PHP not unsetting the session variable, or something like that..

[chokitofrito]

1. OK, I'm trying to learn how to build a log-in form. I'm using PHP and mySQL the latest versions.

there are two types of users in the database, type A which is a regular user and type S which is a power user. Whenever I login as either, it always show Type <type here> (Power User) it always says power user regardless of the real type (it should say regular/limited user for type A)

 

2. also, whenever i log in as a power user, then logout, then login as a regular user, the type i see is type S, then when i hit refresh, it will turn to type A (but it still says power user)

 

i've tried clearing the cache between logins, nothing.

 

anyways, here is the code:

 

index.php

<?php

session_start();

if(isset($_SESSION['username'])){
require_once('includes/login_functions.inc.php');
$url = absolute_url('logged_in.php');
header("Location: $url");
exit();
}

unset($_SESSION['username']);
unset($_SESSION['type']);
unset($_SESSION['user_id']);

if(isset($_POST['submitted'])){

require_once('includes/login_functions.inc.php');
require_once('mysqli_connect.php');

list($check, $errors, $username, $type, $user_id) = check_login($dbc, $_POST['username'], $_POST['pass']);

if($check){
	$_SESSION['username'] = $username;
	$_SESSION['type'] = $type;
	$_SESSION['user_id'] = $user_id;

	$url = absolute_url('logged_in.php');
	header("Location: $url");
	exit();
}

mysqli_close($dbc);
}

include_once("includes/header.html");

if(!empty($errors)){
echo '<div id="errors"><p>';
foreach($errors as $msg){
	echo "$msg<br />\n";
}
echo '</p></div>';
}

?>

<div id="login">
<form action="index.php" method="POST">
	<fieldset><legend>Login</legend>
		<p><label>Username:</label> <input type="text" name="username" size="20" maxlength="20" class="input" value="jchan" /></p>
		<p><label>Password:</label> <input type="password" name="pass" size="20" maxlength="20" class="input" value="china" /></p>
		<label>  </label><input type="submit" name="submit" value="Login" class="btn" />
		<input type="hidden" name="submitted" value="TRUE" />
	</fieldset>
</form>
</div>

<?php
include_once("includes/footer.html");
?>

 

login_functions.inc.php

<?php
function absolute_url($page = 'index.php'){
$url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url = rtrim($url, '/\\');
$url .= '/'.$page;
return $url;
}

function check_login($dbc, $username = '', $pass = ''){
$errors = array();

if(empty($username)){
	$errors[] = "Enter your username.";
}else{
	$u = mysqli_real_escape_string($dbc, trim($username));
}

if(empty($pass)){
	$errors[] = "Enter your password.";
}else{
	$p = mysqli_real_escape_string($dbc, trim($pass));
}

if(empty($errors)){
	$q = "SELECT username, type, user_id FROM accounts WHERE username='$u' AND password=SHA1('$p')";
	$r = @mysqli_query($dbc, $q);

	if(mysqli_num_rows($r) == 1){
		$row = mysqli_fetch_array($r, MYSQLI_ASSOC);
		return array(true, $errors, $row['username'], $row['type'], $row['user_id']);
	}else{
		$errors[] = 'Invalid credentials.';
	}
}
return array(false, $errors, null, null, null);
}
?>

 

logged_in.php

<?php

session_start();

if(isset($_SESSION['username'])){
include_once("includes/header.html");
echo 'Username: '.$_SESSION['username'].'<br />';
echo 'Type: '.$_SESSION['type'].' (';
if($_SESSION['type']='S'){
	echo 'Power user';
}else{
	echo 'Limited';
}
echo ')<br />User ID: '.$_SESSION['user_id'];
include_once("includes/footer.html");
}else{
require_once('includes/login_functions.inc.php');
$url = absolute_url('index.php');
header("Location: $url");
exit();
}



?>

 

Can anyone help me please?

[Sulman]

in your logged_in.php you have a problem. Your are assigning S to $_SESSION['type'] (by using single equal sign) rather than comparing:

 

if($_SESSION['type']='S'){

 

So try changing that line to:

 

if($_SESSION['type']=='S'){