if (isset($_POST['login'])) { $query = mysql_query(" SELECT id FROM users WHERE username = '".mysql_real_escape_string($_POST['username'])."' AND password = '".mysql_real_escape_string($_POST['password'])."' "); /* wrong login information? output a message and terminate the script */ if (!mysql_num_rows($query)){ header("Location: error.php"); exit(); } /* set session with unique index */ $_SESSION['id'] = mysql_result($query, 0, 'id'); mysql_query("UPDATE users SET last_login = NOW(), last_ip = '".$_SERVER['REMOTE_ADDR']."' WHERE id = '{$_SESSION['id']}'"); header("Location: success.php"); exit; } /* destroy session */ if (isset($_GET['logout'])){ mysql_query("UPDATE users SET online = '0' WHERE id = '{$_SESSION['id']}'"); session_unset(); session_destroy(); header("Location: index.php"); exit; } It works, it does send me to success PHP on right info but this is what I’m trying to do:
if (!$_SESSION['id']) { <form method="post" action="./"><p> Username: <br /> <input type="text" name="username" size="22" maxlength="30" /> <br /> Password: <br /> <input type="password" name="password" size="22" maxlength="20" /> <br /> <input class="button" type="submit" name="login" value="Login" /> </form> } else { echo "Logged in"; } It doesn’t show "Logged in", I have printed $_SESSION[‘id’] but nothing. It’s all in index.php. What can be the problem? And don’t worry about no hash, going to fix that later
Have you definitely called session_start?