CompleteNewbie

Hello, I have the $_session code working, but after I destroy the session and I am asked to log in again, my browser doesn't ask me for my password and just logs me in. I don't understand because I have destroyed my session and I have deleted the data in $_SESSION and I have deleted the info in the cookie so it shouldn't log me in automatically. I thought it was something in my browser, but I erased my history and I never saved any password. Here's my code: This is the welcome page <?php require_once 'login.php'; $connection = new mysqli($db_hostname, $db_username, $db_password, $db_database); if ($connection->connect_error) die($connection->connect_error); if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { $un_temp = mysql_entities_fix_string($connection, $_SERVER['PHP_AUTH_USER']); $pw_temp = mysql_entities_fix_string($connection, $_SERVER['PHP_AUTH_PW']); $query = "SELECT * FROM users WHERE username='$un_temp'"; $result = $connection->query($query); if (!$result) die($connection->error); elseif ($result->num_rows) { $row = $result->fetch_array(MYSQLI_NUM); $result->close(); $salt1 = "qm&h*"; $salt2 = "pg!@"; $token = hash('ripemd128', "$salt1$pw_temp$salt2"); if ($token == $row[3]) { session_start(); $_SESSION['username'] = $un_temp; $_SESSION['password'] = $pw_temp; $_SESSION['forename'] = $row[0]; $_SESSION['surname'] = $row[1]; echo "$row[0] $row[1] : Hi $row[0], you are now logged in as '$row[2]'"; die("<p><a href=continue.php>Click here to continue</a></p>"); } else die("Invalid username/password combination"); } else die("Invalid username/password combination"); } else { header('WWW-Authenticate: Basic realm="Restricted Section"'); header('HTTP/1.0 401 Unauthorized'); die("Please enter your username and password"); } $connection->close(); function mysql_entities_fix_string($connection, $string) { return htmlentities(mysql_fix_string($connection, $string)); } function mysql_fix_string($connection, $string) { if (get_magic_quotes_gpc()) $string = stripslashes($string); return $connection->real_escape_string($string); } ?> and this is the other page: <?php session_start(); if(isset($_SESSION['username'])) { $username = $_SESSION['username']; $password = $_SESSION['password']; $forename = $_SESSION['forename']; $surname = $_SESSION['surname']; destroy_session_and_data(); echo "Welcome back $forename. <br> Your full name is $forename $surname.<br> Your username is '$username' and your password is '$password'."; } else echo "Please <a href='authenticate2.php'>Click here</a> to log in."; function destroy_session_and_data() { $_SESSION = array(); setcookie(session_name(), '', time() - 2592000,'/'); session_destroy(); } ?> When I type the website in i first get prompt to enter my password, when I am authenticated the webpage says: You are now logged in click here to continue. When I do I am directed to another page which confirms that I am still logged in. Then I press refresh and the webpage asks me to "Click here to log in". I do, but it doesn't ask me for my password again. Why? My personal info should be destroyed. Thank you for responding. It's greatly appreciated

i just found the problem 😅 while checking your proposition i realised i wrote $rows with an 's'... Now it works

I'm trying to recreate the code from PHP, mysql, javascript, CSS and HTML from O'reily, but i can't make it work Here's the code I added: $query = "select * from classics"; $result = $connection->query($query); if (!$result) die ("Database access failed: " . $connection->error); $rows = $result->num_rows; for ($j=0; $j < $rows; ++$j) { $result->data_seek($j); $row = $result->fetch_array(MYSQLI_NUM); echo <<<_END <pre> Author $rows[0] Title $rows[1] Category $rows[2] Year $rows[3] ISBN $rows[4] </pre> _END; } Here's the error i receive: Notice: Trying to access array offset on value of type int in /var/www/html/test/mysqlitest.php on line 53 I didn't put all the code because everything else works well, i can connect to mysql and add stuff, but i can retrieve stuff using fetch_array['author'] but fetch_array(MYSQLI_NUM) doesn't work. I've tried things from the web but I've only been doing php for a week so my knowledge is quite limited. Thank you for your time.