<html>
<body>

    <table border=3>
    <form action=checkpass.php method=post>
    <tr>
        <td>userid</td>
        <td><input type=text name=n1></td>
    </tr><br>
    <tr>
       <td>password</td>
       <td><input type=password name=n2></td>
    </tr><br>
     <tr>    
        <td><input type=submit value=login></td><br>
        <td><a href=registration.html>Create new account</a></td>   
     </tr>
     </form>
</table>
</body>
</html>   
//checkpass.php
<?php

        session_start();
        include "connect.php";
?>
<?php
 $userid=$_POST['username'];
 $password=$_POST['password'];
 $q="select * from cust_details where userid='".$userid."' and password='".$password."'";
 $s=mysql_query($q);
 if($r=mysql_fetch_array($s)){
        $name=$r["firstname"];
        $_SESSION['userid']=$userid;    
        header("location:home.php?name=".$name);
}
else{
?>
    <font color=red>Invalid user id or password</font>
<?php 
    include "login.html" ; 
?>
<?php
}
 mysql_close();
?> 
//home.php
                    <?php
    $name=$_GET['name'];
    echo "WelCome ".$name;


?>
//logout.php
<?php 
session_start();
session_destroy();
header("location:checkpass.php?message=2");
?>

here is my entire login session..but i cant logout successfully,i want to show my user "you have successfully loged out" after clicking on logout link.if anybody can then see my code and tell me what went wrong.It would be greatly appreciated.

hello my friend , look i prefer to use cookie in id store to make the user long time to use his account, however i can help you in .
1- replace your code

$_SESSION['userid']=$userid;

with :

setcookie('userid',$userid,time()+8600);

and in the home page you can check the user has a cookie (important)

if(isset($_COOKIE['userid']) && is_numeric($_COOKIE['userid'])){
    $check_id = mysql_query('select * from cust_details where userid = "'.$_COOKIE['userid'].'"') or die(mysql_errno());

    if(mysql_num_rows($check_id) == 0){
        echo 'Your account is not available in our data';
    }else {
       $user_data = mysql_fetch_array($userid);
       echo 'welcome '.$user_data['name']; // user name column in database
    }

}

in logout page you should use like this code

session_start();
ob_start();
if(isset($_COOKIE['userid'])){
    setcookie('userid','',time()-8600);
    header('Location: login.php');
    session_destroy();
}

in login page

session_start();
ob_start();
if(isset($_COOKIE['userid'])){
    echo 'You are logged in !';
}else {
    // Login FORM
}

regard Mohamed Alhussaini

well first of all my regards
2ndly i would like to ask you that,will the implimentation of cookie affect my user registration code or database fields?because if any of my code stucture changes it will result in a global change of my application.

Hello again,
The first you are should be know what's the difference between session and cookie ..
cookie expire unlimited and you can to put in the third parameter of the setcookie() function the time of the expire cookie
however session you can't to put the expire becuase the expire finish when the user closing the browser. facebook and twitter and more .. using cookie in store the user information

...

2- Cookie does not affect on your application and you can to read more about users system to learn why using the cookie

Regard , Mohamed Alhussaini

in checkpass.php
I think you must put a variable called message so

<?php
if ($_GET['message']){
msg = (int)$_GET['message'];
switch($msg){
    case 1:
        echo "Message 1";
        break;
    case 2:
        echo "You Have Successfully logged out";
        break;
    case 3:
        echo "Message 3";
        break;
}
}
//then the check login proc. here

Essentially, you want some way to keep track of the particular session (server side) from page to page (client side). Often this involves a session id that the client side tracks and the server side maintains. As suggested, you can keep track of a session id through a cookie. You can also track them through each request from one page to the next through request variables $_POST or ($_GET <url>/page.php?sessionid=<sessionid>).

You must be careful with sessions. A malicious user can attempt to hijack a session. Making the id's unique (not 'guessable') and only good for one time use will help to prevent this sort of intrusion.

In the end you can direct the user to a specific page after the session has been destroyed (or some form of on page alert). You might even verify the session has been destroyed by attempting to read some information from the already destroyed session.

@Alhussaini.Eng I want to ask, what if I manually created a Cookies with parameter 'userid' ? , that mean I will be logged as specific user immediately.
I think there is some parameters must added to setcookie so I can garantee the cookie from this site only.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.