I have designed a website and there is a logout option in sub menu.The code is in HTML and is here:-
<p>logout</p>
Now this successfully brings me back to the adminlogin.php page but after that whenever I press the back button present at the top of web browser I go to that page again where I was before pressing logout button. But this should not happen if I have pressed the logout button then there should be no way to go back to that page unless I login again
To avoid browser back button after logout:
You Have To Add the top of each page, to check if the user is logged
in. If not, they should be redirected to a login page:
Example:
<?php
if(!isset($_SESSION['username']) && !isset($_SESSION['useremail'])){
header("Location: login.php"); // redirect to login page or index page if email and username is not set in session
}
?>
Now on Logout page, Simply unset the username and useremail
session variable, and destroy the session or ( Cookies). what you set.
Example:
<?php
if(isset($_GET['logout'])) {
session_start();
session_destroy();
unset($_SESSION["username"]);
unset($_SESSION["useremail"]);
header('Location: index.php');
exit;
}
?>
Working CODE For All Pages After User Login: Home.php about.php contact.php etc..
Example:
<?php
// After User Login and come to home page.
require 'database_conn.php'; // Connection
session_start(); // Session start
?>
<?php
// If User is Not Login Then Redirect to `index` Page Automatically
//if(!isset($_SESSION['username']) && !isset($_SESSION['useremail']))
if(!isset($_SESSION['useremail'])){
header("Location: index.php");
// Redirect to index page if email is not set in session
}
?>
Working CODE For to Logout User: Logout.php
Example:
<?php
// After User Click On Logout page.
require 'database_conn.php'; // Connection
session_start(); // Session start
?>
<?php
if(isset($_POST['logout'])) {
if(isset($_SESSION['useremail'])){
unset($_SESSION["useremail"]);
session_destroy();
session_unset();
header('Location: index.php');
}
}
?>
Simple Logout Button
Logout
logout.php
<?php
if(isset($_GET['logout'])) {
session_start();
session_destroy();
header('Location: login.php');
exit;
}
?>
Or If Cookie Set Then
<?php
if(isset($_GET['logout'])) {
unset($_COOKIE['access_token']);
header('Location: login.php');
exit;
}
?>
You need session to do this.
So basically when you logged in you need to set session variable like
$_SESSION['loged_in']=1; // set session with desired name
And on logging out you need to destroy this session value
unset($_SESSION["loged_in"]); // unset specific session
or
session_destroy(); // destroy al
And most important part you need to check for this session value on each page where you don't want user to go with out log in. like
if(isset($_SESSION['loged_in']) && !empty($_SESSION['loged_in'])) {
redirect('login.php'); // redirect to log in page
}
Related
So far, I have only the login.html files which has login form, redirects user once logged on and logout function. What I want to do is once a user logs in, they redirect to but their username is displayed on the top of the page. And with the file... I just want it to be able to logout the user. So far on my website, I can login as far as I am concerned, and it redirects once user logs in, but I can login as many times as I want, and I can logout as many times as I want.... It's complicated to sort out and I want to do this without SQL or any other server-side storage (since I am only using HTML local storage).
You have to remove the session of username in logout code
unset($_SESSION['username']);
Hope this helps..If not,It would be better if you could provide the code, so that the problem can be sorted out
WRITE THIS ALL IN TOP PAGE
IN YOUR LOGIN PAGE
<?php
session_start();
if (isset($_POST["submit"])) {
$username = $_POST["username"];
$_SESSION["username"] = $username;
header('Refresh: 5; URL=GameWebsite.php')
}
?>
IN YOUR LOGOUT PAGE
if(isset($_SESSION['username']))
{
session_start();
session_unset();
session_destroy();
//Then you may redirect to the login page if you want after sometime.
echo " You have successfully logged out... You will be redirected back to the login page in a moment. ";
header('Refresh: 5; URL=login.php');
}
else
{
header("Location:login.php"); // HERE WHEN USER NO HAVE SESSION
}
IN ANOTHER PAGES YOU CHECK
if(isset($_SESSION['username']))
{
}else
{
header("Location:login.php"); // HERE WHEN USER NO HAVE SESSION
}
in your login page write on top
if(isset($_SESSION['username']))
{
header('Refresh: 5; URL=GameWebsite.html')
}
In your logout.php write
if(isset($_SESSION['username']))
{
session_start();
session_unset();
session_destroy();
//Then you may redirect to the login page if you want after sometime.
echo " You have successfully logged out... You will be redirected back to the login page in a moment. ";
header('Refresh: 5; URL=Login.html');
}
else
{
header("Location: login.php");
}
I'm pretty noob in PHP but I'm trying to exercise. Since yesterday I'm on a problem I can't even understand, I thought my code was correct but it seems wrong
So here is my function to allow pages for logged users only
functions.php
function logged_only()
{
if(session_status() == PHP_SESSION_NONE)
{
session_start();
}
if(!isset($_SESSION['auth']))
{
$_SESSION['flash']['danger'] = "You can't enter this page - not logged in";
header('Location: login/login.php');
exit();
}
}
So It's supposed to redirect me to login page if I'm not logged-in, simple
login.php
elseif(password_verify($_POST['password'], $user->password)){
$_SESSION['auth'] = $user;
$_SESSION['flash']['success'] = 'You're now connected';
header('Location: ../profile.php'); // user's homepage
exit();
There is some code above and under this, but it works pretty good.
So in this case the script should insert user's informations into his $_SESSION but it does nothing but redirect me at login.php. Also, the "profile.php" only contains "logged_only();" and a print_r (when I delete the redirection to login.php) of the $_SESSION, which shows nothing but "You can't access this page" (as I'm sending a message via $_SESSION)
Someone to guide me ? Thanks
You maybe should read about the session_start() in PHP: PHP Manual
In short words: session_start() starts a new session or recovers the already existing session with the client.
So after each redirect (also to your login.php) you need to call session_start().
There is no need for
if (session_status() == PHP_SESSION_NONE){
session_start();
}
You should only use
session_start();
(In both, your functions.php and your login.php) before accessing the $_SESSION variable.
functions.php
function logged_only(){
session_start();
if(!isset($_SESSION['auth'])){
$_SESSION['flash']['danger'] = "You can't enter this page - not logged in";
header('Location: login/login.php');
exit();
}
}
login.php
session_start();
// ... Rest of code
elseif(password_verify($_POST['password'], $user->password)){
$_SESSION['auth'] = $user;
$_SESSION['flash']['success'] = 'You're now connected';
header('Location: ../profile.php'); // user's homepage
exit();
I created a login page to a php form that I also created. Whenever I fill the form with the required fields, I get redirected to a 'Thank you for your submission' page, that has the link 'Go Back to Form'.
The problem is, when I press the 'Go Back to Form' link, it assumes that I am not logged in anymore, and so I get directed to a white page instead.
Login Page Code:
<?php session_start(); ?>
<?php
if (isset($_POST['submitlogin'])) {
$username1= $_POST['username'];
$pass1= $_POST['password'];
if($username1==$nomepass && $pass1==$passpass) {
$_SESSION['CurrentUser']= $username1;
echo '**HTML FORM**';
}
else
{
//...
}
}
?>
Form 'Thank you' Page:
HTML code Inside PHP echo
...
echo ' <p> Back to login page </p>' ;
On the login form and subsequent pages using sessions, put an if statement to check if the session that tells that a person has logged in is set. Then, it will redirect you to a home page or whatever page you want if you are logged in.
That way, if you are not logged in, you can login otherwise, it will redirect you
<?php
session_start();
if(isset($_SESSION['CurrentUser'])){
// redirect to some page
}
else{
// do something else
}
You could also make that line to read as:
if(isset($_SESSION['CurrentUser']) && !empty($_SESSION['CurrentUser']))
Normally we can use the session and call it on every page where I wan to allow the register user, for example..
This is you php code
if (isset($_POST['submitlogin'])) {
$username1= $_POST['username'];
$pass1= $_POST['password'];
if($username1==$nomepass && $pass1==$passpass) {
$_SESSION['CurrentUser']= $username1;
header('location:index.php');
}
Now you can code in the index page like this...
<?php
if(!isset($_SESSION['currentUser']))
{
header('location:signin.php');
}
?>
if the session is set tyhen the above code will keep you login otherwise you will redirect to signin page..
I am looking to placing all code above in header.php which I include.
The first few lines of header has :
<?php session_start();
if(!isset($_SESSION["loggedin"])){
header("Location: login.php");
exit;}
?>
The unfortunate consequence of this is that when the user gets redirected to login.php they hit a redirect loop.
Would the best way forward to be creating an If statement along the lines of pseudo:
if (page="login.php")
{
//do not redirect to login.php
}
Before the session_start();?
You can wrap the code
if(!isset($_SESSION["loggedin"])){
header("Location: login.php");
exit;}
In a function such as:
function ensureLoggedIn()
{
if (!isset($_SESSION["loggedin"]))
{
header("Location: login.php");
exit;
}
}
Then you call this function from all the pages where authentication is required.
Such as calling this function on secretpage.php will redirect to login.php if the user is not logged in.
Login.php should not have this function.
Before includeing header in login.php, do something like this:
$logging_in = true;
Then, modify header
if(!isset($_SESSION["loggedin"])){
to
if(!isset($_SESSION["loggedin"]) && !isset($logging_in))
In your login page you can check if the user is already logged in and redirect them to proper page.
<?php
if( userIsLoggedIn ){
//redirect to main page page or logout them forcefully
}
?>
//your login form can go here
When I login a new session is generated. How can I later know for which login the session was generated?
I am getting the session value, but how do I know which user the session is for and redirect him to that page?
You do not want to create a (new) session when the user is logging in. You create/resume the session on every page.
Here some example broken down to the essentials.
login.php
<?php
session_start();
if ($_POST['user'] == 'john' && $_POST['pwd'] == 'password') {
$_SESSION['loggedIn'] = true;
$_SESSION['firstname'] = 'John';
}
?>
admin.php
<?php
session_start();
if (!isset($_SESSION['loggedIn']) || !$_SESSION['loggedIn']) {
header('location: login.php');
exit();
}
echo 'Hello ' . $_SESSION['firstname'] . '!';
?>
A user visits admin.php
session_start() creates a new session. All data ($_SESSION) is stored on the server. A new cookie with the session's id is stored client-side.
The user is redirected to login.php in order there is no $_SESSION['loggedIn'] key set to true
session_start() revives the session by the cookie sent by the browser
The user submits a form and authenticates. Inside the $_SESSION array we note this.
User goes back to admin.php and can now access the page.