i am trying to write a automatic logout script which seems to work but not to my expectations,i do not know what exactly im doing wrong,i want to put the timeout.php on every page so that when the user is idle it logs out automatically and redirects it to login page but when i put the timeout.php on for my add user page where admin adds users,its overriding the link for the add user page and putting a login page which is also not coming out nicely(i.e the form is getting out of its position)
this is the timeout.php code
<?php
$_SESSION = 0;
if($_SESSION['session_count'] == 0) {
$_SESSION['session_count'] = 1;
$_SESSION['session_start_time']=time();
} else {
$_SESSION['session_count'] = $_SESSION['session_count'] + 1;
}
$session_timeout = 10; // (in sec)
$session_duration = time() - $_SESSION['session_start_time'];
if ($session_duration > $session_timeout) {
session_unset();
session_destroy();
session_start();
session_regenerate_id(true);
$_SESSION["expired"] = "yes";
header("Location: login.php"); // Redirect to Login Page
} else {
$_SESSION['session_start_time']=time();
}
?>
i want it to automatically logout and redirect itself to the login page with a message yoour session has expired and i want it to put it on every page without it disturbing the forms or overlapping the page
Related
I have this function which I am using at the beginning of every of my PHP pages, which is working fine, if time has expired, the next CLICK on the page it will go out fine and go to usuarioLoginLogout.php.
function verificarSiEstoyConectado()
{
if( $_SESSION['last_activity'] < time()-$_SESSION['expire_time'] )
{
header('Location: usuarioLoginLogout.php');
}
else
{
$_SESSION['last_activity'] = time();
}
}
In my welcome page, I'm settings session variable as follows:
$_SESSION['logged_in'] = true;
$_SESSION['last_activity'] = time();
$_SESSION['expire_time'] = 60*3;
My doubt is if exists any way to check that function but in a LOOP, not to wait to the user to do click in any link of my site in order to check at the beginning of any page that if has expired or not?
If it possible, how could I implement this?
Thanks in advance,
So far, I have only the login.html files which has login form, redirects user once logged on and logout function. What I want to do is once a user logs in, they redirect to but their username is displayed on the top of the page. And with the file... I just want it to be able to logout the user. So far on my website, I can login as far as I am concerned, and it redirects once user logs in, but I can login as many times as I want, and I can logout as many times as I want.... It's complicated to sort out and I want to do this without SQL or any other server-side storage (since I am only using HTML local storage).
You have to remove the session of username in logout code
unset($_SESSION['username']);
Hope this helps..If not,It would be better if you could provide the code, so that the problem can be sorted out
WRITE THIS ALL IN TOP PAGE
IN YOUR LOGIN PAGE
<?php
session_start();
if (isset($_POST["submit"])) {
$username = $_POST["username"];
$_SESSION["username"] = $username;
header('Refresh: 5; URL=GameWebsite.php')
}
?>
IN YOUR LOGOUT PAGE
if(isset($_SESSION['username']))
{
session_start();
session_unset();
session_destroy();
//Then you may redirect to the login page if you want after sometime.
echo " You have successfully logged out... You will be redirected back to the login page in a moment. ";
header('Refresh: 5; URL=login.php');
}
else
{
header("Location:login.php"); // HERE WHEN USER NO HAVE SESSION
}
IN ANOTHER PAGES YOU CHECK
if(isset($_SESSION['username']))
{
}else
{
header("Location:login.php"); // HERE WHEN USER NO HAVE SESSION
}
in your login page write on top
if(isset($_SESSION['username']))
{
header('Refresh: 5; URL=GameWebsite.html')
}
In your logout.php write
if(isset($_SESSION['username']))
{
session_start();
session_unset();
session_destroy();
//Then you may redirect to the login page if you want after sometime.
echo " You have successfully logged out... You will be redirected back to the login page in a moment. ";
header('Refresh: 5; URL=Login.html');
}
else
{
header("Location: login.php");
}
I have been developing the following php script (+ sqlite database) to create a login for my web.
Up to now I had used just one PHP file, but now I want to use different files for login and protected contents, I mean, I used to have all my web in one file php (contents and password script were together) but now I want to detach it in different php files (one for the login, login.php, and other phps protected: index.php, calendar.php...)
I used this code to password-protect php content:
<?php require_once "Login.php"; ?>
but it doesn't seem to work: it displays the form to login next to the content I wanted to protect.
This is the php script I'm using as login.php:
<?php
$db = new PDO('sqlite:data.db');
session_start();
if (isset($_GET['logout'])) {
unset($_SESSION['pass']);
header('location: index.php');
exit();
}
if (isset($_SESSION['timeout'])) {
if ($_SESSION['timeout'] + 4 < time()) {
session_destroy();
}
}
if (!empty($_POST['pass'])) {
$result = $db->query("SELECT user,password FROM users");
foreach ($result as $row) {
if (password_verify($_POST['pass'], $row['password'])) {
echo "Welcome! You're logged in " . $row['user'] . "! <a href='index.php?logout=true'>logout</a>";
$_SESSION['pass'] = $_POST['pass'];
$_SESSION['timeout'] = time();
}
}
}
if (empty($_SESSION['pass'])) {
echo '<form method="POST" action=""><input type="password" name="pass"><form>';
}
?>
MY QUESTION IS: How can I use my php script to protect different files?Is there any way to embed a logout link too?
One way is to store a token in session variables when a user logs in. Confirm the token is there on each page, if it isn't redirect the user to the login page. For example assert_login.php:
<?php
session_start();
if('' == $_SESSION['token']) {
header("Location: login.php");
exit();
}
?>
Then, in the PHP at the top of each of your pages:
<?php
require('assert_login.php');
?>
You can also clear the session variable on logout, logout.php for example:
<?php
require('assert_login.php'); // has session_start() already
$_SESSION['token'] = ''; // empty the token
unset($_SESSION['token']); // belt and suspenders
header("Location: login.php");
exit();
?>
I was also going through same issue & the way I solved it:
PSEUDO CODE:
PHP SESSION START
if(isset(GET(logout){
SetLogout();
die()}
$redirect=false
if not session[auth] exists
if SERVER REQUEST METHOD IS POST
$redirect=true;
if POST(username) && POST(pass) exists
Sanitize both of them & assign to $user& $pass
if user == "John" && $pass == "secret"
Go To SetLogin();
else{
Go To SetLogout();
echo "Wrong Username or Password"
drawlogin();
die();}
} //user pass comparing ends
} //Server method is NOT POST, so maybe it is GET.
//Do nothing, let the control pass to next lines.
}//SESSION(auth) does not exists, so ask user to login
else {
drawlogin();
}
//Post-Redirect-Get
if ($redirect)
redirect header to this same page, with 301
die()
// Secret Content here.
function SetLogin($user){
$SESSION(auth) = TRUE;}
function SetLogout($user){
if SESSION(auth) exists
unset($SESSION(auth))
redirect back with 301, without query string //shake ?logout
}
function drawlogin(){
echo all the HTML for Login Form
What it does is, it checks various things/variables, and if all passes, the control passes to Secret Content.
Save it as pw.php, & include it on top of any file you want to protect. Logout can be triggered by Logout
Note that this is just a pseudo code, typed on a tablet. I will try to update it with actual version. It is not checked for errors. Use all standard PHP Security precautions..
Hi each time im refreshing or click a button that reload my index page ... which is my main page, the session dies .... here is a simple of code :
//session.class.php
<?php
session_start();
$_SESSION["EMAIL"] = "";
$_SESSION["LOGED"] = 0;
?>
//index.php
<?php
include_once ('session.class.php');
if (isset($_GET['login'])) {/// it a button submit in my form that use for login
$_SESSION["LOGED"] = 1;
include ("/module/Users/profile.php");// class that show profile if login an
// password is good
echo "session = ".$_SESSION["LOGED"];
}
if ($_SESSION["LOGED"] == 0) {
echo userFormLogin();//show login
echo "<a href=index.php?content=register>Register</a>";
}
?>
TY every one :D
Every time you load page, your EMAIL and LOGED session variables get reset. You don't need to declare them, SESSIONS don't exist until you make one. You are basically creating session but when you load page it gets set to 0 and you ask for login again.
You should use:
if(isset($_SESSION['LOGED'])){
actions for logged in
}
else{
show login page
}
Ok, having trouble here:
I created a login script, so after a person logs in then they will get direted to another page. And also, I have it redirecting them to the login page if they try and access one of those other pages.
My problem is, if a user is logged in and stumbles to the login page again --by accident-- I would like for it to recognize that the user is logged in and redirect them to that next page (which is index2.php) ?? Having troubles :-(
Here is my code so far:
require_once "inc/functions.class.php";
$quickprotect = new functions('inc/ini.php');
if (isset($_SESSION['goAfterLogin'])){
$goto = $_SESSION['goAfterLogin'];
unset($_SESSION['goAfterLogin']);
}
else $goto = $quickprotect->settings['DEFAULT_LOGIN_SUCCESS_PAGE'];
if (isset($_POST[username])) {
if($quickprotect->login($_POST[username], $_POST[password])) header ("Location: $goto");
}
Here is how I store a users session in the functions page
public function is_logged_in() {
//Determines if a user is logged in or not. Returns true or false;
if ($_SESSION['logged_in'] === md5($this->settings[ADMIN_PW])) {
return true;
}
else return false;
}
You don't mention how you store your users in your session, but something like this should do it for you:
if(isset($_SESSION['user']))
{
header("Location: index2.php");
exit;
}
This will check if you have a user in your session, and if so, redirect to index2.php.
You need to change 'user' according to your session key.