php - sessions from my login system are not working -
i developing website , have problem login system. consider 2 users, user1 , user2. if user1 gets access account and, in same browser, if user2 gets access account, user1 must logged out session not happen in system, moreover, system thinks user1 user2 because user2 connected. following code login page , authentication:
login code
<html> <body> <div class="wrap"> <div id="content"> <div id="main"> <div class="full_w"> <form action="login_oficial.php" method="post" autocomplete="off"> <label for="login">usuario:</label> <input id="login" name="login" class="text" /> <label for="pass">contraseƱa:</label> <input id="pass" name="pass" type="password" class="text" /> <input type="submit" class="ok" name="acceso_cuenta" value="acceder"></button> </form> </div> </div> </div> </div> </body> </html> authentication code (login_oficial.php)
<?php session_start(); require('incluye.php'); $usuario = $_post['login']; $_session['user']=$usuario; $error = ''; $form = $_post['acceso_cuenta']; $password = $_post['pass']; $query1 = "select user data1 user='$usuario' , passwort='$password'"; $result=pg_query($conn,$query1); if( isset($form) ) { if( isset($usuario) && isset($password) && $usuario !== '' && $password !== '' ) { if(pg_num_rows($result) != 0 ) { //success $_session['logged-in'] = true; header('location: http://localhost/public_html/website/normal_user.php'); exit; }else { $error = "your information wrong."; } } else { $error = 'please, not leave blank spaces.';} } ?> <html> <body> <div class="wrap"> <div id="content"> <div id="main"> <div class="full_w"> <form action="<?php $php_self; ?>" method="post"> <label for="login">usuario:</label> <input id="login" name="login" class="text" autocomplete="off" /> <label for="pass">contraseƱa:</label> <input id="pass" name="pass" type="password" class="text" /> <div class="sep"></div> <input type="submit" class="ok" name="acceso_cuenta" value="acceder"></button> </form> </div><!--end of full--> <?php echo "<br /><span style=\"color:red\">$error</span>";?> </div><!--end of main--> </div><!--end of content--> </div><!--end of wrap--> </body> </html> code incluye.php
<? if($_post['acceso_cuenta']){ $strconn="dbname=postgres port=5432 host=127.0.0.1 user=xxxxxx password=*****"; $conn=pg_connect($strconn); } if(!$conn){ // echo "error connection!!!"; }else{ //echo "connection succesful!!!"; } ?> user's page
<?php session_start(); require('incluye.php'); // 1 accessing page logged in or not? if ( !isset($_session['logged-in']) || $_session['logged-in'] !== true) { // not logged in, move login page session_destroy(); header('location: login_oficial.php'); exit;} ?> <html lang="en"> <body class=""> <div class="navbar"> <div class="navbar-inner"> <ul class="nav pull-right"> <li id="fat-menu" class="dropdown"> <li ><a href="logout.php">logout</a></li> <i class="icon-user"></i> <? echo "welcome user {$_session['user']} " ; ?> </a> </li> </ul> </div> </body> </html> logout.php
session_start(); // if user logged in, unset session if (isset($_session['logged-in'])) { unset($_session['logged-in']); } // user logged out, // go login page header('location: login.html'); ?> all suggestions welcome , feel free give other suggestion consider appropriate. cheers.
in login_oficial.php set these sessions
$_session['user']=$usuario; $_session['logged-in'] = true; but in logout.php unset logged-in session. try code, should reset sessions.
session_start(); session_unset(); session_destroy(); session_write_close(); setcookie(session_name(),'',0,'/'); session_regenerate_id(true); btw think should not set $_session['user'] before check if user exists in db.
Comments
Post a Comment