I am trying to learn sessions and made a log in page with this code:
<?php
session_start();
$lang_values = parse_ini_file('en/calli_frame_login.ini');
require_once ('form_field_functions.php');
if(!isset($_SESSION['calli_connected'])){
echo '<form id="userreg" action="calli_login.php" method="post" >';
echo input_create('input', 'text', ' />', 'username', 0, $lang_values['username'] . ' ' . $lang_values['or']. ' ' . $lang_values['email']);
echo input_create('input', 'password', ' />', 'password', 0, $lang_values['password']);
echo input_create('input', 'hidden', ' />', 'error', 0, '', $lang_values['error']);
echo input_create('input', 'hidden', ' />', 'success', 0, '', $lang_values['success']);
echo input_create('button', 'submit', ' >' . $lang_values['submit'] . '</button>', 'submit', 0);
echo '</form>';
}
else{
echo 'You have logged in already';
echo '<form id="userreg" action="calli_logout.php" method="post" >';
echo input_create('button', 'submit', ' >' . $lang_values['logout'] . '</button>', 'submit', 0);
echo '</form>';
}
?>
the calli_login.php file looks like this:
<?php
session_start();
$error = $_POST['error'];
$success = $_POST['success'];
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));
$check_pass_or_user = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
require_once ('MySQL.conn.php');
if (strstr($_POST['username'], '@'))
{
$query = 'SELECT * FROM calli_users WHERE (email = "' . $username . '") AND (password = "' . $password . '")';
$check_pass_or_user = 'email';
}
else {
$query = 'SELECT * FROM calli_users WHERE (username = "' . $username . '") AND (password = "' . $password . '")';
$check_pass_or_user = 'username';
}
}
else {die ('That sort of opperation is not allowed in this server.');}
$tlak_lms_conn;
mysql_select_db ('calli');
$get_data = mysql_query($query) or die ('error');
$user_data = mysql_fetch_assoc($get_data);
if ($user_data[$check_pass_or_user] == $username){
if($user_data['password'] == $password){
$_SESSION['calli_connected'] = true;
}
}
else {
unset($user_data);
die($error);
}
?>
based on my understanding which by the way is wrong, I am setting the $_SESSION[‘calli_connected’] = true; and in the login for it will either display the login form when the user has not logged in or a logout button when the user has not logged out however when I reopen the login form again it is displayed instead of the logout button and the message that the user has already logged in, can someone help me with the session and point me what I´m doing wrong.