Untitled

<?php session_start();

 $error = "";
 $usuario1="";
 $password="";
 $form = $_POST['acceso_cuenta'];

 if($_SERVER['REQUEST_METHOD']=='POST'){

    $usuario1  = $_POST['login'];
    $password1 = $_POST['pass'];

        $strconn="dbname=postgres port=5432 host=127.0.0.1 user=xxx password=***";
        $conn=pg_Connect($strconn);

if(!$conn){
 //  "Error connection!!!";

}else{

  $query3 = "SELECT USUARIO FROM USERS WHERE USUARIO='$usuario1'
      AND E_CONTRASENIA='$password' AND LEVEL='TAMER_LEVEL_3'";

  $query2 = "SELECT USUARIO FROM USERS WHERE USUARIO='$usuario1'
      AND E_CONTRASENIA='$password' AND LEVEL='TAMER_LEVEL_2'";

      $result2=pg_query($conn,$query2);

      $result3=pg_query($conn,$query3);

         if(pg_num_rows($result3) != 0 ) { //success
             if(isset($_SESSION['logged-in']) || isset($_SESSION['user'])){
                   session_unset();
                   session_destroy();
                   }

             $_SESSION['logged-in'] = true;
             $_SESSION['user']=$usuario1;
             header('location: http://localhost/public_html/teacherLv3.php');
             exit;

          }else if(pg_num_rows($result2) != 0){
             if(isset($_SESSION['logged-in']) || isset($_SESSION['user'])){
                   session_unset();
                   session_destroy();
                   }

         $_SESSION['logged-in'] = true;
         $_SESSION['user']=$usuario1;
         header('location: http://localhost/public_html/teacherLv2.php');
         exit;

       }else {

           $error = "WRONG DATA.";
       }//
    pg_close($conn);

  } //else { $error = 'Don't leave blank spaces';}
 }//end of if server
 ?>

<?php
session_start();

// is the one accessing this page logged in or not?

 if ( (!isset($_SESSION['logged-in']) && $_SESSION['logged-in'] !== true)) {

// not logged in, move to login page
session_destroy();
header('Location: login.php');
exit;
  }
?>

<html>
  <?  echo "Welcome back Teacher_Level 3 MASTER  {$_SESSION['user']} " ; ?>
</html>

// is the one accessing this page logged in or not?

 if ( (!isset($_SESSION['logged-in']) && $_SESSION['logged-in'] !== true)) {

// not logged in, move to login page
session_destroy();
header('Location: login.php');
exit;
  }
?>

<html>
  <?  echo "Welcome back Teacher_Level 2 MASTER  {$_SESSION['user']} " ; ?>
</html>

// everything fine for logout???
session_unset();
session_destroy();
// rederict to login / home page or whatever...

if(pg_num_rows($result3) != 0 ) { //success
    if(isset($_SESSION['logged-in']) || isset($_SESSION['user']){
            session_unset();
            session_destroy();
        }
    $_SESSION['logged-in'] = true;
    $_SESSION['user']=$usuario1;
    header('location: http://localhost/public_html/teacherLv3.php');
    exit;
}else if(pg_num_rows($result2) != 0){
    if(isset($_SESSION['logged-in']) || isset($_SESSION['user']){
            session_unset();
            session_destroy();
        }
    $_SESSION['logged-in'] = true;
    $_SESSION['user']=$usuario1;
    header('location: http://localhost/public_html/teacherLv2.php');
    exit;
}

$r_addr = $_SERVER['REMOTE_ADDR'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$unique_string = hash('ripemd160', $user_agent . $r_addr);

if(logout_status == 1 || no_result){ // also check for no result, because if so you an unregisterd user. The safest way to handle this is to logout and login again...
    // Do the logout with session_unset, session_destroy
}

if($_SERVER['REQUEST_METHOD']=='POST' && empty($_SESSION['logged-in'])) {
    /* ... */
}