Problem Explanation
I have created my first session's login. Basically I have 3 inputs, 2 fields, one submit.
First field will be the username, second will be the password.
And then I used PDO to SELECT username,password from users table WHERE = username, to validate the details.
Then I count the rows, to see if there is a row with that specify username & password.
Great, I am now logged in..
But there's the problem.. When I delete the user from the database, I can keep browsing in my system with the same user, until session ends or I log out.
Question
How can I instantly check if user is still in the database? What are the best ways to do so everytime user gets to a new page or refreshes?
Thanks!
The code for creating session (login validation):
# Selecting the entered username + password from our admins database & making sure field
# with that specify username and password exists.
$hashed = hash('sha512', md5($password));
$check = $CONNECT_TO_DATABASE->prepare("SELECT * FROM admin WHERE username = :username AND password = :password LIMIT 1");
$check->bindValue(':username', $username);
$check->bindValue(':password', $hashed);
$check->execute();
# We check if that row exists, if it exists - We will create a new session with that entered
# username, that means administrator has sucessfuly logged in.
if ($check->rowCount()) {
$_SESSION['user'] = $username;
header ('Location: index.php');
} else {
# If login failed, because the details are wrong, we will store the error message into
# our errors array and then use a loop to fetch the error.
if (!empty($username) && !empty($password)) {
$errors[] = 'Wrong username or password.';
}
}
and then I use this to see if user is logged in:
if (isset($_SESSION['user'])) {
