1

I am new in php and new in this site.

I have made a login code. when people login, and then click other links, they are logged out. Also, sometimes when people login, it show someone else's name. However, clear cache and clean the browser's history, everything is good then. What is the problem can cause this situation?

<?php
ob_start();
ob_start('gz_handler');
session_start();


require_once("loginconfig.php");


if (isset($_POST['username']) && strlen($_POST['username']) >= 3 && isset($_POST['password']) && strlen($_POST['password']) >= 3)
{

$connect = mysql_connect($host, $user, $pass);

mysql_select_db($database, $connect);


$usernameTest = $_POST['username'];
$passwordTest = $_POST['password'];

$usernameTest = htmlentities($usernameTest, ENT_QUOTES);
$passwordTest = htmlentities($passwordTest, ENT_QUOTES);

//$passwordTest = md5($passwordTest);

$query = mysql_query("SELECT $username, $password, $name, $accessLevel FROM $table WHERE $username='$usernameTest' AND $password='$passwordTest'", $connect);

$affectedRows = mysql_num_rows($query);

if($affectedRows === 1)
{
    $rows = mysql_fetch_array($query);

    $_SESSION['username'] = $rows[$username];
    $_SESSION['name'] = $rows[$name];
    $_SESSION['accessLevel'] = $rows[$accessLevel];
    $_SESSION['auth'] = strlen($rows[$username].$rows[$password]);

    $query = mysql_query("UPDATE $table SET LastLogin=NOW() WHERE $username='$usernameTest' AND $password='$passwordTest'", $connect);

    mysql_close($connect);

    header("Location: $loggedIn");
    ob_flush();
}
else
{
    header("Location: $homePage?e=2");
    ob_flush();
}

}
else
{
header("Location: $homePage?e=1");
ob_flush();
}


?>
Deardevils
  • 63
  • 1
  • 6
  • "when people login, and then click other links, they are logged out" -> can elaborate what the actual incorrect behavior and what is the correct expected behavior? I don't understand if this is what you want your code to do (that it doesn't do now), or if this is an unexpected behavior your are currently experimenting. – François Oct 16 '15 at 00:31
  • Are you starting session on each required page? – Daryl Gill Oct 16 '15 at 00:39
  • This shouldn't happened but currently it happens sometime from customers' feedback. – Deardevils Oct 16 '15 at 00:41
  • @DarylGill Yes, I have it on every required page. – Deardevils Oct 16 '15 at 00:44
  • You mention possible cache issue in the title. Did you try explicitly disabling client cache? Add the 3 lines below "Under PHP:" in this answer: http://stackoverflow.com/a/2068407/165030 – François Oct 16 '15 at 17:59
  • @François I will try, should I put these 3 lines on every page in tag? – Deardevils Oct 18 '15 at 20:27

0 Answers0