Home/ Questions/Q 762405
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T15:57:16+00:00

I am working on a simple login and logout module for my website without

  • 0

I am working on a simple login and logout module for my website without any security. I am using wamp on a windows xp machine. I am creating session when a user submits the login informaton it redirects to a process.php file which creates the session variables and starts session. Now if the login is successful user is redirected to the welcome page which includes a header file(which displays the header involving signin logout help options) The problem is the header is not changing the signin link to logout as the user logs successfully. The below code is from process.php which initiates a login.

$username = $_POST['username'];
        $password = $_POST['password'];

        //echo "{$username}:{$password}";
        $connection = mysql_connect("localhost","root","");
        if(!$connection)
        {
            die("Database Connection Failed".mysql_error());
        }
        $db_select = mysql_select_db("tester",$connection);
        if(!$db_select)
        {
            die("Database Selection Failed".mysql_error());
        }
        $result = mysql_query("SELECT * FROM user",$connection);
        if(!$result)
        {
            die("Database Selection Failed".mysql_error());
        }


        $q = "SELECT * FROM user " ."WHERE Name='".$username."' AND Password='".$password. "' ";
         // Run query
         $r = mysql_query($q);

         if ( $obj = @mysql_fetch_object($r) )
        {
            session_start();
            // Login good, create session variables
            $_SESSION["valid_id"] = session_id();
            $_SESSION["valid_user"] = $_POST["username"];
            $_SESSION["valid_time"] = time();

            Header('Location: welcome.php');

The following code is from header.php which is included in welcome.php

    </div>

    <div id = "userdetail">

        <?php

        if(isset($_SESSION["valid_user"]))
        {
            echo($_SESSION["valid_user"]." " ); 
             echo("<a href=logout.php>Logout</a>"); 

        }
        else
        {
            echo("<a href = login.php>Sign In</a>");
        }

        ?>

              | Help |  Search      

            <input type = "text" name = "searchbox" value = "" />
    </div>
</div>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You have to call start_session() every time on every called page.
    This should always the first call you do in your pages.

    on logout call session_destroy.

    additionally you should clear the $_SESSION variable

    $_SESSION = array();

    A coding tip:
    Split you display stuff from the php code with a template-engine like smarty
    Your code contains a sql injection bug, see my comment on your post.

    you also should use hashed passwords and don’t forget the salt. do not store plain passwords into your database.

    SQL injection

    • 0