Page 1 of 1

Killing a login session

Posted: Sat Nov 13, 2010 8:40 am
by barffy
Hi,

Ive created a login script To allow access to a site im building.

The log in works fine but im having trouble keeping users from directly entering the url and gaining access. I presume i am able to access this because the session is still active on my test machine (locahost). Try as i might i cant kill the session! is there any way of telling if a session is still active?

Sorry for the silly question but im very new to php.

This is the login:

Code: Select all

<?php
//start a session

session_start();

// Connect to server and select database.
$con = mysql_connect("localhost","root","root");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("3355405", $con);

// username and password from login form 

$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

//encrypt password

$encrypted_mypassword = md5($mypassword);



// To protect from MySQL injection using real escape string

$myusername = stripslashes($myusername);
$mypassword = stripslashes($encrypted_mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($encrypted_mypassword);

//query the database to establish a valid log on 

$sql="SELECT * FROM users WHERE username='$myusername' 
AND password='$encrypted_mypassword'";
$result=mysql_query($sql);


// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $encrypted_mypassword and redirect to file "login_success.php"

session_register('myusername');
session_register("encrypted_mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

mysql_close($con)
?>
This is checks the login:

Code: Select all

<?PHP

session_start();

if (!(isset($myusername) || !isset($mypassword)) ) {
header ("Location: http://localhost/xampp/LearningPHP/systemloginform.php");
}



?>

<html>
<body>




<br>
<br>
<A HREF = killsession.php>Log out</A>


</body>
</html>
and im trying to kill it with this:

Code: Select all

<?php
session_start();
session_destroy();


Thanks for any guidance given,

Harry
?> 

Re: Killing a login session

Posted: Sat Nov 13, 2010 12:56 pm
by requinix

Code: Select all

if (!(isset($myusername) || !isset($mypassword)) ) {
1. Your logic is messed up. Move some of those !s and ()s around.
2. You have to get the values from $_SESSION first. It's the same way/reason your login script gets values from $_POST.