DigitalGuard Posted March 11, 2008 Share Posted March 11, 2008 Hello, I'm using the following script to login in to my member area pass.php <?php if ($_POST["username"]=="") { ?> <html> <title>Our private pages</title> <body> In order to access this pages fill the form below:<BR> <form method="post" action="pass.php"> Username: <input type="text" name="username" size="20"><BR> Password: <input type="password" name="password" size="15"><BR> <input type="Submit" value="Submit"> </form> </body> </html> <?php }else{ $username=$_POST["username"]; $password=$_POST["password"]; session_start(); if ($username=="Joe" AND $password=="hi"){ $permission="yes";} if ($username=="Peter" AND $password=="hello"){ $permission="yes";} $username=$_POST["username"]; session_register("permission"); session_register("username"); if ($permission=="yes"){ ?> <html> <title>Our private pages</title> <body> Hi, you are allow to see these pages: <BR> <A HREF="page1.php">Page 1</A><BR> <A HREF="page2.php">Page 2</A><br> <a href="destroy.php">Log Off</a> </body> </html> <?php }else{ ?> Error in username or password <?php } ?> <?php } ?> My page1 has the following code: <?php session_start(); if ($permission=="yes") { ?> <html> <title>Page 1</title> <body> Hi, welcome to Page 1 <BR> This page is empty at the moment, but it will be very interesting in the next future </body> </html> <?php }else{ ?> You are not allowed to access this page <?php } ?> I have a page called destroy.php and it has the following: <?php session_destroy(); unset($_SESSION['permission']); echo "Session Died"; ?> My problem is, I can log in and see the page1, after loggin in but when i want to log off the session, i tried unset & destroy, and it just wont log off, on the login page, it goes to the page and i can type in user: (anything) password (anything) and it will still log in and page1 wont even check security cause it thinks its logged. Thanks DigitalGuard Link to comment https://forums.phpfreaks.com/topic/95562-new-help-on-session-and-ending-session/ Share on other sites More sharing options...
Northern Flame Posted March 11, 2008 Share Posted March 11, 2008 on the first script dont use session register, just do $_SESSION['permission'] = "yes"; and do that for the rest of your session variables and on the second page when you're checking for the permission do use $permission do it like this: if($_SESSION['permission'] == "yes"){ // execute code.... } else{ // execute code } Link to comment https://forums.phpfreaks.com/topic/95562-new-help-on-session-and-ending-session/#findComment-489230 Share on other sites More sharing options...
DigitalGuard Posted March 11, 2008 Author Share Posted March 11, 2008 on the first script dont use session register, just do $_SESSION['permission'] = "yes"; and do that for the rest of your session variables and on the second page when you're checking for the permission do use $permission do it like this: if($_SESSION['permission'] == "yes"){ // execute code.... } else{ // execute code } Tried this, but not page1.php wont even see the session, it always says not allowed.... Link to comment https://forums.phpfreaks.com/topic/95562-new-help-on-session-and-ending-session/#findComment-489547 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.