I am making a login system. When I press the log out link, it redirects to the log_out.php and instantly redirects to the log_in.php.
Here is the page with the link:
<html>
<body>
<?php
echo '<li class="right">Log out</li>';
session_start();
$name = $_SESSION["username"];
echo "You are $name.";
?>
<button onclick='window.location.assign("change_password.php")'>Change your password</button>
<button onclick='window.location.assign("delete_account.php")'>Delete this account</button>
</body>
</html>
And this is log_out.php:
<?php
session_start();
session_unset();
session_destroy();
?>
It didn't change even when I deleted everything from log_out.php.
When I copy the address and go to the page, It also redirects.
Please help me. I am desperate. Thanks for answer.
Related
I've spent a lot of time today researching this site for my solution but I have had no luck. I'm currently trying to learn php and working on my second project. I can only use PHP. I originally had my delete session and redirect in a separate logout.php file. This was working but then I found out that I can't do this. I've been instructed that I need to "clear the login, delete the session, and redirect back to the login page" and do this within an isPostBack in the results.php file. After a lot of research today I thought I was understanding how to do this but I can't get it to work. Hoping I can get some help.
<?php
session_start();
//require_once('cookies.php');
$isPostBack = filter_input(INPUT_GET, 'submit');
//this is where I need to do the isPostBack for user clicking "logout".
if ($isPostBack) {
// clear ALL session data from memory
// clean up the session and remove the session ID.
// redirect to index.php
endSession();
session_destroy();
header("Location: index.php");
} else {
// user did not click logout doNothing();
}
?>
<html lang="en">
<head>
<title>Results</title>
<link rel="stylesheet" type="text/css" href="">
</head>
<body>
<form action="results.php">
<input type="submit" id="submit" name="submit" value="Logout" />
</form>
<section>
<?php
foreach($_SESSION['answers'] as $answer){
echo "<p>$answer</p>";
}
?>
</section>
</body>
Try to provide name attribute
<input type="submit" id="submit" value="Logout" name="logout"/>
and use only logout variable in place of submit or provide two different fields
$isPostBack = filter_input(INPUT_GET, 'submit');
$isPostBack = filter_input(INPUT_GET, 'logout');
I seem to have found my solution. I needed to give the isPostBack variable a name that matched the name given to the logout button. I also needed to include !==NULL after the isPostBack. I changed endSession(); to $_SESSION = array(); According to my research, endSession(); "removes all session variables". It seems to be working as it should now. Here is my edited code.
<?php
session_start();
$isPostBack = filter_input(INPUT_GET, 'submit')!==NUll;
//this is where I need to do the isPostBack for user clicking "logout".
if ($isPostBack) {
// clear ALL session data from memory
// clean up the session and remove the session ID.
// redirect to index.php
$_SESSION = array();
session_destroy();
header("Location: index.php");
} else {
// user did not click logout doNothing();
}
?>
<html lang="en">
<head>
<title>Results</title>
<link rel="stylesheet" type="text/css" href="">
</head>
<body>
<form action="results.php">
<input type="submit" id="submit" name="submit" value="Logout" />
</form>
<section>
<?php
foreach($_SESSION['answers'] as $answer){
echo "<p> $answer</p>";
}
?>
</section>
</body>
If you need to remove se particular session values you can use unset()
unset ($_SESSION['userid'])
This question already has answers here:
proper way to logout from a session in PHP
(4 answers)
Closed 7 years ago.
I have a logout button which doesn't seem to work well. After clicking on it I can still see the "Welcome username" and the logout button is still there as in the picture below. Please let me know what's missing on my logout.php.
May I also ask how I could redirect the user back to the orginal page after clicking logout ? I try to use "header('Location: ' . $_SERVER['HTTP_REFERER']);" but it doesn't work ?
Index.php
<?php
ini_set("session.save_path", "sessionData");
session_start();
?>
<?php if (!isset($_SESSION['uName'])) { ?>
<form method="post" action="logonProcess.php">
<div>Username <input type="text" name="userName" placeholder="Username"></div>
<div>Password <input type="password" name="pwd" placeholder="Password"></div>
<div><input type="submit" value="Logon"></div>
</form>
<?php } else { }?>
<?php if (isset($_SESSION['uName'])) {
$username = $_SESSION['uName'];
echo "<p>Welcome $username</p>\n";
?>
Logout
<?php } else { }?>
Logout.php
<?php
unset($_SESSION['user']);
session_destroy(); // Destroying All Sessions
header("Location: index.php"); // Redirecting To Home Page
?>
Try starting session first:
Logout.php
<?php
session_start();
unset($_SESSION['uName']);
session_destroy(); // Destroying All Sessions
header("Location: index.php"); // Redirecting To Home Page
?>
source from: http://www.hackingwithphp.com/10/3/5/ending-a-session
try adding this to your logout file:
unset($_SESSION['uName']);
All your scripts that use sessions need to use the same session.save_path setting. Since you set that in index.php, you also need to set it in logout.php. Otherwise, logout.php won't be able to access the session data.
So I've searched this site about this issue and tried what has been suggested and still no luck. I thought maybe it was my 'server' (On my tablet using KSWEB, no computer right now) so I created 2 simple files to share a session variable between the two and it worked fine. I have no idea why this isn't working for these two. I'm trying to create a login page (an insecure one, I know). The error function USED to work (this is what gets me), and now it doesn't. The files are below. I only included the top portion of admin.php because I've commented out the rest. It really shouldn't matter. Right now, if you submit the form without entering anything into the admin prompt, an error should display next to the asterisk saying "Admin needs to be filled out". Despite my best efforts, this doesn't work anymore and I'm completely stumped as to why.
Login.php
<?php
session_start();
?>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
<script>
function submitForm()
{
document.adminform.submit();
}
</script>
</head>
<?php echo $_SESSION["adminErr"];?>
<h2>Administrator login page</h2>
<form method="post" action="admin.php" name="adminform">
Admin: <input type="text" name="admin" style="position:absolute; left:100px">
<span class="error" style="position:absolute; left:285px">*<?php echo $_SESSION["adminErr"];?></span>
<br><br>
Password: <input type="password" name="password" style="position:absolute; left:100px">
<span class="error" style="position:absolute; left:285px">*<?php echo $_SESSION["passwordErr"];?></span>
<br><br>
<button onclick="submitForm()">Submit</button>
</form>
<br><br><br>
<p><?php echo $_SESSION["flogin"];?></p>
</html>
<?php
session_destroy();
?>
Admin.php
<?php
session_start();
if ($_SERVER["REQUEST_METHOD"] == POST)
{
if (empty($_POST["admin"])) // Check to make sure Admin field is filled out
{
$_SESSION["adminErr"] = "Admin field must filled"; // Set error if not filled
header("location:login.php"); // Return to login page
}
}
?>
Don't destroy the session at the end of the file..
</html>
<?php
session_destroy();
?>
Also you should put exit; after each header('Location: ...');.
When sending the header, the browser recognized to change the location but the script does not end. The browser in fact, would not even have to follow the header, it can also just go on with the script. You have to stop the script because the headers do not exit the script.
instead of
<button onclick="submitForm()">Submit</button>
use
<input type="submit" value="Submit">
Then put a check before echoing
<?php echo isset($_SESSION["adminErr"])? $_SESSION["adminErr"]: "not set" ;?>
further debugging:
var_dump($_POST);
var_dump($_POST["admin"]);
var_dump($_SESSION);
var_dump($_SESSION["adminErr"]);
I am doing a project in school, I need to know a simple way to stop poeple from entering the site without a session. I have alot of pages I don't believe I spent the time pasting code on every page. Also I have menu bar that is included in every page thanks to php, so i was wondering wat type of code would I have to put in the menu to block user without a session. The rest of the content code is on the pages that I want to hide. I believe that you can login by typing out the url and allow users to see hidden pages that are for logged in users.
Please do not use a plain cookie. Sessions are the way to go. Or if can't use sessions and must use a cookie, sign the cookies first to be able to verify that your application was really the one to set it.
<?php
session_start();
if (!isset($_SESSION['authenticated'])) {
header('Location: login.php');
exit;
}
... whatever logged in users should see ..
If you don't want to use session, then use cookie.
<?php
/*Just add this piece of PHP code to top of any page you
don't want not-logged in users to see */
if (!isset($_COOKIE['logged']))
header("Location: login.php"); //It redirects the user to your login page
?>
<html>
<body>
...
</body>
</html>
Login page could be like this:
<?php
if (isset($_COOKIE['logged']))
header("home.php");
if ($_POST['submit']) {
//get username and password
$uname = $_POST['uname'];
$pass = $_POST['password'];
if ($uname=="correct" && $pass=="correct"){ //EDIT
setcookie('logged','1');
header("Location: home.php"); //Redirect to home page
}
else echo "Wrong combinaton!";
}
?>
<html>
<body>
<form action="login.php" method="post">
<label>Username</label><input type="text" name="uname" /><br />
<label>Password</label><input type="password" name="pass" /><br />
<input type="submit" name="submit" value="Login" />
</form>
</body>
</html>
Please i need your help with my script. I'm trying to post comments to news items on sections on my website only for users who are logged in. If they are not, they are shown a link to Login or Register, and the "Post A Comment" inputbox does not display.
Then when they login the form should display.
The form does not display, when they are not logged in, but it does not also show the form when they are logged in.
Please where could the broblem be.. Thank you for your time and patience. I apppreciate it.
<?php
if (!isset($_SESSION['username'])) {
echo "Login OR <a href=\"register.php\">Register</ a> to make a comment" ;
}
exit();
?>
<?php
if (isset($_POST['submit'])) {
//process form
}
?>
Post A Comment <br/>
<form action="<?php echo $_SERVER ['PHP_SELF']; ?>" method="post">
<textarea type="text" name = "comment_body" title='Post A Comment' class='OpenInput_Text' ></ textarea><br/>
<input type="submit" name="submit" value="Post Comment">
</form>
</div>
</div>
You will need to start your sessions.
Replace
<?php
if (!isset($_SESSION['username'])) {
With
<?php
session_start();
if (!isset($_SESSION['username'])) {
.. It's because you are exiting the script in with an
exit();
I think you want to push it one line up, to end the script if the user is not logged in.
Move the exit() inside if (!isset($_SESSION['username'])) { ... } instead of after it.