I have the following code:
The page Login.php
<?PHP
session_start();
include("conexion.php");
$conn = conexion();
extract($_POST);
$password = md5($pass);
echo $password;
$sql1="Select * from miembro where user='".$user."'and pass ='".$password."'";
$re= mysqli_query($conn,$sql1);
$numrows1 = mysqli_num_rows($re);
echo $sql1;
echo $numrows1;
if ($numrows1==0 or $numrows1>=2){
$_SESSION['session'] = "no";
header('Location:' . getenv('HTTP_REFERER'));
}else{
$row = mysqli_fetch_array($re);
$_SESSION['nombre'] = $row["nombre"];
echo $_SESSION['nombre'];
$_SESSION['codigo'] = $row["codigo"];
$_SESSION['pass'] = $row["pass"];
$_SESSION['apellido'] = $row["apellido"];
$_SESSION['telefono'] = $row["telefono"];
$_SESSION['user'] = $row["user"];
$_SESSION['cargo'] = $row["cargo"];
$_SESSION['correo'] = $row["correo"];
$_SESSION['session'] = "si";
$_SESSION['last_time'] = time();
header("Location: ./actions/perfil.php");
}
?>And perfil.php (where the user is taken once logged in)
<?php
include("./menu_actions.php");
include("../conexion.php");
if($_SESSION['session'] != "si"){
header("location: ../home.php");
}
$us = $_SESSION['user'];
$sql="select * from miembro where user = '$us';";
echo $sql;
$query = mysqli_query(conexion(),$sql);
$row = mysqli_fetch_array($query);
session_start();
if(isset($_SESSION["user"])){
if((time() - $_SESSION['last_time']) > 10){ //After 10 sec
header("location:logout.php");
}
}
else{
header('Location:login.php');
}
?>
//HTMLIt's not working and I don't understand why. The time of the start of the session is kept in a variable and analyzed later with an if loop, so if the time exceeds 10 seconds, the user should be forced out and taken to the login page again, but I can't make it work. Could somebody help me, please?
