I tried a login and logout function in a signin bootstrap theme and it worked fine. But am not able to logout the session in my other tenplate when I use the same code which I used previously which worked. I tried all most all the solutions found in internet. I am getting a blank page when I click on Logout link.
login.php
<?php
session_start();
if (!empty($_SESSION['login_user'])) {
header('location:index.php');
}
?>
---html code---
<?php
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', '');
define('DB_DATABASE', 'foodchain');
$db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
if($_SERVER["REQUEST_METHOD"] == "POST") {
$myusername = mysqli_real_escape_string($db,$_POST['email']);
$mypassword = mysqli_real_escape_string($db,$_POST['password']);
$sql = "SELECT email,password FROM user_register WHERE email='$myusername' and password = '$mypassword'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQL_ASSOC);
$count = mysqli_num_rows($result);
if($count == 1) {
$_SESSION['login_user'] = $myusername;
header('Location:index.php');
}else {
$logmsg = "Invalid Username or Password";
}
}
?>
check_login.php
<?php
session_start();
if (!isset($_SESSION['login_user']) || empty($_SESSION['login_user'])) {
header('location:login.php');
}
?>
logout.php
<?php
session_start();
session_destroy();
header("Location:login.php");
die();
?>
index.php
<?php
include('check_login.php');
?>
Its perfectly working when I don't use the template(downloaded from some website), or when I use the bootsrap signin template.
You really should provide us with some source code, links to things that you've tried, what you've previously tried, what errors you received, etc. From what I can gather, you're looking for a logout page using sessions? Here's what I've got.
<?php
session_start();
session_destroy();
header('Location: ..');
?>
The key part is setting $_SESSION to an empty array.
From http://php.net/manual/en/function.session-destroy.php:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
Related
Whenever I run the logout.php script then go back to a page that is protected without login it will have me still logged in
logout.php
<?php
session_start();
session_unset();
session_destroy();
header("Location: ../index.php");
exit();
?>
login.php
$userlogin = user_login($email, $password.$salt);
if ($userlogin==false){
$errors[]='Wrong email/password combination.';
} else {
//set the user session
$_SESSION['UserId']=$userlogin;
$_SESSION['LoginIP']=$_SERVER['REMOTE_ADDR'];
$db->query("UPDATE users SET ipadd='".$_SERVER['REMOTE_ADDR']."' WHERE user_id=".$_SESSION['UserId']."");
echo '<meta http-equiv="refresh" content="0; URL=index.php">';
Check logged in snippet
/* Check if user is logged in or not */
function loggedin(){
return (isset($_SESSION['UserId'])) ? true : false;
}
if (loggedin()==true){
$session_user_id = $_SESSION['UserId'];
$user_data = user_data($session_user_id,'full_name','username');
$rezult =$db->query("SELECT ipadd FROM users WHERE user_id=".$_SESSION['UserId']."");
while($rez = $rezult->fetch_assoc()){
if ($rez['ipadd']==$_SERVER['REMOTE_ADDR']) {
} else {
echo '<meta http-equiv="refresh" content="0; URL=logout2.php">';
}
}
}
Been look at posts with the same question but whatever I try still getting the same issue. Any advice would be extremely appreciated!
this is from php.net http://php.net/manual/en/function.session-destroy.php
Note: You do not have to call session_destroy() from usual code. Cleanup $_SESSION array rather than destroying session data.
so you just need $_SESSION = null, and logout should happen.
I think in your index.php file should have these line:
if(!isset($_SESSION["session_name"])){
header("Location: somewhere_mainpage.php");
}
It is better to make all pages have these line. These line will send header to another page if no session has started.
I believe that session_start(); function call should be on your login page when the user login data is correct, and in your logout PHP code, you should set
session_destroy(); or unset($_SESSION['UserId'];
Logout.php:
<?php
session_destroy();
/* * OR * */
//unset($_SESSION['UserId'];
header("Location: ../index.php");
exit();
?>
<?php
session_unset();
session_destroy();
header("Location: ../index.php");
?>
should work, otherwise you could unset the values
<?php
unset($_SESSION['UserId']); // Unsets the UserId Variable reuse for each variable
session_destroy();
header("Location: ../index.php");
?>
have you tried just session_destroy() ?
also I'm not sure wether you need session_start() when you are closing the session, from memory you only need it to start the session
I always like to destroy the server session, and client cookie, try to manually cover all options in case of any errors.
You can destroy the cookie in PHP with:
setcookie(session_name(), '', time() - 3600, $cookie_path, $cookie_domain, $cookie_secure, $cookie_httponly );
<?php
$cookie_path = "...";
$cookie_domain = "...";
$cookie_secure = "...";
$cookie_httponly = "...";
session_start();
session_unset();
session_destroy();
setcookie(session_name(), '', time() - 3600, $cookie_path, $cookie_domain,$cookie_secure, $cookie_httponly );
header("Location: ../index.php");
exit();
time() - 3600 makes the cookie expiry before the current time, which makes it invalid.
Another option to investigate is session_regenerate_id() on your logout pages. Some reference pages are below:
php.net - session-regenerate-id
https://stackoverflow.com/a/22965580/1246494
I have built a login page using php and pdo and created and logged in properly but after clicking log out button if I click back again it again goes to my page which appear only if logged in I even used session but it is not running properly even
<?php
include('connect.php');
session_start();
if(isset($_POST['logout'])){
{
unset($_SESSION['logged_in']);
session_destroy();
header("location:index12.php");
}
}
if(isset($_POST['login']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$errflag = false;
if($username == '' and $password == '') {
echo "you must enter username and password";
$errflag = true;
}
if ($errflag == false) {
SignIn($username,$password);
}
}
function SignIn($username,$password){
global $connect;
$search = $connect->prepare("SELECT * FROM users where username =
:username AND password = :password ");
$search->bindParam(':username',$username);
$search->bindParam(':password',$password);
$search->execute();
$count = $search->rowCount();
if($count> 0)
{
$_SESSION['username'] = $_POST['username'];
if(!isset($_SESSION['logged_in']))
header("Location: myfile.php");
}
else{
echo "wron email or password";
}
}
?>
the code of inner page is
<?php
echo "welcome to the website ";
echo "congrats you are logged in ";
?>
<html>
<head>
<title>
welcome here</title>
</head>
<body>
<form method ="POST" action = "login.php">
<button name="logout" style="float:right;">logout</button>
</form>
<h1><center>google is one of the best search engine</center></h1>
</body>
</html>
thankyou I updated the in the above manner but it is not working
Add bit of code session_start(); at the beginning of the page.
<?php
session_start();
if(isset($_POST['logout'])){
{
unset($_SESSION['logged_in']);
session_destroy();
header("location:index12.php");
}
}
?>
Also if you have not start session in connect.php ,you must need to start session by using session_start();
<?php
session_start();
include('connect.php');
I don't know how do you start your session but this a suggestion:
I generally write a new_session() function which looks like the following. I do prefer to set cookie params so we can have some control over it.
function new_session()
{
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams['lifetime'], $cookieParams['path'], $cookieParams['domain'], Sessions::SECURED_COOKIES, Sessions::HTTP_ONLY);
session_name('My_Awesome_App');
session_start();
session_regenerate_id();
}
And another one to destroy everything
function destroy_session()
{
session_unset();
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
session_destroy();
}
You can find the documentation about session_get_cookie_params() here
and about session_set_cookie_params() here
Back to your example
Using this new function you should call new_session() on top of your pages and your logout should look like.
new_session();
if (isset($_POST['logout'])) { {
unset($_SESSION['logged_in']);
destroy_session(); // our new function
header("location:index12.php");
}
}
I have this following PHP code for checking login in my index.php
<?php
session_start();
$con = mysqli_connect("***", "***", "***", "***");
$fbid_check=$_SESSION['loginid_session'];
$fbphoto_session=$_SESSION['loginphoto_session'];
$fbname_sql=mysqli_query($con, "SELECT fb_name FROM uni_users WHERE fb_id='$fbid_check' ");
$name_fetch=mysqli_fetch_array($fbname_sql, MYSQLI_ASSOC);
$fbname_session=$name_fetch['fb_name'];
if(isset($fbname_session))
{
header("location: http://www.uniwink.com/landing/profile.php");
}
mysqli_close($con);
?>
This checks for login and redirects to profile.php which has the following PHP code in the header to check for login
<?php
$con = mysqli_connect("****", "****", "****", "****");
session_start();
$fbid_check=$_SESSION['loginid_session'];
$fbphoto_session=$_SESSION['loginphoto_session'];
$fbname_sql=mysqli_query($con, "SELECT fb_name FROM uni_users WHERE fb_id='$fbid_check' ");
$name_fetch=mysqli_fetch_array($fbname_sql, MYSQLI_ASSOC);
$fbname_session=$name_fetch['fb_name'];
if(!isset($fbname_session))
{
header("location: http://www.uniwink.com/landing");
}
mysqli_close($con);
?>
And I have this following logout.php which is called from profile.php
<?php
session_start();
unset($_SESSION['loginid_session']);
unset($fbname_session);
session_destroy();
header("location: http://www.uniwink.com/landing");
exit();
?>
The problem is after logout, it still goes into profile.php . It is as if like the session is not destroyed at all. The thing is it was working properly until yesterday and happened all of a sudden. Thanks
try to move session_start(); above the mysql connection.
change
$con = mysqli_connect("****", "****", "****", "****");
session_start();
to
session_start();
$con = mysqli_connect("****", "****", "****", "****");
also use isset with session
if (isset($_SESSION['loginid_session'])){
.....
}
try adding the following to your logout;
$_SESSION = array();
if (ini_get("session.use_cookies"))
{
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
Note: This will destroy the session - not just the session data.
Check for the session.
if (isset($_SESSION['loginid_session']))
{
header("location: http://www.uniwink.com/landing/profile.php");
}
else
{
header("location: http://www.uniwink.com/landing");
}
I have a session set up like this:
<?php
session_start();
include 'conconfig.php';
$con = new mysqli(DB_HOST,DB_USER,DB_PASS,DB_NAME);
$email = $_POST['email'];
$pass = $_POST['pass'];
$query = "SELECT * FROM tempusers WHERE user='$email' AND pass='$pass'";
$result = mysqli_query($con,$query)or die(mysqli_error());
$num_row = mysqli_num_rows($result);
$row=mysqli_fetch_assoc($result);
if( $num_row >=1 ) {
echo 'true';
$_SESSION['uName'] = $row['uName'];
}
else{
echo 'false';
}
?>
and in my logout.php I have
<?php
session_start();
session_unset();
unset($_SESSION['uName']);
session_destroy();
header("Location:index.php");
?>
but none of the session_unset(); , unset() and session_destroy(); seems to be not working because after getting to the page I am still able to use browser Back button and back to the restricted page! besides the header() is not changing the page into index.php can you please let me know what I am doing wrong and how I can fix it?
Basically, I have a Log out Link in Restricted page which is like this
<a href="logout.php" >Logout</a>
Thanks
Update:
Here is the Session code which I have at the top of restricted page
<?php
session_start();
if(empty($_SESSION['uName'])){
header('Location: login.php');
}
?>
Try regenerating the session id and destroying all the data.
<?php
session_start();
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(), '', 0, '/');
session_regenerate_id(true);
header("Location:index.php");
exit();
?>
I am trying to code a simple script,
I created a " ADMIN Panel " , so if the user is admin (admin=1) then he can pass and see the link/file
If he is not (admin=0) then he should be redirected to login page , and if is not Session['username'] he should go back to login page ,
but it seems that i have a problem with this code, in user panel it works , but in admin panel it doesn't
<?php
include './includes/db.php';
session_start();
// ADMIN CHECk
$username = mysql_real_escape_string($_SESSION['username']);
$result = mysql_query("SELECT * FROM users WHERE username='$username' AND admin=1");
$count = mysql_num_rows($result);
if($count != 1) // make sure user is a admin
{
session_start();
session_destroy();
header("location: login.php");
die;
}
if(isset($_GET['act']))
{
if($_GET['act'] == "logout")
{
session_start();
session_destroy();
header("location: login.php");
}
}
?>
Ok, first thing i see is that you don't declare the session first. Secondly, the mysql function is deprecated, mysqli will do what you need done. This fix should work for you. Also it would be easier to have a logout.php.
db.php
<?php
$db = new mysqli(host, user, pass, database);
?>
Then, in your page, you can run the queries like so:
<?php
session_start();
include './includes/db.php';
//check that the session exists
if(!isset($_SESSION['username'])
{
//the session does not exist, redirect
header("location: login.php");
}
// ADMIN CHECk
$username = $db->real_escape_string($_SESSION['username']);
$result = $db->query("SELECT * FROM users WHERE username='$username' AND admin='1'");
$count = $result->num_rows;
if($count != 1) // make sure user is a admin
{
header("location: login.php");
}
?>
Then in logout.php, you should remember to actually unset the session variables
<?php
session_start();
//unset session variables
unset($_SESSION['username']);
session_destroy();
header("location: login.php");
?>