3

My login is working, since its redirecting me to the index.php.
But after I click on the login button it goes to the index.php, and the session is not logged in. It's supposed to state "Hello $username", but it still states "Login again" instead of Logout.

index.php code:

<?php
        session_start();    
        if( !empty($_SESSION) && isset($_SESSION['username'])){
            echo 'Olá ' . $_SESSION['username'];
            echo '<a href="logout.php"><br/>Logout</a>';
        }
        else{
            echo '<a href="login.php" class="hiper">Fazer Login</a>';
            echo '<a href="criarconta.php" class="hiper"><br/>Criar Conta</a><br/>';
        }
      ?>

login.php code:

<?php

    if(!empty($_POST)){
        $username=$_POST['username'];
        $password=$_POST['password'];

        require_once 'Validate.php';
        $flag_error = false;
        $errors = array ('username' => array (false,'username incorrecto.'),'password' => array (false,'Password tem de conter pelo menos 8 caracteres.'));


    /*if(!checkusername($username)){
        $errors['username'][0] = true;
        $flag_error=true;

    }

    if(!Valid_Pass($password)){
        $errors['password'][0]=true;
        $flag_error=true;

    }*/

    if(!$flag_error){

        require_once 'ligacao.php';
        $query = "SELECT * FROM utilizadores` WHERE 'username' = '$username' AND 'password' = '$password'";
        $verificar=mysql_query($query) or die (mysql_error());

        if (mysql_num_rows($verificar)==true){
            $_SESSION['username'] = $username;
            header('Location: index.php');
            }else{
            echo '<font color="red"> Esta conta não existe. </font></a>';   
        }

    }   
}
?>

I know login works because it redirects to "header('Location: index.php');", but the session stay logged in. What could it be?

Improve this question
2
  • 1
    It looks like you are missing a quotations mark on your query, right before the name of your table. Also, you might want to consider: 1) Using mysqli instead of mysql for PHP, and 2) an escaping function for protecting against SQL injection (i.e. mysqli::real_escape_string) Commented Dec 15, 2014 at 16:46
  • offtopic, try and be more consistent with you code formatting, it's all over the place right now. Makes it much easier to read if it's consistent. Commented Dec 15, 2014 at 17:02

2 Answers 2

Reset to default
3

You need to use session_start() on every page that uses the session, so add it to the top of login.php.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

session_start();

This starts the session and you should use it in every file who you need to user Login for visit it.

 $_SESSION['color']='red'; 
 $_SESSION['size']='small'; 
 $_SESSION['shape']='round';

This sets variables in the session 

 session_unset();

Remove all session variables

 session_destroy();

Destroy the session

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.