Session help

[bamfon]

People please help me i beg you, been trying to do this same thing for the past 4hours (-) close to giving up on php and learning a new languages :S

 

Well as I was updating my login/sign up because its old and it was not very safe.

 

Now my session are not working, well they work when i set them but it wont destroy so you cant log out. I have tryed doing 100 ways but i get one error or another or it dont work out all.

 

login page

<?php session_start();

require_once "../config.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>



<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Admin CP</title>





<?php

$flag=0;
if(isset($_POST['Submit']))
{
$con = database_connect();


$username = $_POST['username'];
$password = $_POST['password'];
clean($username);
clean($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
mysql_close($con);
$md5password= md5($password);

database_connect();

$sql="select * from $membertables WHERE username='$username' and password='$md5password' and (userlevel='1' or userlevel='2') ";
$res=mysql_query($sql);
if(!$res)
{
die('error in database');
}
$row=mysql_fetch_array($res);
if(mysql_num_rows($res)>0)
{

$_SESSION['logged_in'] ="loggedin";
$_SESSION['userid']=$row['uid'];
$_SESSION['username']=$row['username'];
$_SESSION['userlevel']=$row['userlevel'];
session_write_close();
header('location:welcome.php');
}
else
{
$_SESSION['logged_in'] = "notloggedin";
$flag=1;
}
}
?>



<script language="javascript">
function valid()
{
if(document.frm1.txtuname.value=="")
{
alert('Enter User-ID');
document.frm1.txtuname.focus();
return false;
}
if(document.frm1.txtpass.value=="")
{
alert('Enter Password');
document.frm1.txtpass.focus();
return false;
}
}
</script>


<!-- CSS -->
<link href="style/css/transdmin.css" rel="stylesheet" type="text/css" media="screen" />
<!--[if IE 6]><link rel="stylesheet" type="text/css" media="screen" href="style/css/ie6.css" /><![endif]-->
<!--[if IE 7]><link rel="stylesheet" type="text/css" media="screen" href="style/css/ie7.css" /><![endif]-->

<!-- JavaScripts-->
<script type="text/javascript" src="style/js/jquery.js"></script>
<script type="text/javascript" src="style/js/jNice.js"></script>
</head>

<body>
<div id="wrapper">
    	<!-- h1 tag stays for the logo, you can use the a tag for linking the index page -->
    	<h1><a href="#"><span>Transdmin Light</span></a></h1>
        
        <!-- You can name the links with lowercase, they will be transformed to uppercase by CSS, we prefered to name them with uppercase to have the same effect with disabled stylesheet -->
        <ul id="mainNav">
        	<li></li> 
        	<!-- Use the "active" class for the active menu item  -->
        	<li></li>
        	<li></li>
        	<li class="logout"></li>
        </ul>
        <!-- // #end mainNav -->
        
  <div id="containerHolder">
		<div id="container"><!-- // #sidebar -->

                <!-- h2 stays for breadcrumbs -->
              <h2>Login »</h2>
                
              <div id="main">
              
              
                  <form action="index.php" method="post" name="frm1" id="frm1" onSubmit="return valid();">

                <table width="100%" border="0" cellpadding="0" cellspacing="0"">
                 
                    
                    <tr>
                      <td align="left"><table border="0" cellpadding="5" cellspacing="1" width="576">
                       
                       
                        <tbody>
                          <tr>
                            <td colspan="2" align="center"><br />
                              Please enter your User Name and password below.<br /></td>
                          </tr>
                          
                          
                          
                          <?php   if($flag==1)  {  ?>
                          <tr>
                            <td width="333" align="center" style="background-color: #F00; text-decoration: underline; color: #FF0;" ><p>Enter Valid User-Name or Password </p></td>
                          </tr>
                          
                          
                          
                          <?php	}	?>
                          
                          
                          
                          <tr>
                            <td align="right" >User Name:</td>
                            <td width="344"><input style="background-color: rgb(221, 234, 248);" class="form_text" id="username" name="username" />
                            <script language="JavaScript" type="text/javascript">document.getElementById('txtuname').focus(); </script></td>
                          </tr>
                          
                          
                          <tr>
                            <td align="right">Password:</td>
                            <td><input class="form_text" id="password" name="password" type="password" /></td>
                          </tr>
                          
                          
                          <tr>
                            <td> </td>
                            <td> <input class="buttons" value="sign me in" name="Submit" type="submit" id="Submit" /> </td>
                          </tr>
                          
                          <tr>
                            <td style="height: 30px;"> </td>
                            <td> </td>
                          </tr> 
                           
                      </table>
                      </td>
                    </tr>
                 </tbody>
                </table>
             
                </form>
              </div>
                <!-- // #main -->
                
              <div class="clear"></div>
            </div>
            <!-- // #container -->
        </div>	
        <!-- // #containerHolder -->
        
        <p id="footer"><?php echo $footer ?></p>
    </div>
    <!-- // #wrapper -->
</body>
</html>

 

 

 

<?php
session_start();
if($_SESSION['logged_in']="loggedin");
else{
 header('location:index.php');
}

?>

 

 

 

 

sign out page

<?php
session_start();

session_unset();
session_destroy();
header('location:index.php');
?>

[PaulRyan]

<?php
session_start();
if($_SESSION['logged_in']="loggedin");
else{
header('location:index.php');
}
?>

 

This section of code doesn't even make sense... are you trying to compare the $_SESSION['logged_in'] value or setting the value?

 

Also, session_write_close() is not actually necessary as far as I am aware?

 

Regards, PaulRyan.

[bamfon]

wow you just pointed it out to me  it should be

 

<?php

session_start();

if($_SESSION['logged_in']=="loggedin");

else{

header('location:index.php');

}

?>

[PaulRyan]

Wouldn't the following be better?

<?php
  session_start();
  if($_SESSION['logged_in'] != 'loggedin') {
    header('location:index.php');
  }
?>

 

Regards, PaulRyan.

[bamfon]

Well they both do the same thing. I will use your way as looks more tidy