Page 1 of 1

[SOLVED]Something wrong with sessions ... not sure how ...

Posted: Mon Sep 25, 2006 7:49 pm
by HormonX
I am not sure what i have done wrong and why things are happeing the way they are. I will try veru briefly explain what is happening. I am working on a failry simple website with a very .. and i mean very basic back-end admin page for the owner of the site. I will post code later on, just want to explain in simple terms what is happening.

In the back-end admin i gave him ability to change the password. Once the password is changed, i can't propertly logout or log in for that matter. I belive that the session is getting screwed when the password changed. Oddly enough even thou i close borwser ( IE & FireFox ) i can't login / logout propertly. I could use any login and password and enter the site.

Please keep in mind this is not very comples as are my php skills.

If you can help me with this that would be great.

Thank you.

Greg


index.php

Code: Select all

<?
session_start();
$_SESSION['valid_user'] = $valid_user;

include('connect.php');
if($username && $password)
{
	$query = "SELECT * FROM user_auth WHERE username='$username' and password='$password'";
	$result = mysql_query( $query, $link );
	if (mysql_num_rows($result) == 1)
	{
		$valid_user = $username;
		session_register("valid_user");
	}
}

if(session_is_registered("valid_user"))
{

<!----------------------- HTML ----------------------- >



<!----------------------- END HTML ----------------------- >

}
    else
{
    if (isset($valid_user))
	{
	 echo "<span class='maintext'><center><font color='#ff0000'>Invalid Login.</center></span>";
        }
}
?>

logout.php

Code: Select all

<?
session_start();
$valid_user = $old_user;
$result = session_unregister("valid_user");
session_destroy();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Logout</title>
<link href="../style.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
body {
	background-color: #FFFFFF;
}
.style1 {color: #CC0000}
.style2 {color: #000000}
-->
</style></head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?
if(!empty($old_user))
{
	if($result)
	{
		echo "Logout successful !. Thank you. ";
	}
	else
	{
	echo "Cound't log you out !";
	}
}
else
{
echo "Shouldn't be here !!!";
}



?>
</body>
</html>

Posted: Mon Sep 25, 2006 11:24 pm
by shneoh
I saw there are a few phases you stated there to display to check logout status.

What's the message prompt after you entered to logout.php?

Posted: Tue Sep 26, 2006 3:03 am
by thomas777neo
Instead of using

Code: Select all

session_register("valid_user");
Rather do something like this:

Code: Select all

$_SESSION["valid_user"] = $username;
Just makes life easier.

Posted: Tue Sep 26, 2006 1:54 pm
by HormonX
thomas777neo wrote:Instead of using

Code: Select all

session_register("valid_user");
Rather do something like this:

Code: Select all

$_SESSION["valid_user"] = $username;
Just makes life easier.
It seems like this did the trick. Now log out and password change works corectly.

Thank you for your help.

Greg