New to php , still learning how to hash and verify has passwords. But before i get there, I need help with whats going wrong with my code. I can register, it saves the values to my db. but when entering my home.php or any other pages that use
<?php
session_start();
if (!isset($_SESSION['username'])) {
$_SESSION['msg'] = "You must log in first";
header('location: login.php');
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['username']);
header("location: login.php");
}
?>
with my login/register.php files containing the codes
$password = md5($password_1);
$query = "SELECT * FROM loginsystem WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: home.php');
}else {
array_push($errors, "Wrong username/password combination");
But everything redirects to login.php and resets the values as if i want it to destroy sessions. Is there something im doing wrong with validating sessions?