Untitled

CREATE TABLE `login` (
  `id` int(10) NOT NULL auto_increment,
  `username` varchar(20) NOT NULL,
  `password` varchar(20) NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=3 ;

<?php

 $hostname = 'localhost';        // Your MySQL hostname. Usualy named as 'localhost',     so you're NOT necessary to change this even this script has already     online on the internet.
$dbname   = ''; // Your database name.
$username = '';             // Your database username.
$password = '';                 // Your database password. If your database has no     password, leave it empty.

// Let's connect to host
mysql_connect($hostname, $username, $password) or DIE('Connection to host is failed,     perhaps the service is down!');
// Select the database
mysql_select_db($dbname) or DIE('Database name is not available!');

?>

<?php

// Inialize session
session_start();

// Check, if user is already login, then jump to secured page
if (isset($_SESSION['username'])) {
header('Location: securedpage.php');
}

?>
<html>

<head>
<title>PHPMySimpleLogin 0.3</title>
</head>

<body>

 <h3>User Login</h3>

<table border="0">
<form method="POST" action="loginproc.php">
<tr><td>Username</td><td>:</td><td><input type="text" name="username" size="20">        </td></tr>
<tr><td>Password</td><td>:</td><td><input type="password" name="password"     size="20">    </td></tr>
<tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" value="Login"></td></tr>
</form>
</table>

</body>

</html>

<?php

// Inialize session
session_start();

// Include database connection settings
include('config.inc');

// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM user WHERE (username = '" .     mysql_real_escape_string($_POST['username']) . "') and (password = '" .     mysql_real_escape_string(md5($_POST['password'])) . "')");

// Check username and password match
 if (mysql_num_rows($login) == 1) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
 header('Location: securedpage.php');
}
else {
// Jump to login page
header('Location: index.php');
}

?>

<?php

// Inialize session
session_start();

// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username'])) {
header('Location: index.php');
}

?>
<html>

<head>
<title>Secured Page</title>
</head>

<body>

<p>This is secured page with session: <b><?php echo $_SESSION['username']; ?></b>
<br>You can put your restricted information here.</p>
<p><a href="logout.php">Logout</a></p>

</body>

</html>

<?php

// Inialize session
session_start();

// Delete certain session
unset($_SESSION['username']);
// Delete all session variables
// session_destroy();

// Jump to login page
header('Location: index.php');

?>

if (mysql_num_rows($login) == 1)

password = '" .    md5(mysql_real_escape_string($_POST['password']))

...
if (!isset($_SESSION['username'])==null)
{
    header('Location: index.php');
}
...

...
if (!isset($_SESSION['username']))
{
    header('Location: index.php');
}
...

session_start();
    error_reporting(E_ALL ^ (E_NOTICE | E_WARNING));
            if(session_is_registered['username']){
                    unset($_SESSION['username']);
                    session_destroy($_SESSION['username']);
                    print "<script>alert('Anda berhasil logout'); location = '/'; </script>";
            }