I'm having trouble with my log in code for my website, the system allows for a user to log in and log out successfully however when the user is logged in and clicks on another webpage link, its signs them out. I want them to stay logged in on all pages until the user clicks log out themselves.
The loginform.php:
<div id="contact">
<form id="form" action="<?php $_SERVER['PHP_SELF'];?>" method="post">
Username: <input type="text" name="liusername" id="liusername">
Password: <input type="password" name="lipassword" id="lipassword">
<input type='submit' value='Login' name="lisubmit">
</form>
</div>
PHP code on heading.php:
<?php
if ($_SESSION['loggedin'] === true){
echo "You have signed in - <a href='loggedout.php'>Click here to log out</a>";
} ELSE {
INCLUDE 'loginform.php';
}
if (isset($_POST['lisubmit'])){
$query = "SELECT user_id, user_password, user_username FROM users WHERE
user_username = '".$_POST['liusername']."'";
$result = mysql_query($query) or die (mysql_error());
$row = mysql_fetch_array($result);
if ($row['user_password'] === $_POST['lipassword'] && $row['user_username'] === $_POST['liusername']){
$_SESSION['loggedin'] = true;
$_SESSION['id'] = $row['user_id'];
}else{
$_SESSION['loggedin'] = false;
$_SESSION['id'] = 0;
INCLUDE 'loginform.php';
}
}
?>
Index.php:
if(empty($_SESSION['loggedin'])){$_SESSION['loggedin'] = false;
}
Loggedout.php:
<?php
session_start();
$_SESSION= ARRAY();
SESSION_DESTROY();
HEADER('location: index.php');
?>