finally got the login sessions working

core/header.php

@@ -2,9 +2,6 @@
 function display_header($title = "~chan") {
 	// Load in display variables
 	$title = $title ?? '~chan';
-	
-	// Start handing session stuff
-	session_start();
 ?>
 <!--
 # - # - # - # - # - # - # - # - # - # - # - # - # - # - #
@@ -44,8 +41,9 @@ function display_header($title = "~chan") {
 		<span style="float: right">
 			<b>profile:</b>	(
 <?php
-	if (($_SESSION['logged_in'] ?? false)) {
-		// I just decided to echo everything out here since the <?php ?\> syntax was ugly
+	session_start();
+	if (isset($_SESSION["username"])) {
+		// i just decided to echo everything out here since the <?php ?\> syntax was ugly
 		echo "<a href=\"/profile.php\">profile</a>";
 		echo " / ";
 		echo "<a href=\"logout.php\">log out</a>";

login.php

@@ -36,7 +36,6 @@ if($_SERVER['REQUEST_METHOD'] == 'POST') {
 	} 
 
 	session_start();	
-	$_SESSION['logged_id'] = true;
 	$_SESSION['id'] = $id;
 	$_SESSION['username'] = $username;
 	$_SESSION['admin'] = $admin;

logout.php

@@ -0,0 +1,24 @@
+<?php
+
+// Initialize the session.
+// If you are using session_name("something"), don't forget it now!
+session_start();
+
+// Unset all of the session variables.
+$_SESSION = array();
+
+// If it's desired to kill the session, also delete the session cookie.
+// Note: This will destroy the session, and not just the session data!
+if (ini_get("session.use_cookies")) {
+    $params = session_get_cookie_params();
+    setcookie(session_name(), '', time() - 42000,
+        $params["path"], $params["domain"],
+        $params["secure"], $params["httponly"]
+    );
+}
+
+// Finally, destroy the session.
+session_destroy();
+
+header('Location: /');
+?>