beginer problems with sessions.

[benjipie]

Hi,

I'm learning PHP through the book 'PHP and MySQL Web Development' and im a bit stuck with a basic log in system.  the url is here...http://www.eslgroups.com/authmain.php

 

The system works like this:

  The user enters a password (which is a set password and username), once this is entered correctly the user is then presented with options, 1. to log out, 2. to go to a 'members page'. 

 

This is where my problems start. 

If i click on the 'log out' button (after i've logged in) i'm told that I wasn't logged in.  Also after I've logged in and click on the 'members only page ' again, I'm told I cant see the members page because I'm not logged in. 

 

I have a feeling its something to do with the session, but im new to PHP and MySQL so not to sure. 

 

I have posted the code below. 

 

This is the code for the 'home page' (authmain.php).

 
<?php
session_start();

if (isset($_POST['userid']) && isset($_POST['password'])) {
    //if the user has just tried to log in
    $userid = $_POST['userid'];
    $password = $_POST['password'];
    
    $db_conn = new mysqli ('myserver.com', 'username', 'password', 'databasename');
    
    if (mysqli_connect_errno()) {
        echo 'connection to database failed: '.mysqli_connect_error();
        exit();
    }
    
    $query = 'select * from authorised_users '
              ."where name = '$userid' "
              ." and password=sha1('$password')";
    
    $result  = $db_conn->query($query);
    if ($result ->num_rows) {
        //if they are in the database register the user id;
        $_SESSION['valid_user'] = $userid;
    }
    $db_conn -> close();
}   
        
?>

<html>
<body>
<h1> Home Page</h1>
<?php
if (isset($_SESSION['valid_user'])) {
    echo 'you are logged in as: '.$_SESSION['valid_user'].'<br />';
    echo '<a href="logout.php">Log Out</a><br />';
} else {
    if (isset($userid)) {
        //if they've tried to log in and failed;
        echo 'Could not log you in. <br />';
    }else{
        //they have not tried to log in yet or have logged out;
        echo 'You are not loggin in.<br />';
    }
    
    //provide form to log in;
    echo '<form method = "post" action ="authmain.php">';
    echo '<table>';
    echo '<tr><td>userid:</td>';
    echo '<td><input type="text" name="userid"></td></tr>';
    echo '<tr><td>Password:</td>';
    echo '<td><input type="password" name="password"></td></tr>';
    echo '<tr><td colspan="2" align="center">';
    echo '<input type="submit" value="Log in"></td></tr>';
    echo '</table></form>';
}
?>
<br />
<a href="members_only.php">Members section</a>
</body>
</html>
    

</body>
</html>

 

 

This is the log out code

 
<?php
session_start();

//store to test if they *were* logged in

$old_user = $_SESSION['valid_user'];
unset($_SESSION['valid_user']);
session_destroy();
?>

<html>
<body>
<h1>Log out</h1>
<?php
if (!empty($old_user)) {
    echo 'logged out. <br />';
} else {
    //if they weren't logged in but came to this page somehow
    echo 'You were not logged in so you were not logged out. <br />';
}
?>
<a href="authmain.php">back to main pages</a>
</body>
</html>

 

and finally..this is the 'mambers only page'

 

<?php
session_start();
echo '<h1>Members Only</h1>';

//check session variables;
if (isset($_SESSION['valid_user'])) {
    echo 'You are logged in as '.$_SESSION['valid_user'].'</p>';
    echo 'Members only content goes here </p>';
} else {
    echo 'You are not logged in.</p>';
    echo '<p>Only logged in members may see this page</p>';
}
echo '<a href="authmain.php">Back to main pages </a>';

?>

 

 

Thanks for any help..

Ben.

[gijew]

Instead of using session_destroy() try unset($_SESSION['valid_user']).

 

Reference: http://us2.php.net/session_destroy

[benjipie]

thanks gijew for the reply. 

 

I have unset($_SESSION['valid_user']) already in the log out script. 

 

BTW the password for the log in system is userid: testuser, password: password

 

Thanks again.