I have one problem with my logout.php . Problem is second time logout. For example, a user has two accounts on my website. User loged in with the first account and then he click loged out it is ok. But when he logged in with the second account then he click loged out logout.php does not work. Can you help me here please..
Here is my session.php
<?php
$session_uid=$_SESSION['uid'];
// Session Private
if(!empty($session_uid))
{
$uid=$session_uid;
$login='1';
}
else if($_GET['username'] || $_GET['msgID'])
{
$uid=$Wall->User_ID($username);
$login='0';
}
else
{
$url=$base_url.'index.php';
header("location:$url");
}
?>
And here is Login.php code:
<?php
ob_start("");
error_reporting(0);
include_once 'includes/db.php';
include_once 'includes/User.php';
session_start();
$session_uid=$_SESSION['uid'];
if(!empty($session_uid))
{
header("location:main.php");
}
$User = new User();
//Login
$login_error='';
if($_POST['user'] && $_POST['passcode'] )
{
$username=$_POST['user'];
$password=$_POST['passcode'];
if (strlen($username)>0 && strlen($password)>0)
{
$login=$User->User_Login($username,$password);
if($login)
{
$_SESSION['uid']=$login;
header("Location:main.php");
}
else
{
$login_error="<span class='error'>Wrong password or username!</span>";
}
}
}
//Registration
$reg_error='';
if($_POST['email'] && $_POST['username'] && $_POST['password'] )
{
$email=$_POST['email'];
$username=$_POST['username'];
$password=$_POST['password'];
if (strlen($username)>0 && strlen($password)>0 && strlen($email) )
{
$reg=$User->User_Registration($username,$password,$email);
if($reg)
{
$_SESSION['uid']=$reg;
header("Location:main.php");
}
else
{
$reg_error="<span class='registererror'>Username or Email is already exists.</span>";
}
}
}
?>
And logout.php code:
<?php
error_reporting(0);
session_start();
$_SESSION['uid']='';
if(session_destroy())
{
$url=$base_url.'index.php';
//header("Location: $url");
echo "<script>window.location='$url'</script>";
}
?>
Because you decided to do echo "<script>window.location='$url'</script>"; instead of header("Location: $url"); your logout.php is being cached in the browser. So on the second click, its not even hitting the server.
You should do the redirect on the server-side, not in Javascript. If (1) you don't print anything, (2) you only return the location header, (3) you do the redirect regardless of whether session_destroy() returns true or false, then the browser should not cache this page, and you should not have this problem.
Of course the page being redirected to could also have been cached, so set no-cache headers on pages that should be protected by the login so that a cached version will not be displayed by the browser when the user is logged out.
Related
I know that basically the page redirects to a page that redirects to the first page, but for some reason I can't seem to find the errors in my code. Basically if the session is not logged in, go to the login page / do nothing, but if they are logged in redirect them to the index.
if (isset($_SESSION['loggedin'])) {
if ($_SESSION['loggedin'] == null || $_SESSION['loggedin'] == "false") {
$_SESSION['loggedin'] == "false";
}
elseif ($_SESSION['loggedin'] == "true") {
header('location:index.php');
}
}
You can simply do it like this :)
This is your "index.php" in your system login page:
<?php
session_start();
if(isset($_SESSION['loggedin'])){
header("location:your_dashboard.php"); //your main dashboard
}
?>
And this is "your_dashboard.php" in your system:
<?php
session_start();
if(!isset($_SESSION['loggedin'])){
header("location: index.php"); //index of your login page
}
?>
Im still new at php and I am trying to make a login page. I am having trouble redirecting people back to my login page if they have not logged in yet. I don't want anybody to have direct access to my index page through the url.
So far on top of my index page I have
<?php
session_start();
if (!isset($_SESSION["userid"])) {
header("Location: login.php");
}
?>
Should I also have a session_start() on top of my login page? When a person logs I have this function
function loginUser($conn, $username, $password) {
$usernameExists = usernameExists($conn, $username, $username);
if($usernameExists === false) {
header("location: ../login.php?error=wronglogin");
exit();
}
$passwordHashed = $usernameExists["userPassword"];
$checkPassword = password_verify($password, $passwordHashed);
if($checkPassword === false) {
header("location: ../login.php?error=wronglogin");
exit();
}
else if ($checkPassword === true) {
session_start();
$_SESSION["userid"] = $usernameExists["userId"];
$_SESSION["userName"] = $usernameExists["username"];
header("location: ../index.php");
exit();
}
}
But so far every time I login with it does not let me go to my index page anymore unless I only have session_start() on top of my index page. But once i put
if (!isset($_SESSION["userid"])) {
header("Location: login.php");
}
it does not let me go to the index page anymore. When I log in it just takes me back to the login page again.
Good morning/evening,
I'm stuck and I need some help in PHP.
I am trying to code up an admin dashboard. And I want to check if user is logged in, if not , redirect to the login page.
My index.php is this:
<?php
$pagename ="Index";
#require_once('inc/head.php');
?>
<body>
CONGRATS! Welcome to the Admin dashboard.
</body>
</html>
My login page:
<?php
$pagename = "login";
$adminUser = "admin";
$adminPass = "admin";
#require_once('inc/head.php');
// If POST is submitted and IDs match the ones set
if($_SERVER["REQUEST_METHOD"] == "POST")
{
if($_POST["username"] == $adminUser && $_POST["password"] == $adminPass)
{
session_start();
$_SESSION["username"] = $adminUser;
$_SESSION["login"] = true;
echo '<script>alert("Congrats, you logged in");
window.location = "index.php"; </script>';
/* I skip the line underneath because for unknown reasons my code
Doesn't fully run through. So I redirected with the JS above instead.
header("Location: index.php");
exit(); */
}else{
echo '<script>alert("Incorrect username or password!'");</script>';
}
}
?>
<html>
<!-- login page here -->
</html>
And here goes my head.php:
<?php
// If we AREN'T on the login page , check if session exist. If not send to login
if($pagename != "login")
{ if(!$_SESSION['login'])
{
header('location: login.php');
exit();
}
}
?>
There is alot of things wrong with this and I know but as of now I'm trying to fix my login in issue. Whenever I log in I get the JS pop up that says I successfully logged in, but I don't get redirected to the index. I think I do get sent to my index.php ( there's no reason for my JS redirect to NOT function ) but my index sends me right back to login and I don't understand why.
Start Session in head.php page.
head.php
<?php
if($pagename != "login") {
session_start();
if(!$_SESSION['login']) {
header('location: login.php');
exit();
}
}
?>
I've started to learn PHP Sessions recently.That really helped me to do the login properly.
I should give the link to you first: mk-appform.net16.net/login.php(feel free to use as you want,This is a testing.Im able to change the pass as soon as it gets fixed)
Username:admin
Password:1234
Please test it
The problem is,When you're not logged in and type mk-appform.net16.net/advsearch.php directly in the adress bar,The content of the page that I require login beforehand is visible for a second.Then it redirects to login page.But you know,I would not want this to be shown in any way.It should require login eventually.
Here are the PHP codes of login.php
<?php
if (isset($_POST['submit']))
{
if(isset($_POST['user']) && isset($_POST['password']))
{
$user = $_POST['user'];
$password = $_POST['password'];
if(empty($user) || empty($password))
{
echo 'Please fill the form';
}
else
{
if($user == 'admin' && $password == '1234')
{ // check the infos
session_start();
$_SESSION['user'] = 'admin';
$_SESSION['password'] = '1234';
echo 'Login Succeeded.Now redirecting to panel...';
header("refresh:2; url=advsearch.php");
}
else
{
echo 'Invalid Username or Password';
}
}
}
else
{
echo 'Please use the form';
}
}
?>
And ,the code of the content I show after successfully logging in(advsearch.php)
<?php
session_start();
if(isset($_SESSION['user']) && isset($_SESSION['password']))
{
if($_SESSION['user'] == 'admin' && $_SESSION['password'] == '1234')
{
header("url=advsearch.php");
}
else
{
session_destroy();
echo 'Redirecting..';
}
}
else
{
header("refresh:0; url=login.php");
}
?>
header redirects aren't instantaneous. It takes a few moments for the browser to start shutting down the connection and initiate the new one. That means any content you output on the page after you output the location header can still be viewed. You have to abort your script after outputting the header. e.g.
<?php
if (need to redirect) {
header('Location: login.php');
echo 'redirecting to login page, please wait ...';
exit(); // you need this
}
... regular page contents ...
In short, if you don't want something visible to the user, then DON'T output it in the first place. Don't depend on everything working properly (or even fast). They rarely do.
I have this php script which redirects users to specific pages based on there username and password.
Once you're logged in and redirected to your page, then leave (go to the home page for example) and then click on client login again to return to your page, a message pops up saying you are already logged in click here to view your page. How do I get it to just redirect back to the page of the logged in user?
If your have trouble understanding, please visit my site to see it (user: tyler pass: tyler for the login info) splitlinemedia.com
login.php
<?php
if(!defined("SESSION")){
session_start();
define("SESSION", true);
}
if(isset($_GET["log_out"])){
unset($_SESSION["logged_in"]);
header('refresh: 3; url=login.php');
echo "You're logged out, and will be redirected in about 3 seconds";
exit;
}
$login = true;
require "protect.php";
$logins[0]["user"] = "tyler";
$logins[0]["pass"] = "tyler";
$logins[0]["redirect"] = "test.php";
$logins[1]["user"] = "x";
$logins[1]["pass"] = "y";
$logins[1]["redirect"] = "z.php";
// No need to edit below, except the errors
if(isset($_POST['submit'])){ //is the form submitted?
if(empty($_POST['user']) || empty($_POST['pass'])){
echo "You have to fill out the user name and password!";
exit;
} //check for empty user name or password
$is_logged = false;
foreach($logins as $login){
$user = $_POST;
if(($user["user"] == $login["user"]) && ($user["pass"] == $login["pass"])) {
$is_logged = true;
$_SESSION["logged_in"] = array($login["redirect"], true);
header("Location: ".$login["redirect"]);
exit;
}
}
if(!$is_logged){ echo '<script type="text/javascript">alert("Inncorect username or password");window.history.go(-1);</script>'; }
}
?>
protect.php
<?php
if(!defined("SESSION")){
session_start();
define("SESSION", true);
}
if((!isset($_SESSION["logged_in"])) || !$_SESSION["logged_in"][1]){
if(!isset($login)){
header("Location: login.php"); //check to see if logged in, otherwise go to the login
exit;
}
} else if (isset($login) || isset($index)){
echo "Your already logged in!! <a href='login.php?log_out'>Click here</a>, to logout. Or, go back to your <a href='{$_SESSION['logged_in'][0]}'>page</a>.";
exit;
}
?>
Then this at the top of my test.php page
<?php
include("protect.php");
?>
This may help you,
<?php
if(!defined("SESSION")){
session_start();
define("SESSION", true);
}
if((!isset($_SESSION["logged_in"])) || !$_SESSION["logged_in"][1]){
if(!isset($login)){
header("Location: login.php"); //check to see if logged in, otherwise go to the login
exit;
}
} else if (isset($login) || isset($index)){
header("Location: " . $_SESSION['logged_in'][0]);
}
?>
In protect.php simply replace the echo line that says they are already logged in with a header redirect line such as: header("Location: ".$_SESSION['logged_in'][0]);