Killing a login session
Posted: Sat Nov 13, 2010 8:40 am
Hi,
Ive created a login script To allow access to a site im building.
The log in works fine but im having trouble keeping users from directly entering the url and gaining access. I presume i am able to access this because the session is still active on my test machine (locahost). Try as i might i cant kill the session! is there any way of telling if a session is still active?
Sorry for the silly question but im very new to php.
This is the login:
This is checks the login:
and im trying to kill it with this:
Ive created a login script To allow access to a site im building.
The log in works fine but im having trouble keeping users from directly entering the url and gaining access. I presume i am able to access this because the session is still active on my test machine (locahost). Try as i might i cant kill the session! is there any way of telling if a session is still active?
Sorry for the silly question but im very new to php.
This is the login:
Code: Select all
<?php
//start a session
session_start();
// Connect to server and select database.
$con = mysql_connect("localhost","root","root");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("3355405", $con);
// username and password from login form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
//encrypt password
$encrypted_mypassword = md5($mypassword);
// To protect from MySQL injection using real escape string
$myusername = stripslashes($myusername);
$mypassword = stripslashes($encrypted_mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($encrypted_mypassword);
//query the database to establish a valid log on
$sql="SELECT * FROM users WHERE username='$myusername'
AND password='$encrypted_mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $encrypted_mypassword and redirect to file "login_success.php"
session_register('myusername');
session_register("encrypted_mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
mysql_close($con)
?>
Code: Select all
<?PHP
session_start();
if (!(isset($myusername) || !isset($mypassword)) ) {
header ("Location: http://localhost/xampp/LearningPHP/systemloginform.php");
}
?>
<html>
<body>
<br>
<br>
<A HREF = killsession.php>Log out</A>
</body>
</html>Code: Select all
<?php
session_start();
session_destroy();
Thanks for any guidance given,
Harry
?>