I found a simple PHP login script online & i amended it slightly. I'll admit i'm no expert, but there are 2 main problems here. 1. Users get logged out after about 1 hour, which gets very annoying several times per day. 2. When a user logs out, it doesn't delete the session correctly because if a different user logs in right away, it remembers the old session variables.
<?php
// logout?
$logout = $_GET["logout"];
if($logout == "1") {
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
session_destroy();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 3600,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
$_SESSION['id'] = "";
$_SESSION['username'] = "";
$_SESSION['password'] = "";
$_SESSION['first'] = "";
$_SESSION['last'] = "";
$_SESSION['email'] = "";
$_SESSION['email2'] = "";
$_SESSION['type'] = "";
$_SESSION['links'] = "";
$_SESSION['links2'] = "";
$_SESSION['abbreviation'] = "";
// Finally, destroy the session.
session_start();
session_destroy();
}
//Start the Session
require('connect.php');
session_start();
//3. If the form is submitted or not.
//3.1 If the form is submitted
if (isset($_POST['username']) and isset($_POST['password'])){
//3.1.1 Assigning posted values to variables.
$username = $_POST['username'];
$password = $_POST['password'];
//3.1.2 Checking the values are existing in the database or not
$query = "SELECT * FROM `user` WHERE username='$username' and password='$password'";
$result = mysql_query($query) or die(mysql_error());
$count = mysql_num_rows($result);
while($row = mysql_fetch_array($result))
{
$id = $row['id'];
$first = $row['first'];
$last = $row['last'];
$email = $row['email'];
$email2 = $row['email2'];
$type = $row['type'];
$links = $row['links'];
$links2 = $row['links2'];
$abbreviation = $row['abbreviation'];
$abbreviation2 = $row['abbreviation2'];
}
date_default_timezone_set('America/Los_Angeles');
$timestamp = date('m/d/Y h:i:s', time());
$ip = $_SERVER["REMOTE_ADDR"];
$query2 = "UPDATE user SET lastlogin='$timestamp', ip='$ip' WHERE username='$username' and password='$password'";
$result2 = mysql_query($query2) or die(mysql_error());
//3.1.2 If the posted values are equal to the database values, then session will be created for the user.
if ($count == 1){
$_SESSION['id'] = "$id";
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$_SESSION['first'] = $first;
$_SESSION['last'] = $last;
$_SESSION['email'] = $email;
$_SESSION['email2'] = $email2;
$_SESSION['type'] = $type;
$_SESSION['links'] = $links;
$_SESSION['links2'] = $links2;
$_SESSION['abbreviation'] = $abbreviation;
$_SESSION['abbreviation2'] = $abbreviation2;
}else{
//3.1.3 If the login credentials doesn't match, he will be shown with an error message.
$error = "<br/><center><font color='red'>Your username or password is incorrect. </font></center>";
}
}
//3.1.4 if the user is logged in Greets the user with message
if (isset($_SESSION['username'])){
header('Location: http://www.thrulinela.com/intranet/index.php');
}else{
//3.2 Display login form.
?>