i couldn't get sessions to destroy in PHP v4.3.1. - it seemed to set the variable $_SESSION['valid_user'] even when the login form is left blank (allowing you to login as anyone). so i made login a seperate function, and now the login function won't return true even if it's a valid attempt.. craziness

i was thinkin that maybe my approach is wrong, but, then nobody else seems to be able to tell me why it doesn't work. my apologies if i'm just blind

testdb.txt example:
myuserid|mypass

sessiontest.php example:
<?php

session_start();

if(isset($_POST['userid']) && isset($_POST['password']))
{
    // if user has just tried to login
    $userid = trim($_POST['userid']);
    $password = trim($_POST['password']);
}

// retrieve info from database, register id if they're in the database
$data = file('testdb.txt');
function login($db, $id, $pass)
{
    foreach($db as $key=>$value)
    {
        $divide = explode('|', $value);
        if(($divide[0] == "$id") && ($divide[1] == "$pass"))
            return true;
        else
            return false;
    }
}

if(@login($data, $userid, $password))
{
    $_SESSION['valid_user'] = $userid;

    $olduser = $_SESSION['valid_user'];
    $oldid = session_id();
    $_COOKIE = array();
    $_SESSION = array();
    $_REQUEST = array();
    session_destroy();
    echo '<html><body>';
    echo 'you are logged in as '.$olduser.' : '.$oldid.'<br>';
    echo '<br><a href="'.$_SERVER['PHP_SELF'].'">logout</a>';
}
elseif(isset($userid))
    echo 'could not log you in';
else
    echo 'you are not logged in';

?>
<html><body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table><tr><td>
userid:
</td><td>
<input type="text" name="userid">
</td></tr><tr><td>
password:
</td><td>
<input type="password" name="password">
</td></tr><tr><td colspan="2" align="center">
<input type="submit" value="login">
</td></tr></table></form>
</body></html>