Ok so I'm trying to create a simple login page.
I can do it successfully but it seems I can't get multiple computers to access the page. I've created multiple different users on my mysql database that individually credential their way into it and query it for data, BUT AGAIN only one computer it seems will be let in.
I've set the PHP session variable as well to contain login info.
My simple questions is:
Is there a way to log out of the db and destroy my session to perhaps let other computers access the username after one has finished
Could it be the session or the db login that is still lingering one computer that is causing this?
I know my code is a mess:
<?php session_start();
include("password.php"); ?>
...
<body>
<div class="main_content">
<?php
$submenarray = array(
'Purpose' => 'purpose.php',
'Leading Self' => 'leadingself.php',
'Leading with Strategy' => 'leadingwithstrategy.php',
'Leading People' => 'leadingpeople.php',
'Leading for Results' => 'leadingforresults.php',
);
insert_header_with_params(0,0,$submenarray);
?>
<div class="content_body">
<div class="description">
<h1 style="margin-left:5%;">
User <span style="color:red"> Login</span>
</h1>
<p></p>
</div>
<?
global $USERS;
global $_SESSION;
$USERS= getUsers("member1","password");
$record;
$max_login_attempts = 3;
if(isset($_POST['password'])){$_SESSION["password"] = $_POST["password"];}
if($_GET["logged"] == "false"){
$_SESSION["logged"] = "";
}
if(isset($_POST['Field1'])){
$record = getRecord($_POST["Field1"],removeUnwantedChar($_POST["Field1"]),$_POST["password"]);}
if ($_POST["ac"]=="log") { /// do after login form is submitted
if ($record[19]==$_POST["password"]) {
$_SESSION["logged"]=$_POST["Field1"];
$sql = "UPDATE `leading_initiatives` SET `Login Attempts`='0'
WHERE `Name`='".$_POST['Field1']."'";
sql_command($sql,removeUnwantedChar($_POST["Field1"]),$_POST["password"]);
} else {
if($record[20] < $max_login_attempts){
setRecord('Login Attempts',$record[20]+1,$record[1],removeUnwantedChar($_POST["Field1"]),$_POST["password"]);
echo '<p style="padding-left:20%;">Incorrect username/password. '.($max_login_attempts-$record[20]).' attempts remaining.</p>';
}else{
echo 'max reached';
}
}
}
$attempts = $record[20];
if($attempts > $max_login_attempts)
$_SESSION["locked_out"] = "true";
if (array_key_exists($_SESSION["logged"],$USERS)) { //// check if user is logged or not
echo "<p style='padding-left:20%;'>Logged in: ".$_SESSION["logged"]."</p>"; //// if user is logged show a message
echo "<a href='http://newsite.com' style='padding-left:20%;'>form</a></br></br>";
}elseif($_SESSION["locked_out"] == "true"){
echo "<script>
window.location.replace('site/max_attempts.php');
</script>";
}
else { //// if not logged show login form
echo '<form id="the_form" name="the_form" action="http://site/login.php" method="post" style="padding-left:20%;">
<input type="hidden" name="ac" value="log">';
echo 'Username: <select id="Field1" name="Field1">
<option value=""></option>
<option value="Admin">Admin</option>
<option value="Anton, Manny">Anton, Manny</option>
</select>';
echo 'Password: <input type="password" name="password" id="password" />';
echo '<input type="submit" value="Login" />';
echo '</form>';
}
if($_GET["logged"] == "false"){
echo "<script>document.forms['the_form']['Field1'].value = ".$_GET["Field1"].";</script>";
}
?>
</div> <!--end content body-->
</div> <!--end the main content div-->
</body>
