I'm creating a website that contains a login page, profile page and logout page. I'm using sessions but I have a problem with dealing with sessions and I cannot understand what the error is or where it is to fix it.
The error I get is in the profile.php **(("you need to be loged in to view profiles"))line 8**
anyone have an idea or a solution plz tel me
login.php
<?php
require_once('for members/scripts/global.php');
$message = "";
if(isset($_POST['email'])){
$email = $_POST['email'];
$pass = $_POST['pass'];
//error handeling
if((!$email)||(!$pass)){
$message = "please insert both fields";
}else{
// secure data
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$query = mysql_query("SELECT * FROM members WHERE email='$email'AND password='$pass'LIMIT 1")or die(mysql_error());
$count_query = mysql_num_rows($query);
if($count_query == 0){
$message = "the information was incorrect!";
}else{
//start the sessions
$_SESSION['pass']=$pass;
while($row = mysql_fetch_array($query)){
$username = $row['username'];
$id = $row['id'];
}
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
/* to create a cookie on the HDD OF THE user
if($remember == "yes"){
//create the cookies
setcookie("id_cookie", $id, time()+60*60*24*100,"/");
setcookie("pass_cookie", $pass, time()+60*60*24*100,"/");
}
*/
header("Location:profile.php");
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link href="style/stylesheet.css"rel="stylesheet" type="text/css"/>
</head>
<body>
<div class="container center">
<p><?php print("$message") ?></p>
<form action="login.php" method="post">
<input type="text" name="email" placeholder="Email Adress" /><br />
<input type="password" name="pass" placeholder="Password" /><br />
<input type="submit" name="login" value="Login" />
<strong> Register</strong>
</form>
</div>
</body>
</html>
profile.php
<?php
ob_start();
session_start();
require_once('for members/scripts/global.php');
if($logged == 0){
echo("you need to be loged in to view profiles");
exit();
}
if(isset($_GET['id'])){
$id=$_GET['id'];
$id= preg_replace("#[^0-9]#","",$id);
}else{
$id=$_SESSION['id'];
}
//collect member information
$query = mysql_query("SELECT * FROM members WHERE id='$id'LIMIT 1") or die("could not collect user information ");
$count_mem = mysql_num_rows($query);
if($count_mem == 0){
echo("the user does not exit");
exit();
}
while($row = mysql_fetch_array($query)){
$username = $row['username'];
$fname = $row['firstname'];
$lname = $row['lastname'];
$profile_id= $row['id'];
if($session_id == $profile_id){
$owner = true;
}else{
$owner = false;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php print("$fname"); ?> <?php print("$lname"); ?>'s profile</title>
<link href="style/stylesheet.css" type="text/css"/>
</head>
<body>
<div class="container center">
<h1><?php print("$username"); ?></h1>
<?php
if($owner == true ){
header("Location: profile.php");
?>
<!--
edit profile<br />
account settings<br />
-->
<?php
}else{
header("Location: index.php");
?>
<!--
private message<br />
add as friend<br />
-->
<?php
}
?>
</div>
</body>
</html>
<?php flush(); ?>
logout.php
<?php
session_start();
session_destroy();
/*
if(isset($_COOKIE['id_cookie'])){
setcookie("id_cookie", "", time()-50000,"/");
setcookie("pass_cookie", "", time()-50000,"/");
}
*/
if(isset($_SESSION['username'])){
echo("we could not log out try again!");
exit();
}else{
header("Location: home.php");
}
?>
global.php
<?php
if(!isset($_SESSION))
{
session_start();
}
require_once('connect.php');
//checking if sessions are set
if(isset($_SESSION['username'])){
$session_username = $_SESSION['username'];
$session_pass = $_SESSION['pass'];
$session_id = $_SESSION['id'];
//check if the member exist
$query = mysql_query("SELECT * FROM members WHERE id='$session_id' AND password='$session_pass'LIMIT 1")or die("could not ");
$count_count = mysql_num_rows($query);
if($count_count == 0){
//loged in stuff here
$logged = 1;
while($row = mysql_fetch_array($query)){
$session_username = $row['username'];
}
//create sessions
$_SESSION['username'] = $session_username;
$_SESSION['id'] = $session_id;
$_SESSION['pass'] = $session_pass;
}else{
header("Location: logout.php");
exit();
}
}
$logged = 0;
/*
elseif(isset($_COOKIE['id_cookie'])){
$session_id = $_COOKIE['id_cookie'];
$session_pass = $_COOKIE['pass_cookie'];
$query = mysql_query("SELECT * FROM members WHERE id='$session_id' AND password='$session_pass'LIMIT 1")or die("could not ");
$count_count = mysql_num_rows($query);
if($count_count > 0){
//loged in stuff here
$logged = 1;
}else{
header("Location: logout.php");
exit();
}
//if user is not log in
}
*/
?>
You're using $_SESSION without properly starting the session with line session_start() in your login.php page.
There are a few thing that can be wrong with what you have written. The $logged == 0 is defined in global.php I suppose. Is it starting the session in it as well (i.e., do you have session_start() in global.php)?
As far as I can see $logged could be whatever and thus you get the error. Starting the session in logging.php also should be fixed if not in global.php.
ok. Take everything out of global.php. If you want leave only session_start() but remove it from login.php and profile.php.
Then you have to move the sql query that checks the password and the username against the database to login.php instead of global.php and have it like this.
//check if the member exist
$query = mysql_query("SELECT * FROM members WHERE id='$session_id' AND password='$session_pass'LIMIT 1")or die("could not ");
$count_count = mysql_num_rows($query);
if($count_count == 0){
//loged in stuff here
$logged = 1;
header("Location: profile.php");
while($row = mysql_fetch_array($query)){
$session_username = $row['username'];
}
//create sessions
$_SESSION['username'] = $session_username;
$_SESSION['id'] = $session_id;
$_SESSION['pass'] = $session_pass;
}else{
$logged = 0;
header("Location: logout.php");
exit();
}
you do not need these in login.php (replace them with the code above)
$message = "";
if(isset($_POST['email'])){
$email = $_POST['email'];
$pass = $_POST['pass'];
//error handeling
if((!$email)||(!$pass)){
$message = "please insert both fields";
}else{
// secure data
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$query = mysql_query("SELECT * FROM members WHERE email='$email'AND password='$pass'LIMIT 1")or die(mysql_error());
$count_query = mysql_num_rows($query);
if($count_query == 0){
$message = "the information was incorrect!";
}else{
//start the sessions
$_SESSION['pass']=$pass;
while($row = mysql_fetch_array($query)){
$username = $row['username'];
$id = $row['id'];
}
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
Related
i had some problems with this code, seen some guides and arrived to this. I just started php few days ago. How exactly do you do a search of database, then compare the user input to the database username and password?
the $sqlQuery i left it empty for the sql search and maybe someone can explain what you call the "->" symbol in the loop?
I allready managed to understand and do a sign up but the tutorials never explain exactly what is going and just type.
Thanks.
<?php
include 'db.php';
include 'info.php';
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sqlQuery = '';
$result = mysqli_query($connection,$sqlQuery);
if($result->num_rows > 0){
session_start();
echo 'welcome';
}else{
echo 'failed';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Log In</title>
</head>
<body>
<form action="login.php">
Username: <input type="text" name="username">
Username: <input type="password" name="password">
<input type = "submit" value = " Submit "/><br />
</form>
</body>
</html>
PHP PDO login with session - It's secure
index.php,general message.php, logout.php, site life.php (this page for session and put it in the other pages by required)
Database:
connection.php
<?php
$dsn = "mysql:host=localhost;dbname=mg";
$username = "root";
$password = "";
$options = array(
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',
);
try{
$conn = new PDO($dsn,$username,$password,$options);
} catch (PDOException $e){
echo "Error!".$e->getMessage();
}
?>
index.php:
<?php
session_start();
if(isset($_SESSION['user'])){
header("location: general message.php");
}
require "connection.php";
if(isset($_POST['login'])){
$user = $_POST['username'];
$pass = md5($_POST['password']);
$messeg = "";
if(empty($user) || empty($pass)) {
$messeg = "Username/Password con't be empty";
} else {
$sql = "SELECT username, password FROM users WHERE username=? AND
password=? ";
$query = $conn->prepare($sql);
$query->execute(array($user,$pass));
if($query->rowCount() >= 1) {
$_SESSION['user'] = $user;
$_SESSION['time_start_login'] = time();
header("location: general message.php");
} else {
$messeg = "Username/Password is wrong";
}
}
}
?>
Site life.php (and I will put it in the the other pages by require "site life.php")
//The lives of session is one hour 60*60=3600
<?php
session_start();
if(isset($_SESSION['user'])){
if((time() - $_SESSION['time_start_login']) > 3600){
header("location: logout.php");
} else {
$_SESSION['time_start_login'] = time();
}
} else {
header("location: logout.php");
}
?>
logout.php
<?php
session_start();
session_destroy();
header("location: index.php");
?>
General message.php I put this in the header (to make a refresh every hour):
// 60*60=3600 one hour
<meta http-equiv="Refresh" content="3600" >
<?php
require ('site life.php');
?>
The -> is an object operator. so you can access attribute num_rows from $result.
This is the naive example (vulnerable to SQL injection) to give you an idea, it works.
<?php
include 'db.php';
include 'info.php';
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sqlQuery = "SELECT * FROM user WHERE username = '$username' and password = '$password'";
$result = mysqli_query($connection,$sqlQuery);
if($result->num_rows > 0){
session_start();
echo 'welcome';
}else{
echo 'failed';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Log In</title>
</head>
<body>
<form action="login.php">
Username: <input type="text" name="username">
Username: <input type="password" name="password">
<input type = "submit" value = " Submit "/><br />
</form>
</body>
</html>
This is the checklogin.php page. The whole idea is that based on your status (1 or 0) the program should guide you to the right page (red_form or yellow_form). At the moment this code will let me to login no matter who I am (not in database) or then will let me to login as a person from the database, but won't guide me correctly. What am I doing wrong?
<?php
require_once "connection.php";
session_start();
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<?php
if(isset($_POST['submit'])){
$username= $_POST['username'];
$password= sha1($_POST['password']);
$sql = "SELECT * FROM information WHERE username = '$username' AND password
='$password'";
$result = mysqli_query($connection, $sql);
if($result){
echo "Yippii";
} else {
echo "Error";
}
$rowcount = mysqli_num_rows($result);
if($rowcount > 0){
echo "Uspw ok";
$row = mysqli_fetch_assoc($result);
$_SESSION['username'] = $row['username'];
$_SESSION['password'] = $row['password'];
$_SESSION['id'] = $row['id'];
$_SESSION['status'] = $row['status'];
$_SESSION['username'] = $username;
$_SESSION['login'] = true;
echo $_SESSION['username'];
echo $_SESSION['id'];
if($_SESSION['status'] == "1"){
header('Location: red_form.php');
} else {
header('Location: yellow_form.php');
}
}
}
?>
</body>
</html>
You have given "else" condition in the wrong place. Your login is working fine, You can follow the code,
<?php
include("connection.php");
session_start();
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<?php
if(isset($_POST['submit'])){
$username= $_POST['username'];
$password= sha1($_POST['password']);
$sql = "SELECT * FROM chklogin WHERE username = '$username' AND password
='$password'";
$result = mysqli_query($conn, $sql);
if($result){
echo "Yippie";
} else {
echo "Error";
}
$rowcount = mysqli_num_rows($result);
echo ($rowcount);
if($rowcount > 0)
{
echo "Uspw ok";
$row = mysqli_fetch_assoc($result);
$_SESSION['username'] = $row['username'];
$_SESSION['password'] = $row['password'];
$_SESSION['id'] = $row['id'];
$_SESSION['status'] = $row['status'];
$_SESSION['username'] = $username;
$_SESSION['login'] = true;
echo $_SESSION['username'];
echo $_SESSION['id'];
if($_SESSION['status'] == "1"){
header('Location: red_form.php');
}
}
else
{
header('Location: yellow_form.php');
}
}
?>
<form method="post" action="">
<input type="text" name="username" placeholder="enter name"><br><br>
<input type="text" name="password" placeholder="enter password"><br><br>
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>
I was working on my login - register system when i realized i made a problem yet i don't know what it :/
In the index.php page the header should show a welcome guest and link to the login and register page ... and if the gust login show Welcome $username for example.
Yet when i test it ... if i log in it redirect me to the index.php page as i typed in the code yet the msg wont change ...
Here is the codes :
index.php / header.php:
<?php
error_reporting(E_ALL ^ E_NOTICE);
error_reporting(0);
session_start();
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<LINK REL=StyleSheet HREF="css/test-style.css" TYPE="text/css">
</head>
<body id="body">
<div id="header">
<div id="Greeting">
<?php
if ($userid && $username) {
echo "<p>Welcome <b>$username</b></p></p><a href='logout.php'>Logout</a></p>";
} else {
echo "<p>Welcome Guest <br><a href='login.php'>Log in</a> | <a href='register.php'>Register</a></p>";
}
?>
</div>
<div id="logo"><h2>Testing website</h2></div>
</div>
<div id='cssmenu'>
<ul>
<li><a href='#'><span>Test link 1</span></a></li>
<li><a href='#'><span>Test link 2</span></a></li>
<li><a href='#'><span>Test link 3</span></a></li>
<li><a href='#'><span>Test link 4</span></a></li>
</ul>
</div>
<div>
and here is the login.php page :
<?php
error_reporting(E_ALL ^ E_NOTICE);
error_reporting(0);
include 'includes/header.php';
?>
<div id="login">
<h2>Log in</h2>
<?php
if ($_POST['loginbtn']) {
$user = $_POST['user'];
$password = $_POST['pass'];
if ($user) {
if ($password) {
require ("core/connect.php");
$query= mysql_query("SELECT * FROM users WHERE username='$user'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$row = mysql_fetch_assoc($query);
$dbid = $row['id'];
$dbuser = $row['username'];
$dbpass = $row['password'];
$dbactive = $row['active'];
if ($password == $dbpass){
if ($dbactive == 1) {
session_start();
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
header('Location: index.php');
} else {
echo "<font color='red'>You must activate your account to login.</font>";
}
}else {
echo "<font color='red'>You've entered an invalid username or password.</font>";
}
}else{
echo "<font color='red'>You've entered an invalid username or password.</font>";
}
mysql_close();
}else{
echo "<font color='red'>You must enter a password.</font>";
}
} else {
echo "<font color='red'>You must enter a username.</font>";
}
}
?>
<form action="index.php" method="POST">
<font color="black">Username: </font><br><input type="text" name="user"><br><br>
<font color="black">Password: </font><br><input type="password" name="pass"><br><br>
<input type="submit" value="Login" name="loginbtn" />
<br><br>
<font color="black">Don\'t have an account ? Register</font>
</form>
</div>';
<?php include 'includes/footer.php'; ?>
Thanks for reading.
In your login.php you're using this:
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
right after session_start()
You should initialize them before, like this:
$userid = $dbid;
$username = $dbuser;
and them you can set your $_SESSION:
$_SESSION['userid'] = $userid;
$_SESSION['username'] = $username;
In login.php replace
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
to
$_SESSION['userid'] = $dbid;
$_SESSION['username'] = $dbuser;
You actually never set the session variables. Those two line above do that.
Your script needs a lot of work but I just answer the question. Keep learning that's the only way!
i am creating a profile page and a login page where i store the session id and then in the profile file i check if isset or not but the problem that i get is that the system always display an error message and i used print_r($_SESSION); the browser display :
Important data are missingArray ( [first_name] => [email] => )
how to fix this error?????
login.php
<?php
session_start();
error_reporting(E_ALL);
require_once('include/connect.php');
$message = "";
if(!empty($_POST['email']))
{
$email = $_POST['email'];
$pass = $_POST['pass'];
$email = strip_tags($email);
$pass = strip_tags($pass);
$email = mysql_real_escape_string($email);
$pass = mysql_real_escape_string($pass);
//$pass = md5($pass);
$sql=mysql_query( "SELECT user_id, email_address, first_name FROM user WHERE email_address='$email'AND password='$pass'LIMIT 1") or die("error in user table");
$login_check = mysql_num_rows($sql);
if($login_check > 0)
{
$row = mysql_fetch_array($sql);
$id = $row['user_id'];
$_SESSION['user_id'] = $id;
$firstname = $row['first_name'];
$_SESSION['first_name']= $firstname;
$email = $row['email_address'];
$_SESSION['email_address']= $email;
mysql_query("UPDATE user SET last_log_date=now() WHERE user_id='$id'");
header("Location: profile.php");
}//close if
else
{
$message = "incorrect Email or Password!!";
//exit();
}
}//close if
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>RegisterPage</title>
<link href='http://fonts.googleapis.com/css?family=Oswald:400,300' rel='stylesheet' type='text/css' />
<link href='http://fonts.googleapis.com/css?family=Abel|Satisfy' rel='stylesheet' type='text/css' />
<link href="default.css" rel="stylesheet" type="text/css" media="all" />
</head>
<body>
<div id="loginborder">
<p style="color:#FF0000" align="left"><?php print("$message") ?></p>
<!--Login form where user submit his registered email and password-->
<form action="login.php" method="post">
email-address:<br />
<input type="text" name="email" placeholder="Email Adress" />
<br />
<br />
Password:<br />
<input type="password" name="pass" placeholder="Password" />
<br />
<br />
<input type="submit" name="login" value="Login" />
<strong> Register</strong>
</form>
</div>
profile.php
<?php
session_start();
require_once('include/connect.php');
if(isset($_GET['user_id']))
{
$id=$_GET['user_id'];
var_dump($id);
}
elseif(isset($_SESSION['user_id']))
{
$id= $_SESSION['user_id'];
}
else
{
print "Important data are missing";
print_r($_SESSION);
exit();
}
$sql = mysql_query("SELECT * FROM user WHERE user_id='$id'") or die(mysql_error());
$row = mysql_fetch_array($sql);
$firstname=$row['first_name'];
$lastname=$row['last_name'];
$birth_date=$row['birth_date'];
$registered_date=$row['registered_date'];
//***************for upload img*****************//
$check_pic="members/$id/image01.jpg";
$default_pic="members/0/image01.jpg";
if(file_exists($check_pic))
{
$user_pic="<img src=\"$check_pic\"width=\"100px\"/>";
}
else
{
$user_pic="<img src=\"$default_pic\">";
}
echo $id, $firstname, $birth_date;
?>
You need to changes several things
First : get first_name and email in your request
'SELECT user_id,email,first_name FROM user WHERE email_address='$email'AND password='$pass'LIMIT 1'
Second, remove while loop and do
$row = mysql_fetch_array($sql);
You are limiting to 1 result so no need to loop inside result
Change $id=$_SESSION['user_id']; to $_SESSION['user_id'] = $id;
Also, limit to 1 the result from profile and remove loop (user_id => UNIQUE => LIMIT 1)
all you need to do is just store a value in a session variable [$_SESSION['username']] after everything checks out then select the data from the mysql table using the value in the session
----------------------------------for example------------------------------------------------------
on login.php
if($login_check > 0)
{
$_SESSION['email']=$email;//storing variable in SESSION
header("Location: profile.php");
}
else
{
$message = "incorrect Email or Password!!";
die();// kill the script
}
on profile.php
<?php
session_start();// start session
require_once('include/connect.php'); //include connection file
$sql = mysql_query("SELECT * FROM user WHERE email='(mysql_real_escape_string($_SESSION['email']))'") or die(mysql_error());
$row = mysql_fetch_array($sql);
// then just echo all the data you need
?>
i am creating a simple log in form with using of the sessions but the problem that when i press the login it redirect me to index.php but i need to go the home.php. in the logout.php i destroy the session and i redirect to index.php but is someway the login button redirect me to the index.php like ther were no a success in the login process how to fix this error i need so badly .
index.php
<?php
require_once('global.php');
if(#$logged == 1)
{
header("Location: home.php");
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>index page</title>
</head>
<body>
<h1> this is the index page</h1>
Login
</body>
</html>
global.php
<?php
session_start();
require_once('connect.php');
// cheking if the sessions are set
if(isset($_SESSION['username']))
{
$session_username = $_SESSION['username'];
$session_pass = $_SESSION['password'];
$session_id = $_SESSION['id'];
//cheking if the member exist
$query = mysql_query("SELECT * FROM members WHERE id = '".$session_id."' AND password = '".$session_pass."' LIMIT 1") or die("could not select memeber");
$count_count = mysql_num_rows($query);
if($count_count > 0)
{
$logged = 1;
while($row = mysql_fetch_array($query))
{
$session_username = $row['username'];
}
$_SESSION['username'] = $session_username;
$_SESSION['pass'] = $session_pass;
$_SESSION['id'] = $session_id;
}
else
{
header("Location: logout.php");
exit();
}
}
else
{
// if the user not loged in
$logged = 0;
}
?>
login.php
<?php
require_once('global.php');
$message = "";
if(isset($_POST['email']))
{
$email = $_POST['email'];
$pass = $_POST['password'];
// error handling
if((!$email) ||(!$pass))
{
$message = 'please insert both fields';
}
else
{
//secure data
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$query = mysql_query("SELECT * FROM members WHERE email = '".$email."' AND password = '".$pass."'LIMIT 1") or die("could not select data");
$count_query = mysql_num_rows($query);
if($count_query == 0)
{
$message = 'your info was inccorrect';
}
else
{
//start SESSIONS
$_SESSION['pass'] = $pass;
while($row = mysql_fetch_array($query))
{
$username = $row['username'];
$id = $row['id'];
}
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
}
header("Location: home.php");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>login to membership website </title>
</head>
<body>
<h1> login to my website</h1>
<p><?php print("$message"); ?></p>
<form action="login.php" method="post">
<input type="text" name="email" placeholder="email adress" /><br />
<input type="password" name="password" placeholder="password" /><br />
<input type="submit" value="Login" />
</form>
</body>
</html>
home.php
<?php
require_once('global.php');
if($logged == 0)
{
header("Location: index.php");
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<h1>this the home page</h1>
</body>
</html>
logout.php
<?php
session_start();
session_destroy();
/*
if(session_is_registered('username'))
{
echo "you are loged in we can not log you out";
exit();
}
*/
//else
//{
header("Location: index.php");
//}
?>
When you are checking session with $_SESSION['username'], you don't need the logged variable.
you can allow the user to access the page when $_SESSION['username'] exists and if it doesn't redirect him to login page
To be honest this is rather spagetti coded, a bit of a mess, but the problem is that login.php does not set $logged = true so login.php redirects to home.php and then home.php redirects to index.php
So try this
Login.php
<?php
require_once('global.php');
$message = "";
if(isset($_POST['email'])) {
$email = $_POST['email'];
$pass = $_POST['password'];
// error handling
if((!$email) ||(!$pass)) {
$message = 'please insert both fields';
}
else
{
//secure data
$email = mysql_real_escape_string($email);
$pass = sha1($pass);
$query = mysql_query("SELECT * FROM members WHERE email = '".$email."' AND password = '".$pass."'LIMIT 1") or die("could not select data");
$count_query = mysql_num_rows($query);
if($count_query == 0) {
$message = 'your info was inccorrect';
} else {
//start SESSIONS
$_SESSION['pass'] = $pass;
while($row = mysql_fetch_array($query)) {
$username = $row['username'];
$id = $row['id'];
}
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
// NEW LINE
$logged = 1;
}
header("Location: home.php");
}
}
?>