Search the Community

Hi all, I have another problem associated with logins using sessions and stuff. On my machine I have Apache and mysql installed. The browser I use is Google Chrome. Everything is working fine. There is a very simple login system which, like all login systems, has a ID and password field. The user has to fill in the ID and password and these are checked against a database and the user is logged in. However before the ID and password are checked, the code checks if the $_session variable is set to and if it is it declares that the user is logged in and redirects the user to a secure page. There the user sees a personalised message and can logout. This is what is desired but this is not happening. Find below the code. There are 5 files namely 1. index.php, 2. loginproc.php 3. securedpage.php 4. logout.php and 5. config.inc In the file INDEX.PHP,is the following bit of code ///////////////// CODE NEVER TRAVERSED ///////////////////// RED RED RED ////////////// // Check, if user is already login, then jump to secured page if (isset($_SESSION['username'])) { echo $_SESSION['username']. "Already Logged in @ index 8"; echo " You are being logged out as you have logged in from another page "; session_destroy(); header('Location: index.php'); ///////////////// CODE NEVER TRAVERSED ///////////////////// RED RED RED ////////////// which never gets executed and I wonder why. These lines check at the outset if the user is logged in. If he is logged in and an attempt is made to login again these lines should be executed terminating the first session or at least that's what I want but for some baffling reason that does not occur. I try and create that scenario as follows. I log into the system once thru google chrome. Then i use another tab to login using the same ID and password. And to my surprise i am logged in and reach the secured page again. So I then have 2 logins on 2 different browser pages by the same ID and in both browsers the secured page is displayed. What I am trying is ofcourse that once a person is logged in and another login attempt is made, the first session be destroyed and a notification to that displayed on the first logged in browser page. I am unable to see where the mistake lies. I would be most grateful for any help and suggestions. Thanks all. <?php ///////// INDEX.PHP ///////////////////// // Inialize session session_start(); ///////////////// CODE NEVER TRAVERSED ///////////////////// RED RED RED ////////////// // Check, if user is already login, then jump to secured page if (isset($_SESSION['username'])) { echo $_SESSION['username']. "Already Logged in @ index 8"; echo " You are being logged out as you have logged in from another page "; session_destroy(); header('Location: index.php'); ///////////////// CODE NEVER TRAVERSED ///////////////////// RED RED RED ////////////// } else { echo " Hi new user ";} if (isset($_SESSION['username'])) {echo $_SESSION['username']."Already Logged in @ index 14";} ?> <html> <head> <title>PHPMySimpleLogin 0.3</title> </head> <body> <h3>User Login</h3> <table border="0"> <form method="POST" action="loginproc.php"> <tr><td>Username</td><td>:</td><td><input type="text" name="username" size="20"></td></tr> <tr><td>Password</td><td>:</td><td><input type="password" name="password" size="20"></td></tr> <tr><td> </td><td> </td><td><input type="submit" value="Login"></td></tr> </form> </table> </body> </html> <?php ///////// LOGINPROC.PHP //////////// // Inialize session session_start(); // Include database connection settings include('config.inc'); // Retrieve username and password from database according to user's input $login = mysql_query("SELECT * FROM members WHERE (Username = '" . mysql_real_escape_string($_POST['username']) . "') and (Password = '" . mysql_real_escape_string($_POST['password']) . "')"); echo " Login = $login"; // Check username and password match if (mysql_num_rows($login) == 1) { // Set username session variable echo " Ok Hi there - Welcome "; $_SESSION['username'] = $_POST['username']; // Jump to secured page header('Location: securedpage.php'); } else { // Jump to login page echo " Can't find you"; //header('Location: index.php'); } ?> <?php /////////////////// SECURED PAGE //////////////////// // Inialize session session_start(); // Check, if username session is NOT set then this page will jump to login page if (!isset($_SESSION['username'])) { header('Location: index.php'); } else { echo " Welcome". $_SESSION['username']; } ?> <html> <head> <title>Secured Page</title> </head> <body> <p>This is secured page with session: <b><?php echo $_SESSION['username']; ?></b> <br>You can put your restricted information here.</p> <p><a href="logout.php">Logout</a></p> </body> </html> This is content of ‘logout.php’: <? <?php /////////// LOGOUT. PHP /////////////////// // Inialize session session_start(); // Delete certain session unset($_SESSION['username']); // Delete all session variables session_destroy(); // Jump to login page header('Location: index.php'); ?> <?php ////CONFIG.INC ///////////////// $hostname = 'localhost'; // Your MySQL hostname. Usualy named as 'localhost', so you're NOT necessary to change this even this script has already online on the internet. $dbname = 'test'; // Your database name. $username = 'root'; // Your database username. $password = ''; // Your database password. If your database has no password, leave it empty. // Let's connect to host mysql_connect($hostname, $username, $password) or DIE('Connection to host is failed, perhaps the service is down!'); // Select the database mysql_select_db($dbname) or DIE('Database name is not available!'); ?>