I have set up a log in page for my website so that users will have to log in via login.php before they can access the other pages (currently just index.php until I can get this wokring). The problem I am having is that I can either make it so that it will always not allow you into index.php (even entering the right login details still takes you back to login.php) or it will always allow a user in (even clicking log out which sends you back to login.php and should delete the cookie, it will still allow you to just type in index.php into the address bar and go straight there)
Not sure where the problem in my code is, I have gone through it all with a fine toothe comb for the last 3 or so hours and I am getting no where, I think it's probably something simple but I just can't see it. Any help would be much appreciated.
Also apologies if my code is sloppy or messy, kinda new to PHP and just getting my bearings.
index.php
<?php
require_once 'classes/pupils.php';
$pupils = new pupils();
$pupils->confirm_pupil();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>index</title>
<link href="defaultstyle.css" rel="stylesheet" type="text/css" />
</head>
<body class="text1">
<p class="text1">Welcome to the site Phil</p>
<a href="login.php?status=log_out">Log Out</a>
</body>
</html>
pupils.php
<?php
require 'connect.php';
class pupils {
//ensure_credentials will hold the value true if a user login has been accepted
function validate_user($user,$pass){
$mysql = New connect();
$ensure_credentials = $mysql->verify_user_pass($user, $pass);
//If ensure_credentials holds true then status is authorised and user is sent to the index page
if($ensure_credentials){
$_SESSION['status'] = 'authorised';
header("location: index.php");
} else return "Please enter a correct username and/or password!";
}
//The log out function that will remove the session and cookie from a computer and log a user out.
function log_out(){
if(isset($_SESSION['status'])){
unset($_SESSION['status']);
if(isset($_COOKIE[session_name()]))
setcookie(session_name(), '', time() - 1000);
session_destroy();
}
}
function confirm_pupil() {
session_start();
if($_SESSION['status'] !='authorised') header("location: login.php");
}
}
login.php (if it's necessary)
<?php
session_start();
require_once 'classes/pupils.php';
$pupils = new pupils();
//This is what happens if the user has clicked log out on the index page.
if(isset($_GET['status']) && $_GET['status'] == 'logout'){
$pupils->log_out;
}
//If $_POST is present and both username and password are filled out then
if($_POST && !empty($_POST['username']) && !empty($_POST['password'])) {
$response = $pupils->validate_user($_POST['username'], $_POST['password']);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Page</title>
<link href="defaultstyle.css" rel="stylesheet" type="text/css" />
</head>
<body class="body">
<h2 class="header2">Welcome To Kraft!</h2>
<p class="text2">The free social site for Herne Junior pupils!</p>
<div id="login">
<form class="login" action="" method="post">
<h3 class="header3">Login Page</h3>
<p>
<label class="text1" for="username">Username: <input type="text" name="username" /></label><small class="text1">This is where you enter your username (If you've forgotten it, don't worry! Ask your teacher!)</small><br />
</p>
<p>
<label class="text1" for="password">Password: <input type="password" name="password" /></label><small class="text1">This is where you enter your password (Again if you've forgotten it, your teacher can help!)</small><br />
</p>
<p>
<input type="submit" value="Login" name="login" id="login" />
</p>
</form>
<?php if (isset($response)) echo "<h4 class='text1'>" . $response . "</h4>"; ?>
</div>
</body>
</html>
