For login im using a session_start(), for desktop its works fine, but on mobile, it doesnt work. When I make a session_id() with variable, for example, session_id('login') its works on mobile, but break other sessions on other computers. But when session_id() is generated automatically, it doesn't work on mobile. What should I do?
My session_start code on index.php
session_start();
if (isset($_SESSION['username'])){
session_id();
}
Whole code for login.php file
<?php
require('config.php');
$usernameOK = false; $passwordOK = false;
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$UserQuery = "SELECT username FROM `members` WHERE username='$username'";
$userTestResult = mysqli_query($connection, $UserQuery);
$usernameTEST = mysqli_num_rows($userTestResult);
if($usernameTEST == 1){$usernameOK = true;}
$PasswordQuery = "SELECT password FROM `members` WHERE username='$username'";
$result = mysqli_query($connection,$PasswordQuery);
$row = mysqli_fetch_row($result);
if (password_verify($password, $row[0])){$passwordOK = true;}
if($usernameOK == true && $passwordOK == true){
$_SESSION['username'] = $username;
}else{
$error_message = "Incorrect login data";
}
}
if (isset($_SESSION['username'])){
header("Location: ../");
exit;
}else{?>
<form class="login-form" method="POST">
<?php if(isset($error_message)){ ?><div class="mini-mes error"> <?php echo $error_message; ?> </div><?php } ?>
<span class="placeholder">username</span>
<input type="text" name="username" placeholder="username" required>
<span class="placeholder">password</span>
<input type="password" name="password" id="inputPassword" placeholder="password" required>
<button type="submit">Login</button>
<a class="form-link" href="register.php">Register</a>
</form>
<?php } ?>
Not really sure what your code does, because I dont see anything regarding setting the username or anything of that sort. What your code does is, it starts the session and checks if username variable in session is set, and if YES, it calls session_id.
Can you use this to check if the session is created properly?
session_start();
if (session_status() !== PHP_SESSION_NONE)
{
echo session_id();
}
Starts a session and shows you the session ID if the session_status is not PHP_SESSION_NONE
You don't need to do a session_id() to start a session, session_start() is enough.
I've tested the following on Safari on iPhone 6 (just add the db query part back if you want):
testa.php
<?php
//require('config.php');
session_start();
echo "Session ID: ".session_id()." <br>\n";
$usernameOK = false;
$passwordOK = false;
if (isset($_POST['username']) and isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$usernameOK = true;
$passwordOK = true;
if ($usernameOK == true && $passwordOK == true) {
$_SESSION['username'] = $username;
} else {
$error_message = "Incorrect login data";
}
}
if (isset($_SESSION['username'])) {
header("Location: ../");
exit;
} else {
?>
<form class="login-form" method="POST">
<?php if (isset($error_message)) { ?>
<div class="mini-mes error"> <?php echo $error_message; ?> </div><?php } ?>
<span class="placeholder">username</span>
<input type="text" name="username" placeholder="username" required>
<span class="placeholder">password</span>
<input type="password" name="password" id="inputPassword" placeholder="password" required>
<button type="submit">Login</button>
<a class="form-link" href="register.php">Register</a>
</form>
<?php } ?>
testb.php
<?php
session_start();
echo "Session ID: ".session_id()." <br>\n";
echo "Data stored in session: {$_SESSION['username']}<br>\n";
Clear data/cookies on your mobile browser (or just go into incognito mode). This will make sure you "start from scratch".
Open testa.php on your mobile browser. Take note of the session id shown. Enter your login details and tap Submit. The next page may show blank.
Open testb.php. Again, take note of the session id shown. It should be equal to the session id shown in test1.php. If they are different then it is possible your mobile browser is configured not to accept cookies.
I've personally tested this on Safari on iPhone 6 and I was able to get the username data from session.
PS. A friendly reminder: don't forget to escape the data you use in queries (i.e. $username and $password). Use mysqli_real_escape_string, or use prepared statements. For security.
Maybe you are experiencing some conflict issues:
My session_start code
if (isset($_SESSION['username'])){
session_id();
} else if (!isset($_SESSION)){
session_start();
}
Whole code for login.php file
<?php
require('config.php');
$usernameOK = false; $passwordOK = false;
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$UserQuery = "SELECT username FROM `members` WHERE username='$username'";
$userTestResult = mysqli_query($connection, $UserQuery);
$usernameTEST = mysqli_num_rows($userTestResult);
if($usernameTEST == 1){$usernameOK = true;}
$PasswordQuery = "SELECT password FROM `members` WHERE username='$username'";
$result = mysqli_query($connection,$PasswordQuery);
$row = mysqli_fetch_row($result);
if($usernameOK == true && password_verify($password, $row[0])){
if (isset($_SESSION)){
$_SESSION['username'] = $username;
} else{
session_start();
$_SESSION['username'] = $username;
}
}else{
$error_message = "Incorrect login data";
}
}
if (isset($_SESSION['username'])){
header("Location: ../");
exit;
}else{?>
<form class="login-form" method="POST">
<?php if(isset($error_message)){ ?><div class="mini-mes error"> <?php echo $error_message; ?> </div><?php } ?>
<span class="placeholder">username</span>
<input type="text" name="username" placeholder="username" required>
<span class="placeholder">password</span>
<input type="password" name="password" id="inputPassword" placeholder="password" required>
<button type="submit">Login</button>
<a class="form-link" href="register.php">Register</a>
</form>
<?php } ?>
In the index.php on the first line I have -> REMOVE THAT, PUT FIRST ROUTINE OF SESSION CHECKING
if (!isset($_SESSION)){
session_start();
}
EDIT: I noted that you're using header function to redirect to the index page. It's important avoid such redirects unless you're sending user out of your system, because some environments doesn't work well with them. I suggest to change your routine to user POST/GET http routines instead:
Inside validateSession.php
outside validateSession, NOTHING about sessions rules, concentrate everything there
index.php/head.php/some code that always starting in every page start only that:
<?php
include_once('validateSessions.php');
?>
Your form:
<form class="login-form" action="index.php" method="POST">
<?php if(isset($error_message)){ ?><div class="mini-mes error"> <?php echo $error_message; ?> </div><?php } ?>
<span class="placeholder">username</span>
<input type="text" name="username" placeholder="username" required>
<span class="placeholder">password</span>
<input type="password" name="password" id="inputPassword" placeholder="password" required>
<button type="submit">Login</button>
<a class="form-link" href="register.php">Register</a>
</form>
EDIT: I reviewed your routine, pay attention on validateSessions.php, I was forgetting to load session_start() in every routine that called the file. Put validateSessions inside your include directory.
UPDATE: Even my code helping the OP, the main problem was the SESSION configuration into php.ini file with session.save_path, causing issues about session routines. The php.ini fix solved the problem, the code I expect that helped OP to think about some routines towards Session stuff.
Probably your session is not set. Depending on the PHP version you use, check your session.
For versions of PHP >= 5.4.0
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
For versions of PHP < 5.4.0
if(session_id() == '') {
session_start();
}
Cookies definitely work on mobile browsers.
I have simplified the code and the session is started when all checks are passed.
<?php
require('config.php');
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$UserQuery = "SELECT password FROM `members` WHERE username='$username'";
$result = mysqli_query($connection, $UserQuery);
$usernameTEST = mysqli_num_rows($result);
if($usernameTEST == 1){
$row = mysqli_fetch_row($result);
if(password_verify($password, $row[0])) {
session_start();
$_SESSION['username'] = $username;
header("Location: ../");
exit();
}
}
$error_message = "Incorrect login data";
}
<form class="login-form" method="POST">
<?php if(isset($error_message)){ ?><div class="mini-mes error"> <?php echo $error_message; ?> </div><?php } ?>
<span class="placeholder">username</span>
<input type="text" name="username" placeholder="username" required>
<span class="placeholder">password</span>
<input type="password" name="password" id="inputPassword" placeholder="password" required>
<button type="submit">Login</button>
<a class="form-link" href="register.php">Register</a>
</form>
Simplified the code to make it easier to understand.Ignoring checks for username and password etc. You're basically trying to set a session variable. That happens in login.php. Code for that is.
<?php
$username = "Umesh";
if (isset($_SESSION))
{
$_SESSION['username'] = $username;
}
else
{
session_start();
$_SESSION['username'] = $username;
}
print_r($_SESSION);
?>
In index.php you're trying to check the session status. The code is below.
if (isset($_SESSION['username'])){
session_id();
} else if (!isset($_SESSION)){
session_start();
}
print_r($_SESSION);
The above works for me on every browser and device. I even tested chrome on iphone. It seems to work fine. Please check this and see if it works. If not, we will have to check your webserver to see, what the issue is, with session objects on that system.
I verified that print_r ($_SESSION) was same in both cases.
Why you use session_id(). session I am always use this login system. I have no problem Desktop or Mobile session.
PHP code
<?php
session_start();
include 'connect.php';
if(isset($_POST['submit']))
{
$username = htmlspecialchars($_POST["uname"], ENT_QUOTES, "ISO-8859-1");
$username = stripslashes($username);
$password = htmlspecialchars($_POST["pass"], ENT_QUOTES, "ISO-8859-1");
$password = stripslashes($password);
$sql="SELECT * FROM member WHERE username= '$username' AND password='$password' AND status='1' ";
$result=mysql_db_query($dbname,$sql);
$row=mysql_fetch_row($result);
$num=mysql_num_rows($result);
$msg= "<h3 style='padding:0px;margin:0px;font-size:16px;background:#fff;padding:8px;'><font color='red'><center>Incorrect login data</center></font></h3>";
if($num>0)
{
$_SESSION['id'] =$row[0];
$_SESSION['fullName'] =$row[1];
$_SESSION['username'] =$row[2];
$_SESSION['password'] =$row[3];
$_SESSION['email'] =$row[4];
$_SESSION['userType'] =$row[5];
$_SESSION['status'] =$row[6];
header('location:index.php');
}
}
?>
My HTML Form
<form method="post">
<p><?php if (isset($_POST['submit'])) { echo $msg; } ?> </p>
<div>
<input type="text" name="uname" class="form-control" placeholder="Username..." required="" />
</div>
<div>
<input type="password" name="pass" class="form-control" placeholder="Password..." required="" />
<p align="right">Forgot it?</a></p>
</div>
<div>
<button class="btn btn-success submit" type="submit" name="submit"> Login <i class="fa fa-sign-in"></i></button>
</div>
</form>
Remove session_start(); in index.php
and Add this in your config.php
if (session_status() == PHP_SESSION_NONE)
{
session_start();
}
Going by your last comment I guess it is due to the query string you are using. Basically using password as a column name sometimes breaks the query as password is also a mysql keyword.
Also, regarding your session you can refer to session_id() vs session_regenerate_id() for further details regarding the functions. Session_id('login') basically sets the session id to login which works on your mobile device as this creates the session with the specific static id. However, you can try using session_regenerate_id(true) to see if it helps.
Also i tried executing the code by putting static value as username as follows
login.php
<?php
$username = "deadlock";
if (isset($_SESSION))
{
$_SESSION['username'] = $username;
}
else
{
session_start();
$_SESSION['username'] = $username;
}
print_r($_SESSION);
index.php
<?php
if (isset($_SESSION['username'])){
session_regenerate_id(true);
} else if (!isset($_SESSION)){
session_start();
}
print_r(session_id());
I started using index.php directly using the phone which printed the output as array() with no values.turned out that the Login.php file is not executed.after I explicitly executed Login.php the index.php printed the session array. Can you make sure that the login php file is properly executed.
Regards
Check that session_start() is placed before any browser output. I have found that Chrome on Desktop can be a lot more forgiving then other browsers as well as Mobile Chrome
This problem is generated with Chrome "Lite Mode" to reduce data load throw the Phone. If you use secret navigation so the lite mode is automatically disable an page work correctly. You have to disable "Lite Mode" on Chrome.
This is the final solution.
My problem was on server-side the session.save_path not definied to my server. Thanks a lot to all, who helped me :)
Related
We have a session logout script like:
<?php
//24 2 2015
session_start();
session_destroy();
header("location:login.php")
?>
now this script logouts and redirect it to login page where, username and password will be required to login again.
what if i wanted to have a temporary logout where after logging out it will direct us to a login page where it will only require password, cause session hasn't been destroyed and username is been passed to that page...
so, when you enter the password, it will check the input in database table where username = session username.
Hope i was clear.
The update::
templogout.php
<?php
//24 2 2015
session_start();
$_SESSION['temp_logout'] = true;
header("location:templogin.php")
?>
templogin.php
<?php
//24 2 2015
session_start();
?>
<form id="msform" action="templogincheck.php" method="post">
<fieldset>
<input type="password" name="password" placeholder="Enter password here" required />
<button type="submit" name="submit" class="submit action-button"> LogIn </button>
</form>
templogincheck.php
<?php
//15 2 2015
session_start();
$Cser =mysqli_connect("localhost","text","text","text") or die("Server connection failed : ".mysqli_error($Cser));
$password = md5($_REQUEST["password"]);
$mobile = $_SESSION['mobile'];
$s = "select * from users where password = '".$password."' and mobile = '".$mobile."'";
$result = mysqli_query($Cser,$s);
$count = mysqli_num_rows($result);
if($count>0)
{
$_SESSION["mobile"] = $mobile;
$_SESSION["login"]="1";
header("location:/index.php");
}
else
{
header("location:/templogin.php");
}
?>
index.php
<?php
//15 2 2015
session_start();
unset($_SESSION["temp_logout"]);
if(!isset($_SESSION["login"]))
header("location:login.php");
?>
I hope i did it right, but i have to presume i have something wrong cause it isn't working..
Am i passing the session mobile to the login check page?
user first login page:
<form id="msform" action="ulogincheck.php" method="post">
<fieldset>
<h2 class="fs-title">LogIn</h2>
<h3 class="fs-subtitle">Please Enter your details accordingly<br/><br/> <small>(case sensitive)</small></h3>
<input type="text" name="email" placeholder="Email" required />
<input type="text" name="mobile" placeholder="Mobile" required />
<input type="password" name="password" placeholder="Password" required />
<button type="submit" name="submit" class="submit action-button"> LogIn </button>
</form>
first logincheck page
session_start();
$email = $_REQUEST["email"];
$mobile = $_REQUEST["mobile"];
$password = md5($_REQUEST["password"]);
$s = "select * from users where email='".$email."' and password = '".$password."' and mobile = '".$mobile."'";
$result = mysqli_query($Cser,$s);
$count = mysqli_num_rows($result);
if($count>0)
{
$_SESSION["email"] = $email;
$_SESSION["mobile"] = $mobile;
$_SESSION["login"]="1";
header("location:/index2.php");
}
else
{
header("location:/usersignin.php");
You could add a "temp_logout" field to the $_SESSION variable and when you redirect the user to the login page, you can check for it $_SESSION["temp_logout"] and if it is true, add the username in the input field.
logout script:
<?php
//24 2 2015
session_start();
$_SESSION['temp_logout'] = true;
header("location:login.php")
?>
login page:
session_start()
...
//where the "username" input is
<input name="username" <?php if(isset($_SESSION["temp_logout"]){
echo 'value="'.$_SESSION["username"] .'" ';
} ?> />
...
after a successfull login:
<?php
session_start();
unset($_SESSION["temp_logout"]);
?>
Also, anywhere on the site, don't forget to check if the user is temporarily logged out; then immediatelly redirect him to the login page
it is really depend on your platform:
You can only unset something like password instead of destroying session,
unset($_SESSION['password']);
or set another key in session:
$_SESSION['loggedIn'] = false;
and redirect to login page.
also you can put username in cookie and destroy session.
setcookie
If you want to store username in cookie it is better to encrypt it for security reasons.
I created a simple login form. When I enter the correct username and password, it is always displaying the access denied message.
verify.php:
<?php
session_start();
$conn = mysqli_connect('localhost','root','') or die(mysqli_error());
mysqli_select_db($conn,'maindata') or die(mysqli_error($conn));
$uname=$_POST['username'];
$pass=$_POST['password'];
$password = md5($pass);
$result = mysqli_query($conn,"select * from users where username='$uname' and password='$password'")
or die("Could not execute the select query.");
$row = mysqli_fetch_assoc($result);
if(is_array($row) && !empty($row))
{
$validuser = $row['username'];
$_SESSION['valid'] = $validuser;
}
else
{
echo "<center></h1>Access Denied</h1></center>"."<br />";
echo "<center></h6>Please wait while you are redirected in 3 seconds</h6></center>"."<br />";
header('Refresh: 3; url=login.html');
}
if(isset($_SESSION['valid']))
{
header("Location:index.html");
}
login.html:
<?php
session_start();
if(isset($_SESSION['valid'])){
header("Location:index.html");
}
else
{
header("location:login.html");
}
?>
<form method="post" action="verify.php" class="login" class="contact_form">
<p>
<label for="login">Email:</label>
<input type="text" name="username" placeholder = "Enter Username Here...">
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" placeholder = "*******">
</p>
<p class="login-submit">
<button type="submit" class="login-button">Login</button>
</p>
<p class="forgot-password">Forgot your password?</p>
</form>
You'r code loops it self, Login.html checks if a user is logged in ( which they arrent because they cant login ) and redirects them from Login.html to Login.html meaning that you never enter your php code. You should not check if the user is already logged in when trying to access the login page.
Also you should consider making a file to check if the user is logged in, it could be something like this:
checkloggedin.php
<?php
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
if($_SESSION['loggedin'] == false)
{
die(header("Location: ./index.php"));
}
?>
When you need to check if a user is logged in you can just start your pages off with:
<?php
include"checkloggedin.php"
?>
UPDATE : I added all codes;
I want to create a login page for test purpose and I included attempt number with php sessions. The problem is session's variable isn't changing.
index.php
<?php
if (!isset($_SESSION)) {
session_start();
$_SESSION['attempt']=3;
}
if ($_SESSION['attempt']<0){
header('location:login_error.php');
}
require('../function/start.php');
$title = 'Login';
require('../template/header.php');
$ip = !empty($_SERVER['HTTP_CLIENT_IP']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
var_dump($_SESSION['attempt'])
?>
<h3 class="epad_header">Login</h3>
<div id="epad_wrapper">
<div id="ad_form_wrapper">
<form action="control.php" method="POST">
<fieldset>
<span class="formtext">ID</span>
<input type="text" name="epadName" id="epadName" required>
<span class="formtext">Pass</span>
<input type="password" name="epadPass" id="epadPass" required>
<input type="submit" value="Ok" class="formbuton" name="formbuton">
<br>
<span class="formtext">IP Adress : <?php echo $ip; ?></span>
<br>
<span class="formtext">Attempt : <?php echo $_SESSION['attempt'] ?></span>
</fieldset>
</form>
</div>
</div>
<?php require('../template/footer.php'); ?>
control.php
<?php
if (!isset($_SESSION)) {
session_start();
}
require('../function/start.php');
$title = 'Control';
if (isset($_POST['formbuton'])){
$name = htmlentities($_POST['epadName']);
$pwd = htmlentities($_POST['epadPass']);
}
$check = $db->prepare('SELECT user, pass FROM users');
$check->execute();
$result = $check->fetch(PDO::FETCH_ASSOC);
$user = $result['user'];
$pass = $result['pass'];
if ($name == $user && $pwd == $pass ){
$_SESSION['name']= $name;
header("location:main.php");
}else{
$_SESSION['attempt']--;
header('location:index.php');
}
?>
when a user enter the page(first visit) ; a session will be started, and attempt variable will be created. (index.php)
If they enter false data attempt variable will be decreased. (control.php)
if there are 3 failed attempt page will redirects to login_error.page (index.php)
First Problem : Session variable is not changing.
Second Problem: Even If I enter correct data, the page directs to index.php (login area) instead of main.php
try to place session_start(); at the first line, after <?php
I've solved the problem;
Actually I don't understand why
if(!isset($_SESSION){session_start; $_SESSION['attempt']=3;}
didn't work but when I modified this code to that code
session_start;
if (!isset($_SESSION['attempt']){$_SESSION['attempt']=3;}
Anyway, thank you for reading.
i'm creating a php login page. i can't get the page to redirect (to index.php in this case) when the $_SESSION variable "success" is passed. I can get the success message to work so I think my form and query are fine. What am I missing here?
Here's the form (login.php):
<? $page = "login-page";//body tag class
$title = "Log in to your Bloggr Account";//title tag text
session_start();
require_once('includes/header.php');
print_r($_SESSION); ?>
<p class="errors" id="errors">
<? if(!empty($_SESSION['errors'])){ ?>
<script type="text/javascript"> $(function() {
setTimeout(function(){
$("#errors").fadeIn(500);}, 500)});
<script>
<? foreach($_SESSION['errors'] as $error){
echo $error;}
session_unset($_SESSION['errors']);
} ?>
</p> <? if(!empty($_SESSION['success'])){
header("Location: index.php");
echo $success;
session_unset($_SESSION['success']); } ?>
<form action="login-post2.php" method="post" class="admin-form login">
<label for="userName">User Name <label>
<input type="text" name="userName" class="user-name" value="" />
<label for="password">Password</label>
<input type="password" name="password" class="password" />
<input type="submit" class="submit" name="register-submit" value="Log In!" />
</form>
Here is the post file (login-post2.php)
<? if($_SERVER["REQUEST_METHOD"] == "POST"){
session_start();
require_once('../_db_connect.php');
$errors = array();
$success = "You're logged in!";
if(empty($_POST['userName'])){
$errors[] = "Please enter a user name.";
}else[
$userName = $_POST["userName"];
}
if(empty($errors)){
$query = "SELECT userName, password FROM users WHERE userName = '$userName' and password = SHA1('$password')";
$result = mysqli_query($dbconnect, $query);
if(!result){
$errors[] = "Please try again!";
} else{
$success;
}
}
$_SESSION['errors'] = $errors;
$_SESSION['success'] = $success;
exit();
} ?>
Sorry if some of the formatting is a bit off.
*EDIT [SOLVED]
for anyone who comes across this in the future here's what i did. here's where the biggest part of my problem was:
if(empty($errors)){
$query = "SELECT userName, password FROM users WHERE userName = '$userName' and password = SHA1('$password')";
$result = mysqli_query($dbconnect, $query);
if(mysqli_num_rows($result) == 1){//if username and password match;
$row = mysqli_fetch_array($result);
$_SESSION['loggedIn'] = $loggedIn;
header("Location: index.php");
exit();
}
} else{
$_SESSION['errors'] = $errors;
header("Location: login.php");
exit();
}
I didn't do a good job of formatting my if/else statement for $errors. Part of my problem, which I knew at the time but couldn't figure out, was that I needed a way to send headers twice. one way if i had $errors and another way if i didn't. the way i had before was trying to send it twice without a conditional. my solution was to wrap the last bit of my statement as the else which allowed me to send the user back to the login page if there were errors and over to the index page if they were successfully logged in. That's it. Hope this helps others in the future.
You need to call header() before you send any other content (either through some PHP thing like echo or var_dump() or just HTML between PHP tags).
You're sending out:
<p class="errors" id="errors">
<script type="text/javascript"> $(function() {
setTimeout(function(){
$("#errors").fadeIn(500);}, 500)});
<script>
echo $error;}
</p>
before you send the headers. Refactor your code to move the call to header() before these.
header("Location: login.php);
Missing a quote could be a problem.
I am having a problem when trying to login.. below is my code for the login
<?php
session_start();
include("functions.php");
connecttodb();
if(!empty($_SESSION['loggedin']) && !empty($_SESSION['username']))
{
echo "already logged in";
header("refresh:3; url=main.php");
}
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$sql="SELECT * FROM admin WHERE admin_username ='".$username."' AND admin_password= '".$password."'";
$result=mysql_query($sql) or die(mysql_error());
echo $sql;
if(mysql_num_rows($result) == 1)
{
$row = mysql_fetch_array($result);
$acc = $row['account'];
$_SESSION['username'] = $username;
$_SESSION['account'] = $acc;
$_SESSION['loggedin'] = 1;
echo "<h1>Success</h1>";
echo "<meta http-equiv='refresh' content='=2;panel.php' />";
}
else
{
echo "<h1>Error</h1>";
echo "<p>Please click here to try again.</p>";
}
}
else
{
?>
<form method="post" action="login.php" name="loginform" id="loginform">
<fieldset>
<label for="username">Username:</label><input type="text" name="username" id="username" /><br />
<label for="password">Password:</label><input type="password" name="password" id="password" /><br />
<input type="submit" name="login" id="login" value="Login" />
</fieldset>
</form>
<?php
}
?>
My logout file
<?php
$_SESSION = array();
session_unset();
session_destroy();
echo "Logged Out !";
header("Location:login.php");
?>
The problem is that when i try to logout the session is not destroyed. When it redirects to the login page it says that im already logged in. How can i completely destroy the session when the users clicks on logout?
change your logout to the following:
<?php
session_start(); # NOTE THE SESSION START
$_SESSION = array();
session_unset();
session_destroy();
// echo "Logged Out!";
// Note: Putting echo "Logged Out!" before sending the header could result in a "Headers already sent" warning and won't redirect your page to the login page - pointed out by #Treur - I didn't spot that one.. Thanks...
header("Location:login.php");
exit(); # NOTE THE EXIT
?>
The session_start() is always require for each page when dealing with sessions.
Make sure you exit() the page when using header() with Location as the page will continue to execute.
I think you forgotten the session_start() before $_SESSION = array(); in your logout script