I have this following PHP code for checking login in my index.php
<?php
session_start();
$con = mysqli_connect("***", "***", "***", "***");
$fbid_check=$_SESSION['loginid_session'];
$fbphoto_session=$_SESSION['loginphoto_session'];
$fbname_sql=mysqli_query($con, "SELECT fb_name FROM uni_users WHERE fb_id='$fbid_check' ");
$name_fetch=mysqli_fetch_array($fbname_sql, MYSQLI_ASSOC);
$fbname_session=$name_fetch['fb_name'];
if(isset($fbname_session))
{
header("location: http://www.uniwink.com/landing/profile.php");
}
mysqli_close($con);
?>
This checks for login and redirects to profile.php which has the following PHP code in the header to check for login
<?php
$con = mysqli_connect("****", "****", "****", "****");
session_start();
$fbid_check=$_SESSION['loginid_session'];
$fbphoto_session=$_SESSION['loginphoto_session'];
$fbname_sql=mysqli_query($con, "SELECT fb_name FROM uni_users WHERE fb_id='$fbid_check' ");
$name_fetch=mysqli_fetch_array($fbname_sql, MYSQLI_ASSOC);
$fbname_session=$name_fetch['fb_name'];
if(!isset($fbname_session))
{
header("location: http://www.uniwink.com/landing");
}
mysqli_close($con);
?>
And I have this following logout.php which is called from profile.php
<?php
session_start();
unset($_SESSION['loginid_session']);
unset($fbname_session);
session_destroy();
header("location: http://www.uniwink.com/landing");
exit();
?>
The problem is after logout, it still goes into profile.php . It is as if like the session is not destroyed at all. The thing is it was working properly until yesterday and happened all of a sudden. Thanks
try to move session_start(); above the mysql connection.
change
$con = mysqli_connect("****", "****", "****", "****");
session_start();
to
session_start();
$con = mysqli_connect("****", "****", "****", "****");
also use isset with session
if (isset($_SESSION['loginid_session'])){
.....
}
try adding the following to your logout;
$_SESSION = array();
if (ini_get("session.use_cookies"))
{
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
Note: This will destroy the session - not just the session data.
Check for the session.
if (isset($_SESSION['loginid_session']))
{
header("location: http://www.uniwink.com/landing/profile.php");
}
else
{
header("location: http://www.uniwink.com/landing");
}
Related
I have 2 user level, one is for the admin_tbl and the other is for cashier_tbl they have the same database. My problem is whether I log out either cashier or admin the other one is also log out when I refresh the page. I dont know what the problem is, I used different table so but it log out both of them at the same time? kindly help me with this problem, give me some ideas of whats wrong. Thanks!
UPDATE: Thats my logout code for both cashier_tbl and admin_tbl
This is my code for cashier_tbl
<?php
session_start();
$_SESSION = array();
if (ini_get("session.use_cookies")){
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
session_destroy();
header("Location: index.php");
?>
And this is for my admin_tbl
<?php
session_start();
$_SESSION = array();
if (ini_get("session.use_cookies")){
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
session_destroy();
header("Location: index.php");
?>
Your problem on this line :
if (isset($_SESSION['user_id']))
{
header("Location: user_maintenance.php");
}
it's redirect you to user_maintenance.php even if $_SESSION is empty. And on :
if (isset($_SESSION['user_id']))
{
header("Location: order.php");
}
is same to.
These is the others correct way.
I assumed you never set session_unset() or session_destroy() in your logout method.
Delete session_unset() and session_start(); in the first line of your code above, it's not neccessary.
After check the user login method like your code above, in your file order.php and user_maintenance.php, start the session. it would something like this :
<?php
session_start();
// check if the user was login or not
if($_SESSION['login'] == false){
header('Location: user-is-not-login.php');
}
?>
// this area can be access if session is true.
create logout method in location that session was set. something like this :
<?php
session_start();
session_destroy();
session_unset();
header('Location: login.php');
?>
You need to destroy the session before set a new session.
hope these help.
I have built a login page using php and pdo and created and logged in properly but after clicking log out button if I click back again it again goes to my page which appear only if logged in I even used session but it is not running properly even
<?php
include('connect.php');
session_start();
if(isset($_POST['logout'])){
{
unset($_SESSION['logged_in']);
session_destroy();
header("location:index12.php");
}
}
if(isset($_POST['login']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$errflag = false;
if($username == '' and $password == '') {
echo "you must enter username and password";
$errflag = true;
}
if ($errflag == false) {
SignIn($username,$password);
}
}
function SignIn($username,$password){
global $connect;
$search = $connect->prepare("SELECT * FROM users where username =
:username AND password = :password ");
$search->bindParam(':username',$username);
$search->bindParam(':password',$password);
$search->execute();
$count = $search->rowCount();
if($count> 0)
{
$_SESSION['username'] = $_POST['username'];
if(!isset($_SESSION['logged_in']))
header("Location: myfile.php");
}
else{
echo "wron email or password";
}
}
?>
the code of inner page is
<?php
echo "welcome to the website ";
echo "congrats you are logged in ";
?>
<html>
<head>
<title>
welcome here</title>
</head>
<body>
<form method ="POST" action = "login.php">
<button name="logout" style="float:right;">logout</button>
</form>
<h1><center>google is one of the best search engine</center></h1>
</body>
</html>
thankyou I updated the in the above manner but it is not working
Add bit of code session_start(); at the beginning of the page.
<?php
session_start();
if(isset($_POST['logout'])){
{
unset($_SESSION['logged_in']);
session_destroy();
header("location:index12.php");
}
}
?>
Also if you have not start session in connect.php ,you must need to start session by using session_start();
<?php
session_start();
include('connect.php');
I don't know how do you start your session but this a suggestion:
I generally write a new_session() function which looks like the following. I do prefer to set cookie params so we can have some control over it.
function new_session()
{
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams['lifetime'], $cookieParams['path'], $cookieParams['domain'], Sessions::SECURED_COOKIES, Sessions::HTTP_ONLY);
session_name('My_Awesome_App');
session_start();
session_regenerate_id();
}
And another one to destroy everything
function destroy_session()
{
session_unset();
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
session_destroy();
}
You can find the documentation about session_get_cookie_params() here
and about session_set_cookie_params() here
Back to your example
Using this new function you should call new_session() on top of your pages and your logout should look like.
new_session();
if (isset($_POST['logout'])) { {
unset($_SESSION['logged_in']);
destroy_session(); // our new function
header("location:index12.php");
}
}
I tried a login and logout function in a signin bootstrap theme and it worked fine. But am not able to logout the session in my other tenplate when I use the same code which I used previously which worked. I tried all most all the solutions found in internet. I am getting a blank page when I click on Logout link.
login.php
<?php
session_start();
if (!empty($_SESSION['login_user'])) {
header('location:index.php');
}
?>
---html code---
<?php
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', '');
define('DB_DATABASE', 'foodchain');
$db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
if($_SERVER["REQUEST_METHOD"] == "POST") {
$myusername = mysqli_real_escape_string($db,$_POST['email']);
$mypassword = mysqli_real_escape_string($db,$_POST['password']);
$sql = "SELECT email,password FROM user_register WHERE email='$myusername' and password = '$mypassword'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQL_ASSOC);
$count = mysqli_num_rows($result);
if($count == 1) {
$_SESSION['login_user'] = $myusername;
header('Location:index.php');
}else {
$logmsg = "Invalid Username or Password";
}
}
?>
check_login.php
<?php
session_start();
if (!isset($_SESSION['login_user']) || empty($_SESSION['login_user'])) {
header('location:login.php');
}
?>
logout.php
<?php
session_start();
session_destroy();
header("Location:login.php");
die();
?>
index.php
<?php
include('check_login.php');
?>
Its perfectly working when I don't use the template(downloaded from some website), or when I use the bootsrap signin template.
You really should provide us with some source code, links to things that you've tried, what you've previously tried, what errors you received, etc. From what I can gather, you're looking for a logout page using sessions? Here's what I've got.
<?php
session_start();
session_destroy();
header('Location: ..');
?>
The key part is setting $_SESSION to an empty array.
From http://php.net/manual/en/function.session-destroy.php:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
I have a session set up like this:
<?php
session_start();
include 'conconfig.php';
$con = new mysqli(DB_HOST,DB_USER,DB_PASS,DB_NAME);
$email = $_POST['email'];
$pass = $_POST['pass'];
$query = "SELECT * FROM tempusers WHERE user='$email' AND pass='$pass'";
$result = mysqli_query($con,$query)or die(mysqli_error());
$num_row = mysqli_num_rows($result);
$row=mysqli_fetch_assoc($result);
if( $num_row >=1 ) {
echo 'true';
$_SESSION['uName'] = $row['uName'];
}
else{
echo 'false';
}
?>
and in my logout.php I have
<?php
session_start();
session_unset();
unset($_SESSION['uName']);
session_destroy();
header("Location:index.php");
?>
but none of the session_unset(); , unset() and session_destroy(); seems to be not working because after getting to the page I am still able to use browser Back button and back to the restricted page! besides the header() is not changing the page into index.php can you please let me know what I am doing wrong and how I can fix it?
Basically, I have a Log out Link in Restricted page which is like this
<a href="logout.php" >Logout</a>
Thanks
Update:
Here is the Session code which I have at the top of restricted page
<?php
session_start();
if(empty($_SESSION['uName'])){
header('Location: login.php');
}
?>
Try regenerating the session id and destroying all the data.
<?php
session_start();
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(), '', 0, '/');
session_regenerate_id(true);
header("Location:index.php");
exit();
?>
Ok here is my problem:
When a user logs into my site I put all their user info into a session like this
session_start();
//Put all user info into session cookie
$_SESSION["login"] = 'true';
$_SESSION["id"] = $user_info['id'];
$_SESSION["firstname"] = $user_info['firstname'];
$_SESSION["lastname"] = $user_info['lastname'];
$_SESSION["screen_name"] = $user_info['screen_name'];
$_SESSION["facebook"] = $user_info['facebook'];
$_SESSION["email"] = $user_info['email'];
$_SESSION["date_joined"] = $user_info['date_joined'];
$_SESSION["account_type"] = $user_info['account_type'];
$_SESSION["account_active"] = $user_info['account_active'];
$_SESSION["hashed_password"] = $user_info['hashed_password'];
The problem is if they logged in from www.domain.com and then end up on a page at domain.com or the other way around they login from domain.com and end up on a page at www.domain.com the info stored in the session is not available.
How can I have the session info available no matter if they logged in with www or not?
# Mr. Grossman
Would it be proper to do something like this:
<?php
//Ok I modified the code so I don't get the undefined errors I was getting
//OLD CODE
//$currentCookieParams = session_get_cookie_params();
//$rootDomain = '.domain.com';
//session_set_cookie_params(
//$currentCookieParams["3600"],
//$currentCookieParams["/"],
//$rootDomain,
//$currentCookieParams["false"],
//$currentCookieParams["false"]
//);
//session_name('mysessionname');
//NEW CODE
$rootDomain = '.beckerfamily1.com';
session_set_cookie_params( 3600, '/', $rootDomain, false, false);
session_start();
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 2700)) {
// last request was more than 45 min ago
if(isset($_SESSION['id'])){
$connection = mysql_connect('localhost', '******', '*******');
if (!$connection){
die('Database connection failed: ' . mysql_error());
}
$db_select = mysql_select_db('beckerfamily');
if(!$db_select){
die('Could not select database: ' . mysql_error());
}
$query = "UPDATE users SET online='no' WHERE id='{$_SESSION['id']}' LIMIT 1";
$result = mysql_query($query);
if (!$result) {
die("Database query failed: " . mysql_error());
}
}
$_SESSION = array();
if(isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}
session_destroy(); // destroy session data in storage
session_unset(); // unset $_SESSION variable for the runtime
if(isset($connection)){
mysql_close($connection);
}
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
?>
Also is it necessary to have session_name('mysessionname'); or can I just omit that and PHP will set the session name on its own?
Cookies (like the PHPSESSID cookie) are only available on the domain they were set on. You can make the domain include all subdomains:
ini_set('session.cookie_domain', '.example.com' );
or if configuration does not allow you to override that,
$currentCookieParams = session_get_cookie_params();
$rootDomain = '.example.com';
session_set_cookie_params(
$currentCookieParams["lifetime"],
$currentCookieParams["path"],
$rootDomain,
$currentCookieParams["secure"],
$currentCookieParams["httponly"]
);
session_name('mysessionname');
session_start();
http://php.net/manual/en/function.session-set-cookie-params.php
Even better might be to choose whether you want your site accessed through www or not, and redirect all requests to the other.
I'm not sure what language you are using, but you need to change the "domain" property of your session cookie. If you set the cookie domain to "domain.com", it will be accessible on both "domain.com" and "www.domain.com".