hey all... so i have a admin section where the user logs in.... i also want them (obviously) to be able to log out by clicking on a log out link.... this link then takes them to a page that says they are logged out and redirects them to the homepage
i use an included file on each of the admin pages that checks to see if the user is logged in, if they are they are allowed to see the page.... if they are not logged in, they are prompted to enter user/pass.... this user and pass are stored as session variables
when i click on the logout link, it actually does log me out, and i have to log back in to gain access to any of the pages... so the session_destroy() is working, but im getting the following header errors:
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at c:\inetpub\wwwroot\admin_logout.php:9) in c:\inetpub\wwwroot\accesscontrol2.php on line 3
and
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at c:\inetpub\wwwroot\admin_logout.php:9) in c:\inetpub\wwwroot\accesscontrol2.php on line 3
below is the code for the login script, followed by the code for the logout page:
<?php // accesscontrol.php
include("other.inc");
session_start();
include("ssm_banner.php");
include("ssm_nav.php");
echo "<table width ='75%' border='0' cellpadding='10'><tr><td width='5%'></td><td width='90%'>";
// content goes here
$connection = mysql_connect($host,$user,$password) or die ("couldn’t connect to server");
$db = mysql_select_db($database,$connection) or die ("Couldn’t select database.");
if (isset($_POST['uid']))
{
$uid = $_POST['uid'];
}
elseif(isset($_SESSION['uid']))
{
$uid = $_SESSION['uid'];
}
if (isset($_POST['pwd']))
{
$pwd = $_POST['pwd'];
}
elseif(isset($_SESSION['pwd']))
{
$pwd = $_SESSION['pwd'];
}
if(!isset($uid)) {
?>
<head>
<title> Please Log In for Access </title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
</head>
<body>
<h3> Login Required </h3>
<p>You must log in to access the admin area.</p>
<p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
Username: <input type="text" name="uid" size="12" /><br />
Password: <input type="password" name="pwd" SIZE="12" /><br />
<input type="submit" value="Log in" />
</form></p>
</body>
</html>
<?php
exit;
}
$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;
$connection = mysql_connect($host,$user,$password) or die ("couldn’t connect to server");
$db = mysql_select_db($database,$connection) or die ("Couldn’t select database.");
$sql = "SELECT * FROM admin WHERE loginName = '$uid' AND password = '$pwd'";
$result = mysql_query($sql);
if (mysql_num_rows($result) == 0) {
unset($_SESSION['uid']);
unset($_SESSION['pwd']);
?>
<head>
<title> Access Denied </title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
</head>
<body>
<h3> Access Denied </h3>
<p>Your user ID or password is incorrect. To try logging in again, click
<a href="<?=$_SERVER['PHP_SELF']?>">here</a>.</p>
</body>
</html>
<?php
exit;
}
?>
logout page:
<html>
<META HTTP-EQUIV="refresh" CONTENT="5;URL=http://www.velcrorecords.com/ssm_index.php">
<title></title>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
</html>
<?php
include("accesscontrol2.php");
include("other.inc");
session_destroy();
echo "<h3>Admin Control</h3>";
echo "You are now logged out. You will be redirected to the SSM homepage in 5 seconds. If you are not redirected in 5
seconds <a href='index.php'>click here</a>.";
?>
any help with this would be greatly appreciated, thx
