. in the logout.php i destroy the session and i redirect to index.php but is someway the login button redirect me to the index.php like ther were no a success in the login process how to fix this error i need so badly .
index.php
<?php
require_once('global.php');
if(#$logged == 1)
{
header("Location: home.php");
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>index page</title>
</head>
<body>
<h1> this is the index page</h1>
Login
</body>
</html>
global.php
<?php
session_start();
require_once('connect.php');
// cheking if the sessions are set
if(isset($_SESSION['username']))
{
$session_username = $_SESSION['username'];
$session_pass = $_SESSION['password'];
$session_id = $_SESSION['id'];
//cheking if the member exist
$query = mysql_query("SELECT * FROM members WHERE id = '".$session_id."' AND password = '".$session_pass."' LIMIT 1") or die("could not select memeber");
$count_count = mysql_num_rows($query);
if($count_count > 0)
{
$logged = 1;
while($row = mysql_fetch_array($query))
{
$session_username = $row['username'];
}
$_SESSION['username'] = $session_username;
$_SESSION['pass'] = $session_pass;
$_SESSION['id'] = $session_id;
}
else
{
header("Location: logout.php");
exit();
}
}
else
{
// if the user not loged in
$logged = 0;
}
?>
login.php
<?php
require_once('global.php');
$message = "";
if(isset($_POST['email']))
{
$email = $_POST['email'];
$pass = $_POST['password'];
// error handling
if((!$email) ||(!$pass))
{
$message = 'please insert both fields';
}
else
{
//secure data
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$query = mysql_query("SELECT * FROM members WHERE email = '".$email."' AND password = '".$pass."'LIMIT 1") or die("could not select data");
$count_query = mysql_num_rows($query);
if($count_query == 0)
{
$message = 'your info was inccorrect';
}
else
{
//start SESSIONS
$_SESSION['pass'] = $pass;
while($row = mysql_fetch_array($query))
{
$username = $row['username'];
$id = $row['id'];
}
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
}
header("Location: home.php");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>login to membership website </title>
</head>
<body>
<h1> login to my website</h1>
<p><?php print("$message"); ?></p>
<form action="login.php" method="post">
<input type="text" name="email" placeholder="email adress" /><br />
<input type="password" name="password" placeholder="password" /><br />
<input type="submit" value="Login" />
</form>
</body>
</html>
home.php
<?php
require_once('global.php');
if($logged == 0)
{
header("Location: index.php");
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<h1>this the home page</h1>
</body>
</html>
logout.php
<?php
session_start();
session_destroy();
/*
if(session_is_registered('username'))
{
echo "you are loged in we can not log you out";
exit();
}
*/
//else
//{
header("Location: index.php");
//}
?>
When you are checking session with $_SESSION['username'], you don't need the logged variable.
you can allow the user to access the page when $_SESSION['username'] exists and if it doesn't redirect him to login page
To be honest this is rather spagetti coded, a bit of a mess, but the problem is that login.php does not set $logged = true so login.php redirects to home.php and then home.php redirects to index.php
So try this
Login.php
<?php
require_once('global.php');
$message = "";
if(isset($_POST['email'])) {
$email = $_POST['email'];
$pass = $_POST['password'];
// error handling
if((!$email) ||(!$pass)) {
$message = 'please insert both fields';
}
else
{
//secure data
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$query = mysql_query("SELECT * FROM members WHERE email = '".$email."' AND password = '".$pass."'LIMIT 1") or die("could not select data");
$count_query = mysql_num_rows($query);
if($count_query == 0) {
$message = 'your info was inccorrect';
} else {
//start SESSIONS
$_SESSION['pass'] = $pass;
while($row = mysql_fetch_array($query)) {
$username = $row['username'];
$id = $row['id'];
}
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
// NEW LINE
$logged = 1;
}
header("Location: home.php");
}
}
?>