[problem with ending a session]

Hello,

I have the $_session code working, but after I destroy the session and I am asked to log in again, my browser doesn't ask me for my password and just logs me in.

I don't understand because I have destroyed my session and I have deleted the data in $_SESSION and I have deleted the info in the cookie so it shouldn't log me in automatically. I thought it was something in my browser, but I erased my history and I never saved any password.

Here's my code:

This is the welcome page

<?php
    require_once 'login.php';
    $connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
    
    if ($connection->connect_error) die($connection->connect_error);
    
    if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']))
    {
        $un_temp = mysql_entities_fix_string($connection, $_SERVER['PHP_AUTH_USER']);
        $pw_temp = mysql_entities_fix_string($connection, $_SERVER['PHP_AUTH_PW']);
        
        $query = "SELECT * FROM users WHERE username='$un_temp'";
        $result = $connection->query($query);
        
        if (!$result) die($connection->error);
        elseif ($result->num_rows)
        {
            $row = $result->fetch_array(MYSQLI_NUM);
            
            $result->close();
            
            $salt1 = "qm&h*";
            $salt2 = "pg!@";
            
            $token = hash('ripemd128', "$salt1$pw_temp$salt2");
            
            if ($token == $row[3])
            {
                session_start();
                $_SESSION['username'] = $un_temp;
                $_SESSION['password'] = $pw_temp;
                $_SESSION['forename'] = $row[0];
                $_SESSION['surname'] = $row[1];
                
                echo "$row[0] $row[1] : Hi $row[0], you are now logged in as '$row[2]'";
                
                die("<p><a href=continue.php>Click here to continue</a></p>");
            }
            else die("Invalid username/password combination");
        }
        else die("Invalid username/password combination");
    }
    else
    {
        header('WWW-Authenticate: Basic realm="Restricted Section"');
        header('HTTP/1.0 401 Unauthorized');
        die("Please enter your username and password");
    }
    $connection->close();
        
    function mysql_entities_fix_string($connection, $string)
    {
        return htmlentities(mysql_fix_string($connection, $string));
    }
        
    function mysql_fix_string($connection, $string)
    {
        if (get_magic_quotes_gpc()) $string = stripslashes($string);
        return $connection->real_escape_string($string);
    }
?>

and this is the other page:

<?php
    session_start();
    
    if(isset($_SESSION['username']))
    {
        $username = $_SESSION['username'];
        $password = $_SESSION['password'];
        $forename = $_SESSION['forename'];
        $surname = $_SESSION['surname'];
        
        destroy_session_and_data();
        
        echo "Welcome back $forename. <br>
            Your full name is $forename $surname.<br>
            Your username is '$username'
            and your password is '$password'.";
    }
    
    else echo "Please <a href='authenticate2.php'>Click here</a> to log in.";
    
    function destroy_session_and_data()
    {
        $_SESSION = array();
        setcookie(session_name(), '', time() - 2592000,'/');
        session_destroy();
    }
?>

 

When I type the website in i first get prompt to enter my password, when I am authenticated the webpage says: You are now logged in click here to continue. When I do I am directed to another page which confirms that I am still logged in. Then I press refresh and the webpage asks me to "Click here to log in". I do, but it doesn't ask me for my password again. Why? My personal info should be destroyed.

Thank you for responding. It's greatly appreciated

 

 

 

[MYSQLI_NUM does't work]

i just found the problem 😅

while checking your proposition i realised i wrote $rows with an 's'...

Now it works

[MYSQLI_NUM does't work]

I'm trying to recreate the code from PHP, mysql, javascript, CSS and HTML from O'reily, but i can't make it work

 

Here's the code I added:

       

        $query = "select * from classics";
        $result = $connection->query($query);
        if (!$result) die ("Database access failed: " . $connection->error);
        $rows = $result->num_rows;
        for ($j=0; $j < $rows; ++$j)
        {
            $result->data_seek($j);
            $row = $result->fetch_array(MYSQLI_NUM);
        echo <<<_END
        <pre>
        Author        $rows[0]
        Title            $rows[1]
        Category    $rows[2]
        Year            $rows[3]
        ISBN           $rows[4]
        </pre>    
        _END;
        }
 

Here's the error i receive:

Notice: Trying to access array offset on value of type int in /var/www/html/test/mysqlitest.php on line 53

I didn't put all the code because everything else works well, i can connect to mysql and add stuff, but i can retrieve stuff using fetch_array['author'] but fetch_array(MYSQLI_NUM) doesn't work.

I've tried things from the web but I've only been doing php for a week so my knowledge is quite limited.

Thank you for your time.