So, I have a registration and login system working perfectly using PHP and MySQL. My logout isn't working. I have my logout button linked to this script, when I click it the page refreshes but i'm still logged in. Any suggestions
<?php
session_start();
if (!isset($_SESSION['Name'])) {
header("Location: ../index.php");
} else if(isset($_SESSION['Name'])!="") {
header("Location: Home.php");
}
if (isset($_GET['Name'])) {
unset($_SESSION['Name']);
session_unset();
session_destroy();
header("Location: ../index.php");
exit;
}
?>
You have to correct the line
else if(isset($_SESSION['Name'])!="")
to
else if(isset($_SESSION['Name']) && $_SESSION['Name'] !="")
Otherwise it tries to compare a boolean with a string.
Related
I have a simple website trying to figure out how to redirect to home.php after login at the moment it just stays in the login page.
<?php
session_start();
if (!isset($_SESSION['username'])) {
$_SESSION['msg'] = "You must log in first";
header('location: login.php');
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['username']);
header("location: login.php");
}
?>
Add to login.php:
if (isset($_SESSION['username'])) {
header("Location: /home.php");
}
<?php
session_start();
?>
<?php
if($_SESSION['type'] ==='admin'){
header("Location: admin.php");
}elseif{
if($_SESSION['type'] ==='member'){
header("Location: success.php");
}else{
if(isset($_SESSION['type'] == false){
header("Location: user.php");
}
?>
When clicking on the account button, the first thing the page will do is check for the session cookie, it should do 1 of 3 things. First being to check if they're already logged in as an admin, if so take them to the admin page, second being if they're logged in as a member then take them to their specific page. Lastly to check if the session cookie exists at all, if it doesent then load the page. Am I incorrectly using the else statement checking for the session? I'm a little confused now.
I also understand that this may be open to SQL injections, currently working on the basics and then security after as a sub project.
<?php
session_start();
?>
<?php
if($_SESSION['type'] ==='admin'){
header("Location: admin.php");
}
else if ($_SESSION['type'] ==='member'){
header("Location: success.php");
}
else if(isset($_SESSION['type']) == false){{
header("Location: user.php");
}
?>
This is how to use the else if statement in a proper way.
I added login to my site, everything works except one thing: if a user who is not logged in is not redirected to login.php, I tried several things please help me, Thanks.
process.php (login process):
if ($row['username'] == $username && $row['password'] == $password && ("" !== $username || "" !== $password)){
$_SESSION["users"] = $row['username'];
$_SESSION['login'] = true;
header("Location: https://**********/inde.php");
} else {
header("Location: error.php");
}
logout.php:
session_start();
$_SESSION['users'] = NULL;
$_SESSION['login'] = false;
header("location: https://**********/login.php");
exit();
On all pages of the website I added:
include("content/login_verif.php");
login_verif.php:
session_start();
if $_SESSION['login'] != true;
{
header('Location: https://**********/login.php');
exit();
}
Simply put a safeguard in your home page. Check whether both $_SESSION['users'] and $_SESSION['login'] is set or not. If either of them is not set, then redirect the user to login page.
login_verif.php
session_start();
if(!isset($_SESSION['users']) || !isset($_SESSION['login'])){
// redirect the user to login page
header('Location: https://ferapps.altervista.org/tia/content/login/login.php');
exit();
}
and include this login_verif.php page in the following way,
require_once("content/login_verif.php");
And that's not how you should logout a user. You need to properly clear the cookies and destroy the sessions, so your logout.php page should be like this:
logout.php
<?php
session_start();
if(!isset($_SESSION['users']) || !isset($_SESSION['login'])){
// redirect the user to login page
header('Location: https://ferapps.altervista.org/tia/content/login/login.php');
exit();
}
$_SESSION = array();
if(isset($_COOKIE[session_name()])){
setcookie(session_name(),'',time()-42000,'/');
}
session_destroy();
// redirect the user to login page
header('Location: https://ferapps.altervista.org/tia/content/login/login.php');
exit();
?>
The issue here is the incorrect use of "file_get_contents".
file_get_contents as explained at http://php.net/manual/en/function.file-get-contents.php is a way to fetch the content of another file and return it in a string format.
If you wanna extend a file with another files code you should look into require and/or include.
For your current code, swap out
file_get_contents("content/login_verif.php");
For
require("content/login_verif.php");
Information regarding include: http://php.net/manual/en/function.include.php
Information regarding require: http://php.net/manual/en/function.require.php
file_get_contents()
is used to output the contents of a file as a string.
You want
include("content/login_verif.php");
instead. And
if $_SESSION['login'] != true;
should be
if ($_SESSION['login'] != true)
My login form works fine but on my index page I have a script that redirects the user to login if not logged in but it gives me an error, also if i remove the code it'll work fine Here's the code:
<?php
session_start();
include_once 'db.php';
if(isset($_SESSION['usr_id'])!="") {
header("Location: index.php");
}
if(!isset($_SESSION['usr_id'])!="") {
header("Location: login.php");
}
?>
You need only the second condition:
if (!isset($_SESSION['usr_id'])) {
header("Location: login.php");
}
Adding the first condition it will end up in an infinite loop.
As I can see here, you are try to check existent the index in a wrong way, check this code instead
<?php
session_start();
include_once 'db.php';
if(isset($_SESSION['usr_id']) && !empty($_SESSION['usr_id'])) {
header("Location: index.php");
}
else
{
header("Location: login.php");
}
?>
UPDATE
as mentioned in comments, don't do this in index.php. if you are in index.php remove else block
if (!isset($_SESSION['usr_id'])) {
header("Location: login.php");
exit;
}
Try using else instead another if
I like to know how to use a condition on php sessions
in this code if the user is not loged in page will redirect to login.php.
<?
session_start();
if(!session_is_registered(username)){
header("location: login.php");
}
?>
what i want is to redirect user to another php if the user is loged in. if not stay on the same page. like if user is not loged in keep the user in index page and if user is loged in redirect the user to user.php
for the login script im using a code fount in this site :http://www.phpeasystep.com/phptu/6.html
thanks in advance.
Set a variable in $_SESSION when you have logged in.
i.e. in login.php:
if ( $passWordCorrect ) {
session_start();
$_SESSION['loggedIn'] = true;
}
in index.php:
session_start();
if ( !empty( $_SESSION['loggedIn'] ) ) {
// User logged in; do magic.
} else {
header('Location: user.php');
}
<?
session_start();
if(!$_SESSION['username]){
header("location: login.php");
}
?>
And in login page you asign the variable like this:
<?php
session_start();
$_SESSION['username']='JohnDoe';
?>
The code is on the same page as the tutorial you linked to:
<?php
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>
But really you should be using the $_SESSION variable. On the login page:
<?php
session_start()
$_SESSION['username'] = $username;
?>
And then on the other pages:
<?php
session_start()
if (!isset($_SESSION['username'])) {
header('location: login.php')
}
?>
UPDATE
It is better to not use short tags (i.e. <?php instead of ?>)