DigitalGuard Posted March 11, 2008 Share Posted March 11, 2008 Hello, I'm using the following script to login in to my member area pass.php <?php if ($_POST["username"]=="") { ?> <html> <title>Our private pages</title> <body> In order to access this pages fill the form below:<BR> <form method="post" action="pass.php"> Username: <input type="text" name="username" size="20"><BR> Password: <input type="password" name="password" size="15"><BR> <input type="Submit" value="Submit"> </form> </body> </html> <?php }else{ $username=$_POST["username"]; $password=$_POST["password"]; session_start(); if ($username=="Joe" AND $password=="hi"){ $permission="yes";} if ($username=="Peter" AND $password=="hello"){ $permission="yes";} $username=$_POST["username"]; session_register("permission"); session_register("username"); if ($permission=="yes"){ ?> <html> <title>Our private pages</title> <body> Hi, you are allow to see these pages: <BR> <A HREF="page1.php">Page 1</A><BR> <A HREF="page2.php">Page 2</A><br> <a href="destroy.php">Log Off</a> </body> </html> <?php }else{ ?> Error in username or password <?php } ?> <?php } ?> My page1 has the following code: <?php session_start(); if ($permission=="yes") { ?> <html> <title>Page 1</title> <body> Hi, welcome to Page 1 <BR> This page is empty at the moment, but it will be very interesting in the next future </body> </html> <?php }else{ ?> You are not allowed to access this page <?php } ?> I have a page called destroy.php and it has the following: <?php session_destroy(); unset($_SESSION['permission']); echo "Session Died"; ?> My problem is, I can log in and see the page1, after loggin in but when i want to log off the session, i tried unset & destroy, and it just wont log off, on the login page, it goes to the page and i can type in user: (anything) password (anything) and it will still log in and page1 wont even check security cause it thinks its logged. Thanks DigitalGuard Quote Link to comment Share on other sites More sharing options...
Northern Flame Posted March 11, 2008 Share Posted March 11, 2008 on the first script dont use session register, just do $_SESSION['permission'] = "yes"; and do that for the rest of your session variables and on the second page when you're checking for the permission do use $permission do it like this: if($_SESSION['permission'] == "yes"){ // execute code.... } else{ // execute code } Quote Link to comment Share on other sites More sharing options...
DigitalGuard Posted March 11, 2008 Author Share Posted March 11, 2008 on the first script dont use session register, just do $_SESSION['permission'] = "yes"; and do that for the rest of your session variables and on the second page when you're checking for the permission do use $permission do it like this: if($_SESSION['permission'] == "yes"){ // execute code.... } else{ // execute code } Tried this, but not page1.php wont even see the session, it always says not allowed.... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.