I want this: If the user logs out(session destroy) then index should say: You are logged out.
if (isset($_SESSION['user']) && $_SESSION['user'] == true) {
echo "Welcome on the users page!, " . $_SESSION['username'] . "!";
}
elseif (!isset($_SESSION['user'])) {
echo "You logged out..";}
The problem I am having is that it also shows you logged out when you haven't even logged in to be able to log out. I only want it to show if the user logs out.
Also I only want "You are logged out" to show up once. If you refresh the page, it should be gone
Instead of using php unset(); function to destroy a session, you can actually save boolean "false" in the $_SESSION["user"];
For example, in you logout page:
Instead of destroying, set session to false
Ex:
``
//When logging out
$_SESSION["user"] = false;
//now to check if user logged out
if($_SESSION["user"] === false) {
echo "you logged out";
}elseif(!isset($_SESSION["user"])) {//when the session finally expires
echo " you haven't logged in";
}else{
echo "you are logged in";
}
//to get rid of it after page reload, you need to unset the SESSION
unset($_SESSION["user"]);
That is because of the following condition:
!isset($_SESSION['user']
This is true whether the user logged-in or not. So you have to make some other session variable to check for the user logged out. And that is only set when the user logged out.
Ex:
if( !isset($_SESSION['user'] && isset($_SESSION['logged_out']))
{
// isset($_SESSION['user'] to check if user logged out and extra condition to check if user comes here after logged-out.
}
and check this on index page.
Related
I was wondering how i can restrict access to users that is logged in.
I know how to do it the other way around eg. restrict access to people who is not logged in.
I want to do this because i dont want them to access login and registration when they are logged in.
Here is my session if it helps
<?php
session_start();
if(!isset($_SESSION['user_id']) || !isset($_SESSION['logged_in'])){
//User is not logged in. Redirect them back to the login.php page.
header('Location: login.php');
exit;
}
?>
And here is the session when they log in
if($validPassword){
$_SESSION['user_id'] = $user['id'];
$_SESSION['logged_in'] = time();
header('Location: index.php');
exit;
}
Thanks.
Obvioulsy you have to check if user is logged in:
// login.php
if(isset($_SESSION['user_id']) && isset($_SESSION['logged_in'])) {
header('Location: /somewhere');
exit;
} else {
// show form or whatever
}
On login.php, check if they're logged in, and print an error or redirect them.
if (isset($_SESSION['logged_in'])) {
die("You're already logged in");
}
I am reading a lot regarding the best practice to monitor when a user is logged in or not.
Currently i am trying to use a variable in a session like below:
login.php
<?php
session_start();
//I set that variable to false
$_SESSION['LOGGED_IN'] = FALSE;
{follows some code that checks the username and the password provided by the user
in an HTML form with POST request against the records of the database. If a match is
found then it allows the user to proceed with the loggin}
if($statement->rowCount() = 1) //
{
session_regenerate_id(true);
$_SESSION['LOGGED_IN'] = TRUE;
header('Location: mainpage.php');
}
else
{
echo "wrong username or password";
}
?>
mainpage.php
<?php
session_start();
if(($_SESSION['LOGGED_IN'] == TRUE) && isset($_SESSION['LOGGED_IN']))
{
echo "You are now logged in!";
}
else
{
echo "You are not logged in. Please retry.";
}
?>
The problem is that when i use a correct pair of credentials SOMETIMES i log in getting the "You are now logged in!" message, and sometimes using the same credentials i get the "You are not logged in. Please retry.".
I've added that message in the else statement on purpose. Normally there i will insert a redirection to the login page.
I am getting confused because this is an error that i shouldn't have. In the login.php script i am making sure that in order to redirect to the mainpage.php the $_SESSION['LOGGED_IN'] = TRUE. So that value should be transferred to the mainpage.php as TRUE and not FALSE.
What am i missing here?
And a general question regarding loggin:
Is it better to keep the login value (TRUE or FALSE) in a session or use a table in MySQL with a flag indicating when a user is logged in or not?
Thanks!
I currently have a login form that redirects the user to another page if the login is successful. The page is supposed to be a protected page that will not open for the user if they are not logged in and will redirect them to the login form page.
In order to do this I stored the login data (email & password) as session variables and used these to verify if the user is allowed to view the page.
In my login php page I have the following code
<?php
session_start();
if ($count == 1) {
$_SESSION['logged'] = 1;
$_SESSION['email'] = $myemail;
$_SESSION['password'] = $mypassword;
header("Location: account.html");
exit();
}
?>
And I begin my account html file with the following :
<?php
session_start();
if ($_SESSION['logged'] != 1) { //no session
header("Location:memberlogin.html");
exit();
}
?>
However any time I load the account page I am allowed to view it each time. Its my first time using the Session variableand Im not sure if i Used it correctly.
FIXED Thanks to suggestions below
I tweaked the code suggested below and my protected page is now working. Thanks for all the help.
The php code won't be referenced from an html page.
So, change account.html to account.php then add the session check code on top of the page as follows:
account.php:
<?php
if ($_SESSION ['logged'] !=1) {
//User is not logged in
header ("Location:memberlogin.html");
exit();
}
?>
However, redirecting is not the best solution, you can display an error message if user is not logged in, else grant user access to the page information.
You can implement it as follows:
account.php:
<?php
if ($_SESSION ['logged'] !=1) {
//User is not logged in, display an error message
echo 'You need to be logged in to access this page';
exit();
}
else{
//Display all information that only a logged in user can view
echo 'You are logged in, you can view the page';
}
?>
$loggedin = false;
if ($_SESSION) { //user loggedin
$loggedin = true;
...//get token
}
...
if($loggedin){
echo 'Hi '.$user['name'];
}
else{
echo 'Please log in';
}
...
I suppose the web page will display "please log in" when I log out. But it says "undefined $user variable at /src/myproject/index line 80". And after I refresh the page, it says "please log in".
What is the problem here? Thank you for your help.
From what I can tell from your pseudo code, you have some sort of key in the $_SESSION variable that says the user is logged in.
For demonstration, let's assume you do something like... After the user logs in, you assign $_SESSION['user'] = an array of user information. One of those keys is 'name'.
So, your code should look something like this
$loggedin = false;
if (isset($_SESSION['user'])) {
$loggedin = true;
}
if ($loggedin) {
echo "Hi " . $_SESSION['user']['name'];
}
else {
echo "You are not logged in."
}
Please keep in mind this is just a solution for your code sample you posted. To do this properly, I would suggest the following changes:
create a class that handles authentication
create methods in that class to determine if the user is logged in or not
create methods to return the current logged in user.
This will make your code more extensible, reuseable and easier to follow in the future.
Best of luck.
Ok, having trouble here:
I created a login script, so after a person logs in then they will get direted to another page. And also, I have it redirecting them to the login page if they try and access one of those other pages.
My problem is, if a user is logged in and stumbles to the login page again --by accident-- I would like for it to recognize that the user is logged in and redirect them to that next page (which is index2.php) ?? Having troubles :-(
Here is my code so far:
require_once "inc/functions.class.php";
$quickprotect = new functions('inc/ini.php');
if (isset($_SESSION['goAfterLogin'])){
$goto = $_SESSION['goAfterLogin'];
unset($_SESSION['goAfterLogin']);
}
else $goto = $quickprotect->settings['DEFAULT_LOGIN_SUCCESS_PAGE'];
if (isset($_POST[username])) {
if($quickprotect->login($_POST[username], $_POST[password])) header ("Location: $goto");
}
Here is how I store a users session in the functions page
public function is_logged_in() {
//Determines if a user is logged in or not. Returns true or false;
if ($_SESSION['logged_in'] === md5($this->settings[ADMIN_PW])) {
return true;
}
else return false;
}
You don't mention how you store your users in your session, but something like this should do it for you:
if(isset($_SESSION['user']))
{
header("Location: index2.php");
exit;
}
This will check if you have a user in your session, and if so, redirect to index2.php.
You need to change 'user' according to your session key.