I'm currently working on a website that requires users to log in with a username and password. The password security is handled at the folder level by a Realm within the operating system of the web server. This will have to do for the time being till we come up with a suitable PHP log-in mechanism. I have three files (See code snippets at the bottom).
The method is: - On index.php, select the Log In button. - To access the authenticated index file, provide the login and password. To delete the cache and send the user back to the top-level index, click the logout button, which calls the logout.php code.
In essence, what I want to happen is that it doesn't "destroy the session" in the sense that you aren't requested to input the password again.
I'm a little lost on this one because of how little I know about PHP.
index.php (top-level file with login button)
<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Test</title>
</head>
<body>
<a href="authenticate/index.php">Log In Btn</a>
</body>
</html>
authenticate/index.php (This folder is password protected - contains the index file with the log out button which links to the logout.php file)
<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Log out</title>
</head>
<body>
<a href="logout.php">Log Out Btn</a>
</body>
</html>
authenticate/logout.php
<?php
session_start(); //to ensure you are using same session
session_destroy(); //destroy the session
header("location:/index.php"); //to redirect back to "index.php" after logging out
exit();
?>
Can someone please help me with this?