Hi, i am facing problem in log out section, which redirects to the file logout.php. where after unset-ing and destroying the session, it redirects to index page again, but when i type the following page address which should be seen only when an user is logged in, shows..
can anybody help me to solve this?
login.php
<?php
// Start a session.
session_start();
include("connection.php");
// checking stuff all over.
if(isset($_POST['submit'])) {
if(empty($_POST['username']) || empty($_POST['password'])) {
echo "Sorry, you have to fill in all forms";
//header("Location: login.php");
exit;
}
// Create the variables.
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// Encrypt the password with the md5 hash.
// This way the password is now the same as the password inside the database.
$password = md5($password);
// Store the SQL query inside a variable.
// ONLY the username filled in is retrieved from the database.
$query = "SELECT username,password
FROM `users`
WHERE username='$username'";
$result = mysql_query($query);
if(!$result)
{
// Gives an error if the username given does not exist.
// or if something else is wrong.
echo "Username Doesn't Match " . mysql_error();
}
else {
// Now create an object from the data been retrieved.
$row = mysql_fetch_object($result);
// Now an object is been created containing the data.
// Now the password is checked if they're equal.
if($row->password != $password) {
echo "Sorry your password doesn't match.";
//header("Location: login.php");
exit;
}
// By storing data inside the $_SESSION superglobal,
// User stay logged in until he close your browser.
$_SESSION['username'] = $username;
$_SESSION['sid'] = session_id();
// Make it more secure by storing the user's IP address.
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
// Now give the success message.
//$_SESSION['username'] should print out the username.
header("location: permission.php");
}
}permission.php
<?php
session_start();
if(!isset($_SESSION['username']) || !isset($_SESSION['sid']) || !isset($_SESSION['ip'])){
header("Location: index.html");
exit;
}
include("connection.php");
$username=$_SESSION['username'];
$query = "SELECT permission
FROM `user_priviledge`
WHERE username='$username'";
$result = mysql_query($query);
$row = mysql_fetch_object($result);
$_SESSION['perm']= $row->permission;
$perm=$_SESSION['perm'];
if($perm==="fo1")
{
include("upload_fo1.php");
}
elseif ($perm==="fo2")
{
include("upload_fo2.php");
}
elseif ($perm==="fo3")
{
include("upload_fo3.php");
}
elseif ($perm==="night")
{
include("upload_night.php");
}
elseif ($perm==="alternate")
{
include("upload_alternate.php");
}
elseif ($perm==="pgm")
{
include("upload_pgm.php");
}
elseif ($perm==="dpr")
{
include("upload_dpr.php");
}
elseif ($perm==="duty")
{
include("upload_duty.php");
}
elseif ($perm==="orderly")
{
include("upload_orderly.php");
}
elseif ($perm==="circular")
{
include("upload_circular.php");
}
else
{
echo "<a href=\"index.html\">some problem occured!</a>";
}
?>logout.php
<?php
session_start();
session_unset();
$_SESSION = array();
unset($_SESSION['username']);
session_destroy();
header("location: index.html");
?>