I have this problem with my login system. I have two users, userA and userB in the same computer. userA enters to his account in one browser; userB gets access to his account in the same browser. My system thinks that now userB is also userA and userA is still connected to its own account but his name appears as userB. If these two users get access into different browsers, there is NO problem.
Do you have any idea how can I fix this problem? Here is the code of my login system:
<?php session_start();
$error = "";
$usuario1="";
$password="";
$form = $_POST['acceso_cuenta'];
if($_SERVER['REQUEST_METHOD']=='POST'){
$usuario1 = $_POST['login'];
$password1 = $_POST['pass'];
$strconn="dbname=postgres port=5432 host=127.0.0.1 user=xxx password=***";
$conn=pg_Connect($strconn);
if(!$conn){
// "Error connection!!!";
}else{
$query3 = "SELECT USUARIO FROM USERS WHERE USUARIO='$usuario1'
AND E_CONTRASENIA='$password' AND LEVEL='TAMER_LEVEL_3'";
$query2 = "SELECT USUARIO FROM USERS WHERE USUARIO='$usuario1'
AND E_CONTRASENIA='$password' AND LEVEL='TAMER_LEVEL_2'";
$result2=pg_query($conn,$query2);
$result3=pg_query($conn,$query3);
if(pg_num_rows($result3) != 0 ) { //success
if(isset($_SESSION['logged-in']) || isset($_SESSION['user'])){
session_unset();
session_destroy();
}
$_SESSION['logged-in'] = true;
$_SESSION['user']=$usuario1;
header('location: http://localhost/public_html/teacherLv3.php');
exit;
}else if(pg_num_rows($result2) != 0){
if(isset($_SESSION['logged-in']) || isset($_SESSION['user'])){
session_unset();
session_destroy();
}
$_SESSION['logged-in'] = true;
$_SESSION['user']=$usuario1;
header('location: http://localhost/public_html/teacherLv2.php');
exit;
}else {
$error = "WRONG DATA.";
}//
pg_close($conn);
} //else { $error = 'Don't leave blank spaces';}
}//end of if server
?>
This is the code for teacherLv3's page:
<?php
session_start();
// is the one accessing this page logged in or not?
if ( (!isset($_SESSION['logged-in']) && $_SESSION['logged-in'] !== true)) {
// not logged in, move to login page
session_destroy();
header('Location: login.php');
exit;
}
?>
<html>
<? echo "Welcome back Teacher_Level 3 MASTER {$_SESSION['user']} " ; ?>
</html>
This is the code for teacherLv2's page:
// is the one accessing this page logged in or not?
if ( (!isset($_SESSION['logged-in']) && $_SESSION['logged-in'] !== true)) {
// not logged in, move to login page
session_destroy();
header('Location: login.php');
exit;
}
?>
<html>
<? echo "Welcome back Teacher_Level 2 MASTER {$_SESSION['user']} " ; ?>
</html>