0

I'm having trouble with my log in code for my website, the system allows for a user to log in and log out successfully however when the user is logged in and clicks on another webpage link, its signs them out. I want them to stay logged in on all pages until the user clicks log out themselves.

The loginform.php: 

    <div id="contact">
       <form id="form" action="<?php $_SERVER['PHP_SELF'];?>" method="post">
           Username: <input type="text" name="liusername" id="liusername">
           Password: <input type="password" name="lipassword" id="lipassword">
           <input type='submit' value='Login'   name="lisubmit">
       </form>
    </div>

PHP code on heading.php:

    <?php

if ($_SESSION['loggedin'] === true){

echo "You have signed in - <a href='loggedout.php'>Click here to log out</a>";

 } ELSE {
INCLUDE 'loginform.php';
 }

 if (isset($_POST['lisubmit'])){

$query = "SELECT user_id, user_password, user_username FROM users WHERE
        user_username = '".$_POST['liusername']."'";
        $result = mysql_query($query) or die (mysql_error());
        $row = mysql_fetch_array($result);

        if ($row['user_password'] === $_POST['lipassword'] && $row['user_username'] === $_POST['liusername']){

            $_SESSION['loggedin'] = true;
            $_SESSION['id'] = $row['user_id'];
        }else{
            $_SESSION['loggedin'] = false;
            $_SESSION['id'] = 0;
            INCLUDE 'loginform.php';

        }
}

   ?>

Index.php:

    if(empty($_SESSION['loggedin'])){$_SESSION['loggedin'] = false;
    }

Loggedout.php:

    <?php 

    session_start();

    $_SESSION= ARRAY();

    SESSION_DESTROY();

    HEADER('location: index.php');

    ?>
John Conde
  • 217,595
  • 99
  • 455
  • 496
Brooksie
  • 27
  • 8
  • 4
    Please, [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://jayblanchard.net/demystifying_php_pdo.html). Add error reporting to the top of your file(s) right after your opening ` – Jay Blanchard Apr 22 '15 at 19:25
  • 1
    Do you have `session_start();` on all pages? – Henrique Arthur Apr 22 '15 at 19:26
  • Are you calling `session_start` on each page before trying to access the sessions in `$_SESSION`? – Jonathan Kuhn Apr 22 '15 at 19:26
  • I'm at university. This is the code we are required to use. I appreciate the update. – Brooksie Apr 22 '15 at 19:26
  • Yes, I am using session_start(); on all pages. – Brooksie Apr 22 '15 at 19:31
  • side comment: I see this way too often. what is the deal with college/university professors forcing students to use deprecated php code? I understand if it's c, but in this case... wut? I'm more inclined to believe the students are misunderstanding. "forced?" use the correct code! it will serve you better. If not PDO, use myqli prepared statements. just as safe. – nomistic Apr 22 '15 at 19:35
  • I get that, but I can only deal with what I have been taught and been asked to do. – Brooksie Apr 22 '15 at 19:41
  • post complete code of the page that when you visit, logs you out. I do not see any `session_start()` in your `index.php` – Ejaz Apr 24 '15 at 20:55

0 Answers0