Well what this code is supposed to do is create a session when you log in successfully. Then direct you to the member page. Which it does ok. Then when you click logout it destroys the session. My code should, if you are not logged in and go to the member page redirect you, but it doesn't. And then if you are logged in and you go to the index page it should redirect you to the member page! But it doesn't. What is wrong with my code?
Index.php:
<?php
session_start();
if(session_is_registered(myusername)){
header("Location: member.php");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="en-us" http-equiv="Content-Language" />
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Image Upload - The Image Uploading And Sharing Solution</title>
<link href="styles/style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<img alt="Image Upload" height="196" src="images/logo.png" style="float: left" width="500" />
<form method="post" action="checklogin.php" class="loginform">
<br />
<br />
<table style="width: 30px">
<tr>
<td><label id="username1">Username:</label></td>
<td><input name="Username" type="text" class="textbox" /></td>
</tr>
<tr>
<td><label id="password1">Password:</label></td>
<td><input name="Password" type="password" class="textbox" /></td>
</tr>
<tr>
<td><input name="login" type="submit" value="Login" class="button" /></td>
<td><input name="reset" type="reset" value="Reset Fields" class="button"; /></td>
</tr>
<tr>
<td><a href="register.php">Register</a></td>
<td></td>
</tr>
</table>
</form>
</div>
</body>
</html>
checklogin.php:
<?php
ob_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="styles/style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<img alt="Image Upload" height="196" src="images/logo.png" style="float: left" width="500" />
<div id="message">
<?php
ob_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="imageupload"; // Database name
$tbl_name="user"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['Username'];
$mypassword=$_POST['Password'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$mypassword = md5($mypassword);
$sql="SELECT * FROM $tbl_name WHERE Username='$myusername' and Password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("Location: member.php");
}
else {
echo '<p class="error">Wrong Username or Password</p>
<p><a href="index.php">Click Here</a> to go back to the login page</p>
';
}
ob_end_flush();
?>
</div>
</div>
</body>
</html>
Logout.php:
<?php
session_start();
session_destroy();
header("Location:index.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Logging Out</title>
</head>
<body>
</body>
</html>
member.php:
<?
session_start();
if(!session_is_registered(myusername)){
header("Location: index.php");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="styles/style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<img alt="Image Upload" height="196" src="images/logo.png" style="float: left" width="500" />
<div id="message">
<a href="logout.php">Log Out</a>
</div>
</div>
</body>
</html>
register.php:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="styles/style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<img alt="Image Upload" height="196" src="images/logo.png" style="float: left" width="500" />
<form method="post" action="registeraction.php" class="loginform">
<br />
<br />
<table style="width: 30px">
<tr>
<td><label id="username1">Username:</label></td>
<td><input name="Username" type="text" class="textbox" /></td>
</tr>
<tr>
<td><label id="password1">Password:</label></td>
<td><input name="Password" type="password" class="textbox" /></td>
</tr>
<tr>
<td>
<label id="Label1">E-Mail</label></td>
<td><input name="email" type="text" class="textbox" /></td>
</tr>
<tr>
<td>
<input name="login" type="submit" value="Register" class="button" /></td>
<td><input name="reset" type="reset" value="Reset Fields" class="button" /></td>
</tr>
<?php
require_once('recaptchalib.php');
$publickey = "6Le-h8ASAAAAALUsh9idavbib8WMRF7juhY1KxKf "; // you got this from the signup page
echo recaptcha_get_html($publickey);
?>
</table>
</form>
</div>
</body>
</html>
registeraction.php:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="styles/style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<img alt="Image Upload" height="196" src="images/logo.png" style="float: left" width="500" />
<div id="message">
<?php
require_once('recaptchalib.php');
$privatekey = " 6Le-h8ASAAAAAIODueI4b17cBrmYiMQQyO6qTcXa ";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
$username = $_POST['Username'];
$password = $_POST['Password'];
$email = $_POST['email'];
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
die ("<p class='error'>The reCAPTCHA wasn't entered correctly. Go back and try it again.</p>");
} else {
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
if(isset($username,$password,$email)) {
$username = stripslashes($username);
$password = stripslashes($password);
$email = stripslashes($email);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$email = mysql_real_escape_string($email);
mysql_select_db("imageupload", $con);
$usernametaken = mysql_query("SELECT * FROM `user` WHERE Username = '".$username."'");
$result = mysql_num_rows($usernametaken);
if($result == 0) {
mysql_query("INSERT INTO `imageupload`.`user` (`id` ,`Username` ,`Password` ,`email`)VALUES (NULL , '".$username."','".md5($password)."','".$email."')");
mysql_close($con);
echo 'Registration was successful! You may now <a href="index.php">login</a>.';
}
else {
echo "Username already taken";
}
}
else {
echo "Please enter a username, password, and email";
}
}
?>
</div>
</div>
</body>
</html>
Thanks for any help in advanced!