hi, when i have the login script at a certain point, and the address bar says "
http://derekvanderven.com/mainsite.php?logoff=y" when i try to login right after that, i cant, and then the next time after that it works, making me login twice after i logout every time. any help getting rid of this greatly appreciated. thanks. derek.
here is the login page code
Code:
<?php
include("connect1.php");
session_start(); // this is the session declaration , one per page.
/// data is set up in the mysql lite table , rows are
// record_id, int, 11, not null checked, default, null
//username, varchar, 20, default null
// password, varchar, 20 default, null
//Name, varchar, 20 default null
////////////////////////////////////////
////////////////////////////////////////
// a while loop is used to loop through and display output, like a table info, etc.dynamic rows.
$u = trim($_POST['username']);
$p = trim($_POST['password']); //trim makes it possible to have spaces around the passsword and user when typing it in.
$logoff = $_GET['logoff']; // this catches the logoff variable and value from the old.mainsite.php page.
$hack = $_GET['hack']; /// we got the hack variable from other page with GET
// if logoff is set, destroy the session, or unset it.
if($logoff){
unset($_SESSION['userid']);
session_destroy();
$message = "You have been logged off"; // notice here that he used the same variable as before but just changed value
}
if($hack){
$message = "Naughty Naughty!"; // COOL
}
// if fields username and password have contents, then...
if($u && $p){
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");
$result = mysql_fetch_array($query); //creates array called result,//notice we dont need a while loop here.
//if its found a user it will create a populated array, if find nothing, it creates a blank array.
//the mysql_fetch_array automatically gives us our keys for us.
if($result['username']){ // if username is set, go on...username is a key for $result, and a field in the table.
$message = "You have been logged in";
// session is an array, a php defined word, becomes like a variable.which can be accessed on any page.
// 'userid'here is like a variable. we are going to assign to $_SESSION whatever the $result array contains which is 'username' in this case.
$_SESSION['userid'] = $result['username'];
header("Location:old.mainsite.php"); // this will redirect them to the application.php page. and exit the script here.
exit;
}else{
$message = "You do not exist on the system";
}
}
?>
and here is the old.mainsite.php code
Code:
<?php
include("connect1.php");
include("bouncer.php"); // kicks the person off if session is not set, its the bouncer, big and fat man. ooooh.
?>
and
Code:
<a href="mainsite.php?logoff=y" class="style16">Logoff</a>
use mysql_real_escape_string() on the input before you use it in a sql statement
