Hi, i am facing problem in log out section, which redirects to the file logout.php. where after unset-ing and destroying the session, it redirects to index page again, but when i type the following page address which should be seen only when an user is logged in, shows..

can anybody help me to solve this?

login.php

<?php 
// Start a session. 
session_start();
include("connection.php");
//  checking stuff all over.
if(isset($_POST['submit'])) {
	if(empty($_POST['username']) || empty($_POST['password'])) {
		echo "Sorry, you have to fill in all forms";
		//header("Location: login.php");
		exit;
	}
	// Create the variables.
	$username = $_POST['username'];
	$password = $_POST['password'];
	$username = stripslashes($username);
	$password = stripslashes($password);
	$username = mysql_real_escape_string($username);
	$password = mysql_real_escape_string($password);
	// Encrypt the password with the md5 hash. 
	// This way the password is now the same as the password inside the database.
	$password = md5($password);
	
	// Store the SQL query inside a variable. 
	// ONLY the username filled in is retrieved from the database.
	$query = "SELECT username,password 
			  FROM	 `users`
			  WHERE	 username='$username'";
	
	$result = mysql_query($query);
	if(!$result) 
	{ 
		// Gives an error if the username given does not exist.
		// or if something else is wrong.
		echo "Username Doesn't Match " . mysql_error();
	} 
	else {
		// Now create an object from the data been retrieved.
		$row = mysql_fetch_object($result);
		// Now an object is been created containing the data.
		// Now the password is checked if they're equal.
		if($row->password != $password) {
			echo "Sorry your password doesn't match.";
			//header("Location: login.php");
			exit;
		}
		// By storing data inside the $_SESSION superglobal,
		// User stay logged in until he close your browser.
		$_SESSION['username'] = $username;
		$_SESSION['sid'] = session_id();
		
		// Make it more secure by storing the user's IP address.
		$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
		// Now give the success message.
		//$_SESSION['username'] should print out the username.
		header("location: permission.php");
		
	}
}

permission.php

<?php
session_start();
if(!isset($_SESSION['username']) || !isset($_SESSION['sid']) || !isset($_SESSION['ip'])){
	header("Location: index.html");	
	exit;
}
include("connection.php");
$username=$_SESSION['username'];
$query = "SELECT permission 
			  FROM	 `user_priviledge`
			  WHERE	 username='$username'";
	
	$result = mysql_query($query);
	$row = mysql_fetch_object($result);
	$_SESSION['perm']= $row->permission;
	$perm=$_SESSION['perm'];
	
if($perm==="fo1")
{
	include("upload_fo1.php");
} 
elseif ($perm==="fo2")
{
	include("upload_fo2.php");
} 
elseif ($perm==="fo3")
{	
	include("upload_fo3.php");
} 
elseif ($perm==="night")
{
	include("upload_night.php");
} 
elseif ($perm==="alternate")
{
	include("upload_alternate.php");
} 
elseif ($perm==="pgm")
{
	include("upload_pgm.php");
} 
elseif ($perm==="dpr")
{
	include("upload_dpr.php");
} 
elseif ($perm==="duty")
{
	include("upload_duty.php");
} 
elseif ($perm==="orderly")
{
	include("upload_orderly.php");
}
elseif ($perm==="circular")
{
	include("upload_circular.php");
}
 else
{
	echo "<a href=\"index.html\">some problem occured!</a>";
}
	

?>

logout.php

<?php
        session_start();
	session_unset();
	$_SESSION = array(); 
	unset($_SESSION['username']);
	session_destroy();
	
	header("location: index.html");
	?>

for page authentication I use to do following steps
1) When user loggs in I store permitted page names from database for the user in a session arrary
2) In every page I call permission.php file, which checks requested page ($_SERVER ) is there in page session array set in step 1.

thanks urtrivedi..

its a good idea, i have figured out the problem and corrected it though..

it was a problem in logout section, thats why the session remained, but thank u for the tips..

when i'm gonna build the next one.. thats what i'm gonna do :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.