I want to disconnect a user by clicking on a button, and at the time of this click, record in a mySQL database the score of the player, which was until then in a session variable.
Knowing that the disconnection can be done like this:
<?php
session_start();
$_SESSION = [];
session_destroy();
header('Location: ../../index.php');
I tried to do this:
<?php
session_start();
require('actions/database.php');
$updateScore = $bdd->prepare("UPDATE `users` SET score=? WHERE id=?");
$updateScore->execute(array($_SESSION['score'], $_SESSION['id']));
$_SESSION = [];
session_destroy();
header('Location: ../../index.php');
but it's not working :/
I'm a totally beginner in these languages so this question is probably very silly, sorry in advance.
thanks for reading :)
Related
I am making an html login page which will submit a form to a php page to check to see if user details lie in an established username access database.
If the username and password correspond to a row in the database, the php redirects to an mainpage (mainpage.html), otherwise it redirects back to the login page (LOGINPAGE.html).
The if function I have used to achieve this in my php script is as follows:
if(odbc_fetch_row($DetailCheckExec)) //If username corresponds with password
header('Location: mainpage.html');
else
header('Location: LOGINPAGE.html');
The problem is, the php doesn't seem to redirect. Even if I simplify my code to simply redirect, nothing changes. i.e.
<?php
header("Location: LOGINPAGE.html");
exit;
?>
won't work either.
Any help is appreciated thank you.
well i dont know the function "(odbc_fetch_row($DetailCheckExec)" but there's a step by step login that I made i hope it works
if ((isset($_POST['user'])) and (isset($_POST['password'])))
{//checks if the inputs in the form are empty
//sets two variables with the value of the imputs
$usuario = $_POST['user'];
$clave = $_POST['password'];
//then selects the row where the values are equal in the database
$consulta = "SELECT usuario, contrasena FROM `usuarios`
WHERE usuario = '$usuario' and contrasena = '$clave'";
$resultados=mysqli_query($con,$consulta);
while(($fila=mysqli_fetch_array($resultados))){
$vpeso = $fila['peso'];
$vestatura = $fila['estatura'];
$vusuario = $fila['usuario'];
}
if(($resultados) AND ((isset($vusuario)) and ($vusuario <> '') )){
//starts session
session_start();
//stablishes the user in the session
$_SESSION['usuario'] = $usuario;
//if the user doesn't exist it will bring to signup.php for example
}else{
header("Location: signup.php");
}
}
well I hope it works, sorry for not changing the variable names haha
Hello I have question about updating mysql db field with enum 1 and 0 and when the user log in it change it to 1 but when user log out i tried doing this but it won't work...
Also I tried make it as button and if btn is pressed do something and then go to logout.php but it didnt work ...
So my code is this ...
<?php include_once('connect.php');
$logger = $_SESSION["login"];
session_start();
session_unset();
session_destroy();
$mysqli = "UPDATE table SET field='0' WHERE email='$logger'";
if(mysqli_query($con, $mysqli)){
header("Location: index.php");}else echo "Something went wrong!";
?>
Your issue isn't to do with the other two answers, #Gopal states that you should destroy after unsetting the session, however you are setting the variable before unsetting the session. #Marmik also doesn't solve the issue.
Your problem lies here:
$logger = $_SESSION["login"];
session_start();
You're trying to access the session variable before you actually start the session. This is going to give you a blank $logger which you may find if you use echo $logger.
So, how do we solve this. Essentially, we just swap two lines around, so that session_start() is before we try accessing the session variables.
session_start();
$logger = $_SESSION["login"];
If this fails, you may want to check that $_SESSION["login"] has actually been set in the first place with a quick echo $_SESSION['login']; after session_start();
Good luck!
Give session_unset(); session_destroy(); After update query of the table.
what you can do is you can check the session that he is really logedin or not
On Logout.php
<?php
#session_start();
if(!empty($_SESSION['login'])){
include_once('connect.php');
$logger = $_SESSION["login"];
$mysqli = "UPDATE table SET field='0' WHERE email='$logger'";
if(mysqli_query($con, $mysqli)){
session_unset();
session_destroy();
header("Location: index.php");
}
else {
echo "Something went wrong!"
};
}
?>
I know I can't use two session start codes in a same php page but for the sake of updating user account, I need the below code and I need to use session_start twice. One, to check if the user is not logged in, then redirect them and banned them from seeing the update info page and also the other session start has to be there so that my session variables could be set automatically in the update info page if the user is logged in.
anyways, I am getting this error can you guys please show me a work around way? if there's any?
thanks.
Notice: A session had already been started - ignoring session_start() in ....
<?php session_start();
if(isset($_SESSION['userid'])) {
} else {
header('Location: login.php');
}
?>
<?php
$user = $_SESSION['userid'];
$myquery = "SELECT * FROM our_users WHERE `userid`='$user'";
$result = mysqli_query($conn, $thequery);
$row = mysqli_fetch_array($result, MYSQLI_BOTH);
session_start(); /* Basically this right here gets ignored. */
$_SESSION["user_first_name"] = $row['fn'];
$_SESSION["user_last_name"] = $row['ln'];
$_SESSION["user_email"] = $row['em'];
$_SESSION["user_password"] = $row['pw'];
?>
I have created a user authentication system with necessary DB tables and php.
THe first time before I login (Before any SESSION is created) the redirect on every page works perfect (ie Redirects to the login page if not logged in).
But once I login with a user and then logout the same doesnt work. I think it might be a problem with not ending the SESSION (Sorry if am wrong)
Here are some pieces of the code in each Page
Login PHP
<?php
session_start();
$message="";
if(count($_POST)>0)
{
include('config.php');
echo $_POST['username'];
$result = mysql_query("SELECT * FROM members WHERE username='" . $_POST["username"] . "' and password = '". $_POST["password"]."'");
$row = mysql_fetch_array($result);
if(is_array($row))
{
$_SESSION["id"] = $row[ID];
$_SESSION["username"] = $row[username];
$_SESSION["password"] = $row[password];
$_SESSION["mname"] = $row[mname];
$_SESSION["fname"] = $row[fname];
date_default_timezone_set("Asia/Calcutta");
$lastlog=date("d/m/Y");
$logtime=date("h:i a");
$query = "UPDATE `members` SET `lastlogin`='$lastlog',`logintime`='$logtime' WHERE `ID`='$row[ID]'";
mysql_query($query);
$_SESSION['logged'] = TRUE;
}
else
{
echo "<SCRIPT>
alert('Wrong Username/Password or Awaiting Approval');
</SCRIPT>";
header("Location:login_failed.html");
}
}
if(isset($_SESSION["id"])) {
header("Location:member/myprofile.php");
}
?>
PHP code on every page
<?php
session_start();
include('config.php');
if(!$_SESSION['logged'])
{
header("Location: ../login.html");
exit;
} ?>
And Finally Logout
<?php
session_start();
unset($_SESSION["id"]);
unset($_SESSION["username"]);
unset($_SESSION["password"]);
unset($_SESSION["mname"]);
unset($_SESSION["fname"]);
header("Location:../login.html");
?>
Is there any problem with my Code. Am i missing something? I couldn't get it right. Pls Help
Thanks guys got it solved..
Now can you tell me How I can redirect login.php to user home page(myprofile.php) in case the User is logged in (Session exists) - Like facebook,gmail etc
Instead of calling unset() on each session var, you can simply use session_destroy(), which will destroy all of the current session data.
session_start();
session_destroy();
header("Location:../login.html");
For complete destructive power, you might also want to kill the session cookie:
setcookie(session_name(), '', 1);
See this question for a more complete example of session logout.
You need to unset $_SESSION['logged']
Also you should reference keys in the $row variable with strings. Eg $row['username'];.
Turning on E_NOTICE level warnings with error_reporting will help you with this.
If you haven't already, reset the session login
unset($_SESSION['logged']);
Or just change it to false
$_SESSION['logged'] = false;
When you are directly hitting a page in address bar for the first time then its a new request which goes to the server and server checks for existing session as written in your code. But its not same when you are pressing back button after logout. In this case there is no request is going to the server instead the request is fetched from browser cache. If you want to disable this situation then you have to tell browser explicitly to not to store your page in cache memory. For more detail please go through this link
So i'm basically messing around with my own cms type system at the moment and running into some problems with php sessions. Below is a rough explanation on what i have,
All the SQL is working fine as if i remove the sessions i get no login errors (unless i put in incorrect credentials),
$query = "SELECT * FROM `test` WHERE username='$user' AND password='$pass_md'";
$result = mysql_query($query) or die("Error: " . mysql_error());
$rows = mysql_num_rows($result);
$data = mysql_fetch_assoc($result);
if($rows == 1){
$_SESSION['expire'] = time() + (10 * 60);
$_SESSION['id'] = $data['id'];
header("Location: admin.php");
}
else {
header("Location: ulogin.php?login=failed");
}
So in admin.php i have this,
<?php
session_start();
if(!(isset($_SESSION['id']))){
header("Location: ulogin.php");
}
?>
My issue is it is logging me in and then passing me straight back to ulogin.php so i'm assuming i have an empty session however i am inserting the user id into the session.
Any help would be greatly appreciated, i'm probably missing something pretty obvious, i'm not the most advanced php developer so yeh, need some more eyes on it.
Thanks
Found the issue, because i was using 2 seperate login pages (One for the frontend and one for the backend) i was missing;
<?php
session_start();
?>
from one of my login pages, sorted now, thanks all for the comments that actually made me triple check that!