some contents of the header:
[code]
//LOGIN
//set the login function
//make sure the pass is (md5) encrypted before passing it to the function
function login($user, $pass){
//see if you can grab perms under that username and pass
$result = mysql_query(“SELECT `perms` FROM `users` WHERE `username` = ‘$user’ and `pass` = ‘$pass'”)
//(display a message if there is a mysql error)
or die(“Error retrieving user info from the database, MYSQL said: ” . mysql_error());
//if you can grab those perms, then their login info was correct
if(mysql_num_rows($result) > 0){
//set their username and perms to sessions
$_SESSION[‘user’] = $user;
$_SESSION[‘perms’] = mysql_result($result, 0);
//set their login info to a cookie so they dont have to re-login every time they close the bowser window
setcookie(“userpass”, $user . “[[[—___BREAK___—]]]” . $pass, time() + 3024000);
//tell the script theyre now logged in
return TRUE;
}
else{
//tell the script they must have entered the wrong login info
return FALSE;
}
}
//set the logout function
function logout(){
//kill their sessions
$_SESSION[‘user’] = FALSE;
$_SESSION[‘perms’] = FALSE;
//kill the cookie with their login info
setcookie(“userpass”, “” , -1);
return TRUE;
}
//grab the action
$action = $_GET[‘action’];
//if they wanted to log out
if($action == “logout”){
logout();
//tell them it all went according to plan
$_SESSION[‘response’] = $_SESSION[‘response’] . “You are now logged out.” . “<br />n”;
}
//if they already have a cookie with login info
if($_COOKIE[‘userpass’]){
//separate the username from the pass
$userpass_array = explode(“[[[—___BREAK___—]]]”, $_COOKIE[‘userpass’]);
//log them in
if(!login($userpass_array[0], $userpass_array[1])){
//but if their login info was wrong, kill the cookie
setcookie(“userpass”, “” , -1);
}
}
//if theyre logged in, double check their info
if($_SESSION[‘user’]){
$result = mysql_query(“SELECT * FROM `users` WHERE `username` = ‘” . $_SESSION[‘user’] . “‘”)
or die(“Error getting your user info, MySQL said: ” . mysql_error());
$user_info = mysql_fetch_array($result, MYSQL_ASSOC);
//as long as their account isnt frozen, theyre good
if($user_info[perms] != -1 && $user_info[username]){
$_SESSION[‘user’] = $user_info[username];
$_SESSION[‘perms’] = $user_info[perms];
}
//if their account became frozen or was deleted, log them out
else{
logout();
}
}
everything else must be good, because when i hit my logout link i DO get that “you have been successfully logged out” response, however the cookie hasnt been killed cus the page still shows my user info, no matter how many times i reload it or visit other pages. maybe i need to kill the session cookie?