Member Avatar for itisnot_me

ok something went wrong and i cannot for the life of me figure it out. my login script which also logs out will not unset the name and admin i set for it.

also on top of that if i do use a session_destory and login again it does not seem to be recalling the proper admin from the DB. in the DB i have it set to 0 and it is staying set as 1.

i hope some one can help my stooopid brain out. it hurts now

thanks in advance

<?php
session_start();

////// Logout Section. Delete all session variable.
if (isset($_SESSION['login_email'])){
unset($_SESSION['login_email']);
unset($_SESSION['company_id']);
unset($_SESSION['admin']);
unset($_SESSION['name']);
}
require_once("functions.php");

connect_to_db();

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Please Login</title>
<link href="login.css" rel="stylesheet" type="text/css" />
</head>

<body>
<div id="background">
  <div id="container">
    <div id="top"></div>
    <div id="content">
      &nbsp;
  <?php

   if(isset($_POST['submit']))
  {
  // email and password sent from form
$myemail = $_POST['myemail'];
$mypassword = $_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myemail = stripslashes($myemail);
$mypassword = stripslashes($mypassword);
$myemail = mysql_real_escape_string($myemail);
$mypassword = mysql_real_escape_string($mypassword);
$encyptpass = md5($mypassword);


	$result = mysql_query("SELECT * FROM users WHERE email='$myemail' and password='$encyptpass'");
        while($myrow = mysql_fetch_assoc($result))
             {
$company_id = $myrow['company_id'];
$name = $myrow['name'];
$admin = $myrow['admin'];
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myemail and $mypassword, table row must be 1 row

if($count==1){
$_SESSION['login_email'] = $myemail; // Set it so the user is logged in!
$_SESSION['admin'] = $admin;
$_SESSION['company_id'] = $company_id;
$_SESSION['name'] = $name;
header ("Location:index.php"); 
}else {
	echo '<div style="color:#AE0000;">Wrong email or Password</div><br /> <a href="#" onClick="history.go(-1);return true;">Try Again</a>';
}}
}else
{
?>
  <form name="login" method="post" action="login.php">
        <table>
          <tr>
            <td>Email </td>
            <td>Password</td>
          </tr>
          <tr>
            <td><input type="text" name="myemail" class="textfield" /></td>
            <td><input type="password" name="mypassword" class="textfield" /></td>
          </tr>
          <tr>
            <td><a href="agent/login.php">Agent Login</a></td>
            <td>&nbsp;<input name="submit" type="submit" value="Submit" class="button" /></td>
          </tr>
        </table>
      </form>
      <?php
      }
	  ?>
    </div>
    <div id="btm"></div>
    </div>
</div>
</body>
</html>
  • 2 Contributors
  • 3 Replies
  • 101 Views
  • 13 Hours Discussion Span
  • Latest Post Latest Post by itisnot_me
Member Avatar for chrishea

In the PHP manual it suggests using the session_destroy and deleting the session cookie. Have a look at the manual and give it a try.

Member Avatar for itisnot_me

as stated in the original i have used session_destroy. and i just might use that instead of unset.

Do you think that i should clear server cache when i start a new session?

Member Avatar for itisnot_me

i figured what was making my admin session not work.

it was not the session its self but a miss coded if statement that said if ($admin = '1') instead of if ($admin == '1'). such a small mistake turns into something huge.

and yes i am using session_destroy

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.