Logout isn't working php - php

I've been working on a very simple login system to understand the fundamentals of things, so there is no security yet or SQL. So i'm doing it via php at the minute. In my index page I have my login etc and on my home page I have my logout etc now I cannot get it to logout for some reason I thought I was about destroying the session but I must be wrong. Anyone know where I'm going wrong here.
Index
<!DOCTYPE html>
<?php
session_start();
$username = "admin";
$password = "collins1";
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) {
header("Location: home.php");
}
if (isset($_POST['username']) && isset($_POST['password'])){
if ($_POST['username'] == $username && $_POST['password'] == $password)
{
$_SESSION['loggedin'] = true;
header("Location: home.php");
}
}
else {
echo "Username or Password incorrect please try again";
}
?>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Login</title>
<link href="../CSS/boilerplate.css" rel="stylesheet" type="text/css">
<link href="../CSS/master.css" rel="stylesheet" type="text/css">
<script src="../JAVASCRIPT/respond.min.js"></script>
</head>
<body link="black">
<div class="gridContainer clearfix">
<div id="borderDiv">
<div id="headerDiv">
<p>Welcome</p>
</div>
<div id="subHeaderDiv">
<p>Please login to continue</p>
</div>
<form method="post" action="index.php">
<div id="userNameLoginDiv">
<p>Username:</p>
<input type="text" name="username" size="12">
</div>
<div id="userPasswordLoginDiv">
<p>Password:</p>
<input type="password" name="password" size="12">
</div>
<div id="loginBtnDiv">
<input id="button" type="submit" value="Login">
</div>
</form>
</div>
</div>
</body>
</html>
Home
<!DOCTYPE html>
<?php
session_start();
if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == false) {
header("Location: index.php");
}
if (isset($_GET['logout'])){
session_destroy();
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Home</title>
<link href="../CSS/boilerplate.css" rel="stylesheet" type="text/css">
<link href="../CSS/master.css" rel="stylesheet" type="text/css">
<script src="../JAVASCRIPT/respond.min.js"></script>
</head>
<body link="black">
<div class="gridContainer clearfix">
<div id="headerDiv">
<p>Home</p>
</div>
Logout
</div>
</body>
</html>

Logout link: index.php?logout
Your index.php doesn't contain session_destroy() - you need to use home.php?logout. In your case you need to destroy the session before checking auth in home.php to get redirected to index.php

Best way - There should be a logout page.
logout.php
session_start();
unset($_SESSION['loggedin']);
or
$_SESSION['loggedin']=false;
or session_destory();
header("Location:index.php");
die();

Related

Login Page is refreshing regardless of if the correct login information is entered

I have a login page that regardless of what the input is (correct login or not) the page just refreshes when hitting the "login" button. I've searched on stack overflow and nothing has solved my problem yet.
Login Page Session Code
<?php
session_start();
if(isset($_SESSION['login'])) {
header('LOCATION: test-page.php'); die();
}
echo isset($_SESSION['login']);
?>
Login Page Form
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8'>
<title>Login</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<link rel="stylesheet" href="styles.css">
</head>
<body>
<div class="form-container">
<div class="image"></div>
<div class="form">
<form>
<h1>Login</h1>
<ul>
<li>
<input class="input" type="text" id="username" autocomplete="off">
<label for="username">Username</label>
<span></span>
</li>
<li>
<input class="input" type="password" id="password" autocomplete="off">
<label for="password">Password</label>
<span></span>
</li>
</ul>
<footer>
<button type="submit" class="gradient">Login</button>
</footer>
</form>
Login Page Username and Password
<?php
if(isset($_POST['submit'])){
$username = $_POST['username']; $password = $_POST['password'];
if($username === 'admin' && $password === 'password'){
$_SESSION['login'] = true; header('LOCATION: test-page.php'); die();
} elseif ($username === 'billy' && $password === 'bob') {
$_SESSION['login'] = true; header('LOCATION: test-page.php'); die();
} else {
echo "<div class='alert alert-danger'>Username and Password do not match.</div>";
}
}
?>
</div>
</div>
<script src="login.js"></script>
</body>
</html>
Page After Login Success
<?php
session_start();
if(!isset($_SESSION['login'])) {
header('LOCATION: login.php'); die(); // mlac-resources-login.php
}
?>
The login page is split up for readability but it is all one continuous block of code. The
Redirects (or any kind of header for that matter) require NO OUTPUT SENT for it to work.
Outputs include:
Echo commands
<!DOCTYPE html>
Even any whitespace could break it! (New lines or spaces)
For example:
<?php
session_start();
echo isset($_SESSION['login']); //Output
if(isset($_SESSION['login'])) {
header('LOCATION: test-page.php'); die(); //Won't work since there's already output...
}
?>
Try changing your code to:
<?php
session_start();
if(isset($_SESSION['login'])) {
header('LOCATION: test-page.php'); die(); //This should work now!
}
echo isset($_SESSION['login']); //Output goes here!
?>
A form's default method is GET and you're processing POST. Either set the method to post, or use $_GET when processing the form.
<form method="post">
...
or
if (isset($_GET['submit'])){
...

How to force users to log in before viewing my site

I would like for guests to be redirected to a login page whenever they access the site. There won't be a register form, and the site will only be protected by one username/password.
This is my login.php so far:
<!DOCTYPE html>
<html>
<head>
<title>Log in</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="/style.css" type="text/css" />
</head>
<div id="lg_outr" class="mn_outr">
<div id="lg_ctnr" class="mn_ctnr">
<div id="lg_innr" class="mn_innr">
<form class="lg_frm">
<h1>Log in</h1>
<input class="usr_fld" type="text" placeholder="Username"/>
<input class="pw_fld" type="password" placeholder="Password"/>
<input class="sub_btn" type="submit" value="Log in"/>
</form>
</div>
</div>
</div>
I need help with:
Checking if a user is logged in through a header.php file
Forcing guests to the login.php page if not logged in
Making the login form actually work
Currently coding the site in localhost. Assuming I won't need a database as there's only one username/password.
Really appreciate any help
Found a solution!
Login.php:
<?php session_start(); ?>
<?php
if(isset($_SESSION['use']))
{
header("Location:index.php");
}
if(isset($_POST['login']))
{
$user = $_POST['user'];
$pass = $_POST['pass'];
if($user == "username1" && $pass == "password1")
{
$_SESSION['use']=$user;
echo '<script type="text/javascript"> window.open("index.php","_self");</script>';
}
else
{
echo "invalid UserName or Password";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Log in</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="/style.css" type="text/css" />
</head>
<div id="lg_outr" class="mn_outr">
<div id="lg_ctnr" class="mn_ctnr">
<div id="lg_innr" class="mn_innr">
<form class="lg_frm" action="" method="post">
<h1>Log in</h1>
<input class="usr_fld" type="text" name="user" placeholder="Username"/>
<input class="pw_fld" type="password" name="pass" placeholder="Password"/>
<input class="sub_btn" type="submit" name="login" value="LOGIN"/>
</form>
</div>
</div>
</div>
And then this code at the top of my header.php
<?php session_start();
if(!isset($_SESSION['use'])) // If session is not set then redirect to Login Page
{
header("Location:Login.php");
}
?>
Using PHP -
Use Cakephp. https://www.youtube.com/watch?v=747K6W40ur0
Using python -
Use flask. https://flask-login.readthedocs.io/en/latest/
in any protected page, or contained in a require('config.php') file:
session_start();
$username = 'onlyone';
$password = 'secret';
if(empty($_SESSION['logged_in'])){
if(!empty($_REQUEST['username']) && !empty($_REQUEST['password']) && $_REQUEST['username'] === $username && $_REQUEST['password'] === $password) {
$_SESSION['logged_in'] = true;
} else {
header('Location: login.php');
exit;
}else {
// we're good
}
}
That should get you started and allow you to visualize the concept; but listen to some of the comments below your post as well!

Login php code keeps refreshing?

I'm having an issue with my login.php page not logging in, I can't work out why it keeps refreshing the page whenever I attempt to login. I'm using my index.php to redirect straight to my login.php not sure if this is the issue as before I change this it was working. Any ideas?
Index.php
<?php
header("Location: Login.php");
?>
Login.php
<?php
ob_clean();session_start();
if (isset($_GET['logout'])){
session_destroy();
}
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true){
header("Location: index.php");
}
$Username = $_POST['username'];
$EnteredPassword = $_POST['password'];
if (isset($_POST['submit'])){
if (is_dir("USERS/".$Username) === true){
$myFile=fopen("USERS/".$Username."/Password.txt","r") or exit("Can't open file!");
$CorrectPassword = fgets($myFile);
fclose($myFile);
if ($CorrectPassword == $EnteredPassword){
$_SESSION['loggedin'] = true;
header("Location: Home.php");
}
else {
echo '<font color="#FF0000"><p align="center">Username or Password incorrect please try again</p></font>';
}
}
else {
echo '<font color="#FF0000"><p align="center">Username or Password incorrect please try again</p></font>';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Project Archive - Login</title>
<link href="CSS/boilerplate.css" rel="stylesheet" type="text/css">
<link href="CSS/master.css" rel="stylesheet" type="text/css">
<script src="JAVASCRIPT/respond.min.js"></script>
</head>
<body link="black">
<div class="gridContainer clearfix">
<div id="headerLoginDiv">
<div id="titleLoginDiv">
<p>Project Archive</p>
</div>
</div>
<h1 align="center">Login</h1>
<h3 align="center">Welcome. Please login to continune.</h3>
<form method="post" action="index.php">
<div id="userNameLoginDiv">
<p align="center">Username:</p>
<input type="text" name="username" size="12">
</div>
<div id="userPasswordLoginDiv">
<p align="center">Password:</p>
<input type="password" name="password" size="12">
</div>
<div id="loginBtnDiv">
<input id="button" name="submit" type="submit" value="Login">
</div>
</form>
</body>
</html>
Obviously, if you go to index.php, you are asking the browser to go to login, irrespective of whether the user is logged in or not:
<?php
header("Location: Login.php"); // This blindly redirects the user to the login page.
?>
Instead of the above code, check and send the user:
<?php
// Start the session.
session_start();
// Instead check if the user is logged in and then redirect.
if (!isset($_SESSION['loggedin']))
header("Location: Login.php");
?>
Also, don't forget to start your session with session_start() at the beginning.

PHP Sessions Dies on next page

I have a login page wich sends a variable to another page verifying if login is true (1) or false (0). I can echo $_SESSION['logon'] on page1 but just as I go to page2, my session seems to be dead and gives me * Notice: Undefined index: logon in * I have already fiddled with php.ini but to no avail. Register_globals = off by the way. I'm a rookie so I might have passed something wrong, didn't change the right parameter in php.ini, don't know.
Login Page:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="pt-br" xml:lang="pt-br">
<head>
<title>Alpha</title>
<link rel="stylesheet" href="CSS.css">
<script type="text/javascript" src="js/jquery-1.3.1.min.js"></script>
<script src="https://code.jquery.com/jquery-1.10.2.js"></script>
<script type="text/javascript" src="js/jquery.history.js"></script>
</head>
<body>
<form id="logbox" method="post" action="verylog.php">
User <input id="user" name="user" type="text" required/>
Password <input id="pass" name="pass" type="PASSWORD" required/>
<input id="send" type="submit"/>
</form>
<?php
if(isset($_POST['user'])){
header("Location: verylog.php");
}
?>
</body>
</html>
verylog.PHP "page1"
<?php
session_start();
$user=$_POST['user'];
$pass=$_POST['pass'];
$_SESSION['logon']=0;
$cost = ['cost' => 10,];
$hasheduser=password_hash($user, PASSWORD_BCRYPT,$cost);
$hashedpass=password_hash($pass, PASSWORD_BCRYPT,$cost);
$storeuserhash=file_get_contents('sunburn/userburn.txt');
$storepasshash=file_get_contents('sunburn/passburn.txt');
if(password_verify($user, $storeuserhash) && password_verify($pass, $storepasshash)){
session_regenerate_id(true);
$_SESSION['logon']=1;
header ("Location: ../sunburn/selector.php");
die();
//echo $_SESSION['logon'];
} else{
header ("Location: ../burnlogin.php");
die();
}
?>
selector.php "Page2"
<?php
session_start();
$logon=$_SESSION['logon'];
if($logon==0){
//header("Location: index.php");
exit();
echo $_SESSION['logon'];
}else{
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="pt-br" xml:lang="pt-br">
<head>
<link rel="stylesheet" href="localhost/CSS.css">
<link rel="stylesheet" href="CSS.css">
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
</head>
<body>
<div class="divreg">
<div>
<a href="../sunburn/register.php">
<button type="button" >-REGISTRAR-</button>
</a>
</div>
<div>
<a href="../sunburn/deltePAGE.php">
<button class="button1" type="button" value="deltePAGE" >-DELETAR-</button>
</a>
</div>
</div>
<div id="select">
</div>
</body>
<?php
}
?>
And I'm sorry about any typo I may have sent.
You are using exit before echo and you need to check condition on pag2.php like this :
if(isset($_SESSION['logon']) && $_SESSION['logon'] != "") {
$logon=$_SESSION['logon'];
if($logon==0){
//header("Location: index.php");
echo $_SESSION['logon'];
exit();
}
}

Header redirection on the same page

I have small problem with part of my script:
<?php
session_start();
include_once('../includes/connection.php');
if(isset($_SESSION['logged_in'])) {
?>
<html>
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="../css/style.css">
</head>
<body>
<h1>Markup 1</h1>
</body>
</html>
<?php
} else {
if(isset($_POST['email'], $_POST['password'])) {
$email = $_POST['email'];
$password = $_POST['password'];
$query = $db->prepare("SELECT * FROM user WHERE user_email = ?");
$query->bind_param('s',$email);
$query->execute();
$query->bind_result($user_id,$user_name,$user_email,$user_password);
$query->fetch();
$user = array("user_id"=>$user_id, "user_name"=>$user_name, "user_email"=>$user_email, "user_password"=>$user_password);
if($user['user_id'] != 0) {
$_SESSION['logged_in'] = true;
header("Location: index.php");
die();
} else {
$error = "Incorrect details!";
}
}
}
?>
<html>
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="../css/style.css">
</head>
<body>
<h1>Markup 2</h1>
<div class="container">
<h3>Please login</h3>
<?php if(isset($error)) { ?>
<h4><?php echo $error; ?></h4>
<?php } ?>
<form action="index.php" method="post" autocomplete="off">
<input type="text" name="email" placeholder="E-mail">
<input type="password" name="password" placeholder="Password">
<input type="submit" value="Login">
</form>
</div>
</body>
</html>
Problem is that script after refreshing (calling header() method) doesn't execute die() statement, and after successfully set session variable and rendering part with "Markup 1" it will also render "Markup 2" part but it shouldn't.
I found this example here: https://www.youtube.com/watch?v=UNTvU--o2q8.
You can try including the second markup section within the else block this is a fairly hackish fix, but it should accomplish what you are aiming for. I would recommend restructuring this section and pulling some of the markup out to separate included files.
<?php
session_start();
include_once('../includes/connection.php');
if(isset($_SESSION['logged_in'])) {
?>
<html>
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="../css/style.css">
</head>
<body>
<h1>Markup 1</h1>
</body>
</html>
<?php
} else {
if(isset($_POST['email'], $_POST['password'])) {
$email = $_POST['email'];
$password = $_POST['password'];
$query = $db->prepare("SELECT * FROM user WHERE user_email = ?");
$query->bind_param('s',$email);
$query->execute();
$query->bind_result($user_id,$user_name,$user_email,$user_password);
$query->fetch();
$user = array("user_id"=>$user_id, "user_name"=>$user_name, "user_email"=>$user_email, "user_password"=>$user_password);
if($user['user_id'] != 0) {
$_SESSION['logged_in'] = true;
header("Location: index.php");
die();
} else {
$error = "Incorrect details!";
}
} ?>
<html>
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="../css/style.css">
</head>
<body>
<h1>Markup 2</h1>
<div class="container">
<h3>Please login</h3>
<?php if(isset($error)) { ?>
<h4>
<?php echo $error; ?>
</h4>
<?php } ?>
<form action="index.php" method="post" autocomplete="off">
<input type="text" name="email" placeholder="E-mail">
<input type="password" name="password" placeholder="Password">
<input type="submit" value="Login">
</form>
</div>
</body>
</html>
<?php } ?>
You can't call header() after you write content to the browser. You can sort of hack around this in PHP using output buffers (it's been a long time), but really you should move code that handles headers above all of your markup.
See: http://php.net/manual/en/function.header.php

Categories