I'm working on my own CMS, and I'm using a session to track users when they log in.
The script (auth.php) is "required_once" on each page in the admin section. If the session is active, they get the page. If the session, isn't then they get a login form.
Pretty simple. Pretty straightforward.
This is my auth section:
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_successful.php"
session_register("myusername");
session_register("mypassword");
setcookie("myusername", $myusername, time()+3600);
#header("location:login_successful.php");
}
else {
echo "Wrong Username or Password";
ob_end_flush();
showLoginForm();
die();
}
i also set a cookie for the username (and possibly other data as I develop my system). That is where my problem lies.
When you first log in, all is well. but the cookie isn't echoed out because it hasn't been set yet. As soon as you go to a second page or refresh the cookie is there and does exactly as it should.
Just in case it helps, here is my logout script:
<?php
session_start(); {
$_SESSION = array();
if (isset($_COOKIE[myusername])) {
setcookie ("myusername", "", time() -360000);
}
session_destroy();
echo "You have been logged out.";
}
die
?>
I'm really a little stumped. A simple redirect to a second "loading" page isn't the solution i want. Is there a way I can make my system work?
All help is appreciated.
