I am dealing with a PHP site that use cookies to login users; the problem is I can't get the input email from the login page to the home page.
I always get this in the home page:
(Welcome Email!)
where it should be:
(Welcome user#gmail.com!)
Here is my code of the home page:
<?php
if (isset($_COOKIE["Email"])){
echo "Welcome " . $_COOKIE["Email"]. "!<br>";
echo 'logout';
}
else{
setcookie("Email", "Email", time()-50000);
echo 'you are logged out please login';
}
?>
You need to show us the code on your login page so that we know how you are setting your "Email" cookie variable, like did you use
setcookie("Email", "bla_blah_blah");
Have you tried using sessions instead?
After successful login, before redirect:
session_start();
$_SESSION['Email']="user#gmail.com";
Then on your welcome page:
<?php
session_start();
if(isset($_SESSION["Email"])){
echo "Welcome " . $_SESSION["Email"]. "!<br>";
echo 'logout';
}
else{
setcookie("Email", "Email", time()-50000);
echo 'you are logged out please login';
}
?>
This also has the added benefit of storing the session info on your server as opposed to on the user's computer.
To kill the session just use:
session_destroy();
Related
I want to include a link to my logout.php which includes code to destroy the session inside my php on this page how would I do this?
<?php
if (isset($_SESSION['username'])) {
echo 'Welcome';
"Logout";
} else {
include 'loginform.php';
echo 'Please Log In';
}
?>
Can you try this code, if the SESSION is empty:
<?
session_start();
if (empty($_SESSION['username'])){
echo 'Please Log In';
include 'loginform.php';
}else{
echo 'Welcome';
?>
Home
<?
}
?>
Before you use any $_SESSION variable, you have to call session_start()
The logout should first open the session by calling session_start(), then destroy it by calling session_destroy
You aren't currently telling PHP to display the link to the logout page. It either needs to be included in the echo or outputted elsewhere. For example;
if (isset($_SESSION['username'])) {
echo 'Welcome';
echo 'Logout';
}
else {
include 'loginform.php';
echo 'Please Log In';
}
In your logout.php put this code ,
<?php
session_start();
session_destroy();
?>
<?php
$name=$_GET['var'];
if($_SESSION["loginvalue"]==1)
{
echo "Welcome,$name";
echo " <a href='login.php'>Logout</a>";
}
?>
This is code i have used to maintain session in the page. What i want is if some enter local/project/cms.php url in web browser then it should not open. I want cms.php to be open only if someone login first otherwise it should not be opened.
not 100% sure what you mean; but...
Firstly there are some issues with the code given, where's session_start(), your code is also open to XSS attack on the $name var because your not escaping input, you need to use htmlentities() user input if your going to display it back to the user. Also you need to check variables are set before using to avoid PHP undefined index warnings. Other then that, you basically check if user is logged in, if there not then you redirect them, to your login page.
<?php
session_start();
$name = isset($_GET['var']) ? $_GET['var'] : null;
if(isset($_SESSION["loginvalue"]) && $_SESSION["loginvalue"]==1)
{
echo "Welcome,".htmlentities($name, ENT_QUOTES);
echo ' Logout';
}else{
//Redirect user to login page if not logged in.
exit(header("location: ./login.php"));
}
?>
You may modify your code like this:
<?php
session_start();
$name=$_GET['var'];
if($_SESSION["loginvalue"]==1)
{
echo "Welcome, ". htmlentities($name, ENT_QUOTES, "UTF-8");
echo " <a href='login.php'>Logout</a>";
}else{
//Redirect user to login page.
header("location: /login.php");
}
?>
having log out issues when i click the log out button it does not destroy session so when the log in page loads it still sees that theres a live session and picks up on that
heres the log out code for the buttons what is the correct way to code it so it also destroys current session
<?php
// if you need the user's information, just put them into the $_SESSION variable and output them here
echo WORDING_YOU_ARE_LOGGED_IN_AS . $_SESSION['user_name'] . "<br />";
//echo WORDING_PROFILE_PICTURE . '<br/><img src="' . $login->user_gravatar_image_url . '" />;
echo WORDING_PROFILE_PICTURE . '<br/>' . $login->user_gravatar_image_tag;
?>
<div>
<a href= session_destroy();><?php echo WORDING_LOGOUT; ?></a>
<?php echo WORDING_EDIT_USER_DATA; ?>
</div>
<?php include('views/_footer.php'); ?>
hope this helps.
In your href tag, put another php page and in that php page, do a session destroy and you can redirect using header() once the session is destroyed.
<?php echo WORDING_LOGOUT; ?>
In your logout.php
<?php
session_start();
if(session_destroy()){
header("Location: index.php");
}
?>
session_destroy(); is a PHP function. Completely different from HTML, My advice:
Then on logout.php:
<?php
session_start();
if (session_destroy()){
// redirect if session is sucessfully destroyed:
header("Location: page.php/html");
}else{
echo "problem Occurred. Please contact the site administrator";
}
?>
Though, i'm confsued as to why you would have so many defined constants, when you could just simply echo a string.
Today my question is how do i get people to roam the site with out logging in, I have tryed loads and loads of diffrent ways, when i tried to roam my site when i was not logged in it just used to redirect me to my login page, but when i tried my most recent code (the one below this post) it just comes up with this error, Undefined index: username in E:\wamp\www\login\main.php on line 6
<?php
ob_start();
//session
session_start();
$_session_username = $_SESSION['username'];
if (!isset($_session_username))
{
echo"Hello i'm sorry to say this but your not logged in <a href='login.php'>Log-in</a>";
exit();
}
else
{
echo "hello, ".$_session_username." <a href='logout.php'>Log out</a>";
}
ob_end_flush();
?>
Put simply you were on the right path, however you can't assign $_SESSION['username'] to a variable and then check if it is set. You first need to check if the $_SESSION['username'] is set, and then if it is you are able to assign it to a variable.
<?php ob_start();
//session
session_start();
if (!isset($_SESSION['username']))
{
echo"Hello i'm sorry to say this but your not logged in <a href='login.php'>Log-in</a>";
exit();
}
else
{
$_session_username = $_SESSION['username'];
echo "hello, ".$_session_username." <a href='logout.php'>Log out</a>";
}
ob_end_flush();
?>
I have come along something i could not solve for so long.
i have created a script in php that unsets one single session variable, However the page stats the session Here is my code for the page :
<?php
session_start();
require_once("../header.php");
if($_SESSION['user']) {
unset($_SESSION['user']);
echo "you succesfully logged out.";
header("Refresh:5; url=http://www.webmasteroutlet.com");
} else {
echo "you are already NOT LOGGED IN right now.";
}
require_once("../footer.php");
?>
That is the whole code on this page. and it always prints out "you are already NOT LOGGED IN right now." $_SESSION['user'] is assigned true in login.php page and i have session_start(); at the very beginning of the page right after the <?php opening.
The session variable is recognized at all other files with php extension and that is the only single file that it is not working on. I also tried
<?php
session_start();
echo $_SESSION['user'];
?>
and it does not print anything. It simply skips that line and does nothing. What am i doing wrong ?
Thank You very much for your help.
this is the header.php code
<?php
session_start();
require("config.php"); // that only contains connection to the database and it is successful.
if(isset($_SESSION['user'])==1){
echo "<div id=\"topnav\" class=\"topnav\"><span>".$_SESSION['username']."</span> <span>LOGOUT</span></div>";
}
else if ($_SESSION['admin']) {
echo "<div id=\"topnav\" class=\"topnav\">"."<span>".$_SESSION['adminusername']."</span> ";
echo "<span>LOGOUT</span></div>";
}
else if ( !isset($_SESSION['user'])) {
require ($_SERVER['DOCUMENT_ROOT']."/users/login.php");
}
require("search.php");
?>
i think you need the if is set and make sure you pass the sessions data to this page it looks like your unsetting this
Try this:
<?php
session_start();
require_once("../header.php");
if(isset($_SESSION['user'])) {
echo "User.".$_SESSION['user']." you are being logged out";
unset($_SESSION['user']);
header("Refresh:5; url=http://www.webmasteroutlet.com");
} else {
echo "You are not logged or var SESSION doesnt exist";
}
require_once("../footer.php");
?>
If still doesnt work, try deleting the require_once lines(for debug).
Justin, I think you're not setting the $_SESSION['user']. That'd be the reason why you're getting NULL when you vardump.
One other possibility, although I'm limited to the scripts you provided, would be that you made it possible for a person to login through $_SESSION['admin'] as well as $_SESSION['user']. If this is the case you'd have to change the script to:
if(isset($_SESSION['user'])) {
unset($_SESSION['user']);
echo "user succesfully logged out.";
}elseif(isset($_SESSION['admin'])){
unset($_SESSION['admin']);
echo "admin succesfully logged out.";
}else{
echo "you are already NOT LOGGED IN right now.";
}