The php code below is login_successful.php which is obtained after user logs in, in this page i want to display his 'username' and a logout link
<html>
<head>
<?php
session_start();
if(!session_is_registered(myusername)){
header("location:home.html");
}
?>
</head>
<body>
Welcome $myusername //here i want to display logged in user's name
Login Successful
</body>
</html>
how should i put logout link in this page without using another logout.php file.
Why use another page for logout? Do it like this
<?php
if(isset($_POST['logout'])) {
//Unset cookies and other things you want to
session_destroy();
header('Location: login.php'); //Dont forget to redirect
exit;
}
?>
<form method="POST">
<input type="submit" name="logout" />
</form>
You have to check wheter session has his username and then display, something like:
session_start();
if(isset($_SESSION['username'])){
echo "Hello, " . $_SESSION['username']);
echo "Logout"
}
You can always call session_destroy() to (guess what) destroy your sessions! From the manual:
session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie.
More important than use session_destroy() is to make sure you reseted the cookie (if any used) by setting it's time one hour back: time() - 3600, like:
setcookie ("YourCookieName", "", time() - 3600);
Related
I am a php newbie and practicing with php sessions. Basically, I have a login form which will be shown to a user ONLY if the session does not exist otherwise the page says "User Already Logged In".
I have set the session life time and cookie time using :
session_set_cookie_params(60);
ini_set('session.gc_maxlifetime', 60);
I want the session to be destroyed after 1 minute so that the user will have to log in again. but in my implementation, the session still exists for a long time and the users are logged in.
in my login.php i have:
1: if visited login.php with POST req, then check login credentials
2:if SESSION['logged_in'] is set then do not show the form, echo "already logged in"
<?php
require_once("helpers.php");
session_start();
if(!empty($_POST)){
loginUser($_POST['user_id'], $_POST['pass']);
}
<?php
if(!isset($_SESSION['logged_in'])){
echo "<br>SESSION IS NOT SET UP";
?>
<HTML>
<HEAD>
<LINK rel="stylesheet" type="text/css" href="style.css">
<SCRIPT src="test.js"></SCRIPT>
</HEAD>
<BODY>
<H1>Please login</H1>
<FORM action="login.php" method="post">
<span class=formlabel>Username:</span>
<INPUT name="user_id" type="text" class="forminput" require><BR>
<span class=formlabel>Password:</span>
<INPUT name="pass" type="password" class="forminput" require><BR>
<INPUT type="submit" value="Login" style="width:80px;margin-left:100px;margin-top:3px;"><BR><BR>
Don't have an account? Click here to register.
</FORM>
</BODY>
</HTML>
<?php
}else{
echo '<strong>user already logged in.<br></strong>';
}
?>
Then in my helper.php I have a function:
1: check user id and password in data base
2: if it exists then set a session.
function loginCheck($user_id, $pass){
//here goes code which checks if user_id & pass exists
//store in $RESULT if exists
if(!empty($result)){
session_set_cookie_params(30, '/');
ini_set('session.gc_maxlifetime', 30);
$_SESSION['username'] = $user_id;
$_SESSION['logged_in'] = true;
}
}
Now when ever i log in as a user then the session starts and the login form dissapears, which is the correct behavior that i want. But the session never ends, i mean even if i refresh the page after 10 minutes the form doesn't show up and says "user already logged in".
also:
1: do the sessions gets destroyed by itself after their maxLifetime?
2: if not do we have to destroy it ?
thank you
The gc_maxlifetime value is the number of seconds after which data will be seen as garbage and potentially cleaned up. You'll want to make sure this value is set high enough so that your sessions aren't destroyed too early, but you can't rely on sessions being destroyed after this amount of time.
If you want sessions destroyed after a specific period of time, then you should store a timestamp, and then use that timestamp and the presence of the session to see if the session is still alive. Something like this:
$_SESSION['last_access'] = time();
Then later on, to check if it's still active:
if ( isset( $_SESSION['last_access'] ) && $_SESSION['last_access'] - 60 > time() ) {
// The session is still alive
} else {
// The session should be destroyed
session_destroy();
unset( $_SESSION );
}
Then, your future checks for the presence of any $_SESSION value will work the way you expect.
I have test.php:
<html>
<?php
if (!isset($_SESSION))
{
echo 'session is not yet set';
session_start();
$_SESSION['comments'] = array();
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
<input type="text" name="comment">
Click the button!
<input type="submit"/>
</form>
<?php
array_push($_SESSION['comments'], $_GET['comment']);
echo 'Current array count: ' . count($_SESSION['comments']) . '<br>';
foreach($_SESSION['comments'] as $comm)
{
echo $comm.'<br>';
}
?>
</html>
What should happen is that any text entered in the textbox should be pushed to the session array, but every time I click on submit, what is printed is the text I just entered instead of appending/storing the previous entries. I only get 1 as the array count all the time.
Every time I hit submit, session is not yet set always shows at the top of the page even when I have the if condition.
I can't seem to find what's wrong?
You need to do this:
<?php
session_start();
if (!isset($_SESSION))
{
?>
Otherwise you have header output from the HTML tag and the session can't start properly.
You should start the session at the top of the page always.
session_start(); //start the session
Then we can check session is exist or not.
if(!isset($_SESSION['user'])){
// your code
}else{
// your code
}
session_start() does not just start a NEW session. If the client already has a session it resumes that session. PHP Manual
If you are using sessions, just have session_start(); at the top of the page and PHP will do the lifting of starting or resuming a session.
I need to display different content for logging users and others. So I make that part as following code.
<?php
if($_SESSION["logged_user"]=="")
{
?>
<div id="test">Display for un-logged users</div>
<?php
}
else
{
?>
<div id="test>Display for Logged Users</div>
<?php
}
?>
I can't destroy all sessions in sign-out page because of I use "$_SESSION["logged_user"]" in every page.
So I make sign-out page like this.
<?php
session_start();
$_SESSION["logged_user"]="";
?>
I just empty the $_SESSION["logged_user"] instead of destroying session.
Is it a bad idea? If it is a bad idea what is the solution for me?
<?php
// remove all session variables
session_unset();
// destroy the session
session_destroy();
?>
I would like to maintain 3 $_Session variables after login. My login modal submits to my index.php page and this seems to be the only place I can access the session variables I set when the user logs in. How do I pass these variables to the next page the user visits? I know I can use hidden inputs in forms but what if the brows the site using the menu? I would like to store a users session variables in a session include file but I have the same issue passing the values of the variables from page to page.
-Mike
File a.php:
<?php
session_start();
$_SESSION['saveme'] = 'from file A';
?>
File b.php:
<?php
session_start();
echo $_SESSION['saveme']; // if you visited a.php previously, you will see "from file A"
?>
Setting a session variable in any file makes it available anywhere else.
You can store you values in session on one page(index in your case as you mentioned) then later on you can get those values on any page if session in started on that page. Session store those value till same session alive.
code to set values in session:
<?php
// Start the session
session_start();
?>
<?php
// Set session variables
$_SESSION["xyz"] = "xyz";
$_SESSION["abc"] = "abc";
echo "Session variables are set.";
?>
Code to get session values:
<?php
// Echo session variables that were set on previous page
echo "value of xyz is " . $_SESSION["xyz"] . ".<br>";
echo "value of abc is " . $_SESSION["abc"] . ".";
?>
The form of your modal
<form action="index.php" method="post">
Username <input type="text" name="username" />
Password <input type="password" name="password" />
</form>
Then you catch it in your index.php
<?php
session_start();
if (isset($_POST['username']) && isset($_POST['password'])) {
// Check if user exists and password matches
$_SESSION['username'] = $_POST['username'];
$_SESSION['logintime'] = time();
$_SESSION['something'] = 'else';
}
In any other page you can use the values like
<?php
session_start();
if (isset($_SESSION['username'])) {
echo 'Welcome ' . $_SESSION['username'];
}
All who have provided answers thank you. This overlooked detail was all on me and though I have been out of the dev game for a while I should have known better.
My hosting service by default makes all file permissions read/write only...to access session variables I changed to read/write/execute and was successful.
Again thanks!
Not sure what to do... I have this on my logout page:
<?php
setcookie ("session_key", "", time() - 3600);
session_start();
$_SESSION = array();
session_unset();
session_destroy();
header('Location:login.php');
?>
but still, when a new user "signs up" after logging out they get the same session id therefore causing some issues with logging in as multiple people then have the same session id.
Ideas?
What is wrong with session_regenerate_id(true); $_SESSION = array(); ?
It seems to do exactly what you want.