This is the way i set cookies for authentication purpose, but i need a logout function to destroy those cookies...and send back to index page, please help me out??
<?php
require_once('Template.php');
require_once('common/common.php');
$mes="";
if($value['m']==1)
{
$mes="Invalid Username / Password.";
setcookie("USERNAME", "", time()-3600);
}
$template =& new Template('html/login.html');
$template->AddParam('mes',$mes);
$template->EchoOutput();
?>
actually i forgot to post the login authentication code...
<?php
require_once('class/User.php');
require_once('common/common.php');
$user= new User();
$user->getUser($value['username'],$value['password']);
if($user->ID != null){
setcookie("USERNAME", $user->USERNAME);
header("Location:adminhome.php");
}
else
{
header("Location:index.php?m=1");
}
?>
logout.php:
setcookie("USERNAME" , '' , time()-50000, '/');
header("Location: index.php");
exit;
add a link to logout.php. logout.php should contain the code above.
setcookie("USERNAME" , '' , time()-50000, '/');
this destroys the cookie.
header("Location: index.php");
exit;
this redirects the user to index.php
I've removed the if statement cause i've realised it's not useful here
You are currently unsetting the cookie in your example. Also, setting a cookie with no value is the same as deleting it. Then simply redirect to your landing page after logout.
setcookie( 'cookie_name'); // deletes the cookie named cookie_name
Header("Location: url.com");
You might want to add an exit(); statement after the call to Header().
Related
i'm implementing session, cookie simple from with a remember me check box . i want to use the cookie so the user could see index.php(protected content) i closed the browser to end the session to check if the cookie working and i got the famous error ..redirected you too many . i searched a bit but still stuck so what should i do? and Is what is the best practice to for doing it?
authentication.php
if(mysqli_num_rows($rows) > 0){
$chck_pass = password_verify($clean_password,$user_arr["password"]);
if($chck_pass){
//log in the user
$_SESSION["id"] =$user_arr["id"];
$_SESSION["fristname"] = $user_arr["fristname"];
$_SESSION["email"] = $user_arr["email"];
$_SESSION["verified"]=$user_arr["verified"];
$_SESSION["message"]="Please verify Your Email to Complete Registration";
//make login-id cookie
if(isset($_POST["remmberme"])){
$user=$user_arr['id'];
setcookie("I_user",$user, time() + 1800);
}
header("location:index.php");
exit();
}else{
$errors["login_error"]="Wrong Password";}
}else{
$errors["login_error"]="Wrong Email";
index.php
<?php
include("Authentication.php");
if(!isset($_SESSION["id"]) || !isset($_COOKIE['I_user']) ){
header("location:login.php");
}
?>
login.php
<?php
require_once("config/db_connect.php");
require("Authentication.php");
if(isset($_COOKIE['I_user'])|| isset( $_SESSION['id'])){
header("location:index.php");}
So you login, close your browser. Then open it up again.
You go to index.php and the following line runs
if(!isset($_SESSION["id"]) || !isset($_COOKIE['I_user']) ){
$_SESSION["id"] isn't set, so you redirect to login.php.
On login.php
if(isset($_COOKIE['I_user'])|| isset( $_SESSION['id'])){
$_COOKIE['I_user'] is set, so you redirect to index.php
Repeat forever.
I know this question has many duplicates, but I tried several of them and none of those have been answered.
Here is my code for logout.php:
<?php
session_start();
require './codefiles/dbhelper.php';
$dbh = new DbHelper();
$dbh->Execute('UPDATE surveyors SET LoggedIn=\'0\', SessionID=\'\' WHERE Username=\''.$_SESSION['username'].'\'');
session_unset();
session_abort();
session_destroy();
$_SESSION = array();
unset($_SESSION['username']);
unset($dbh);
header('location:index.php');
?>
But the session variables are just too "stubborn" to be removed. Neither session values are being cleared not the session variables are being removed. Object $dbh is being unset but not $_SESSION['username'];
Another unrelated problem, despite I am setting the LoggedIn = 0, in my SQL query, it just stays as 1 in database. LoggedIn field is of type 'bit'. SessionID field is set to blank though.
Any solutions please?
EDIT:
Removed echo $dbh->error as it was unnecessary.
EDIT 2:
Added session_destroy() as suggested by Hossam Magdy.
<?php
include 'codefiles/dbhelper.php';
if(!isset($_SESSION['id']))
{
header ("Location: login_form.php");
}
else
{
session_destroy();
die('You have been logged out.<meta http-equiv="refresh" content="0;url=login_form.php">');
}
?>
This is basically the "Logout" structure.
I don't know why, but the code for destroying the sessions was somehow not working in logout.php. It worked in index.php and other files, but will all sorts of unpredictable behavior.
Found a workaround to circumvent the problem. The logout.php has code as below:
<?php
session_start();
$_SESSION['logout'] = TRUE;
header('location:index.php');
?>
And add this code to index.php:
# Implement logout functionality
<?php
session_start();
if(isset($_SESSION['logout']) && $_SESSION['logout'] == TRUE){
foreach($_SESSION as $var => $value){
unset($_SESSION[$var]);
}
session_destroy();
session_unset();
}
?>
It may not be a standardized solution, but the code works for me every time, with no unpredictable behavior.
Thanks everyone for sharing their ideas.
Try this
<?php
session_start();
require './codefiles/dbhelper.php';
$dbh = new DbHelper();
$dbh->Execute('UPDATE surveyors SET LoggedIn=\'0\', SessionID=\'\' WHERE Username=\''.$_SESSION['username'].'\'');
echo session_status() . '<br />';
session_unset();
session_destroy();
echo session_status();
// header('location:index.php');
Let's see what session_status() says.
But on my projects unset && destroy work.
How it should work:
Index.php is the secured page. It includes check.php, which checks if you have a session = good. If it hasn't, you're not logged in -> log off, remove session. But it doesn't work, it always logs off, like I didn't log in...
index.php
include ‘check.php’;
echo "logged in";
check.php
session_start();
if($_SESSION[‘login’] != ‘good’) {
unset($_SESSION[‘login’]);
unset($_SESSION[‘name’]);
header(‘Location: login.php?logoff’);
exit();
}
Login.php
if(isset($_POST[‘login’])) {
$gb = array();
$gb[‘user1’] = ‘pass1’;
$gb[‘user2’] = ‘pass2’;
if(isset($gb[$_POST[‘username’]]) && $gb[$_POST[‘username’]] == $_POST[‘password’])
{
$_SESSION[‘login’] = ‘good’;
$_SESSION[‘name’] = $_POST[‘name’];
header("Location: index.php");
} else {
header("Location: login.php?wrongpass");
}
} else { ?>
Login Form
<?php } ?>
I hope someone can help me!
You should verify you started the session in login.php.
Put session_start(); in all the pages
You need to have session_start() at the top of all the pages, you havent shown the session start for your login page.
(Thanks to Danny for proving I cant type)
Check that you have register_globals is On in your php.ini
First check on the pages you want to use session variables session is start or not and if session is not stat then start it.
and this is the very first line in the php file.
Code for the session checking is :
if(!session_id())
{
session_start();
}
if($count==1){
session_start();
$_SESSION['Username'] = $UserName;
$_SESSION['Password'] = $password;
UpdateOnlineChecker($Session);
header( "Location: http://". strip_tags( $_SERVER ['HTTP_HOST'] ) ."/newHolo/" );
exit;
}
else {
echo "Wrong Username or Password";
}
Look at my code. It checks if the statement is true (for me, if there is one row with a query statement i execute). Then i start a session and basically Ill define global session variables, sned out a query to my database to update the session and then refer through.
you are missing a session_start(); in your if true block.
Use one for action document such as index.php there is code:
session_start();
if(isset($_POST['login']) && isset($_POST['password'])){
// login
header('Location: (here is some page)');
}
if(!isset($_SESSION['user']){
// #todo some action
} else {
require_once('login.php');
}
if(isset($_GET['logout'])){
unset($_SESSION['user']);
header('Location: (here is some page)');
}
I think problem is header:
('location:------.php);
Your hosting server doesn't run this.
You can use this:
echo "<script>window.location.href='-----.php'</script>";
I do the following to set my session, this works because the echo appears. but when I go to the next page or another the session is not there? what am I doing wrong?
$session_start();
if ($username==$dbusername&&$password==$dbpassword)
{
echo"<b>Login Successful</b><br><a href='systemadmin.html'><br>Click here to access the <strong>System Admin Page</strong></a>";
$_session['username']=$dbusername;
if($username == "admin")
{
$_session['admin'] = true;
}
I am trying to get the following to work with these sessions:
<?php
session_start();
if($_session['admin'] == true)
{
// do nothing
}else{
header( 'Location: home.html' ) ;
}
?>
Update:
the uppercase sessions work but now the sessions arent destroying when i use the logout.php
<?php
session_start();
session_destroy();
header("location: home.html");
?>
$_session should be => $_SESSION.
http://php.net/manual/en/reserved.variables.session.php
The first works because you are setting a 'normal' variable (which is available for the request).
UPDATE
To destroy the session:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
http://php.net/manual/en/function.session-destroy.php#example-4368
Additionaly you should always use exit(); after you do a redirect to prevent further execution of the script.
PHP Server/Session/Global variables are case sensitive. To PHP, $_SESSION is NOT the same variable as $_session, even though to you in English, they seem to be. You must use $_SESSION, not $_session in order to access the PHP Session variables as you are expecting.
You have to use exit(); after the header(); because the script doesn't always end right after the user redirects to a new page.
The name of the superglobal is $_SESSION in uppercase letters. Try changing that and see if it helps.
In case somebody knows, how can I make a hyperlink in PHP...
<?php
echo( 'Log-out' );
?>
that would not only to navigate to the first page, but also remove cookies?
Thanks!
You can make another page which clears all the cookies (i.e. sets them to expire in the past) and then redirects to index.php:
// page: clear.php
<?php
session_start();
$_SESSION = array();
session_destroy();
setcookie('cookie1', '', strtotime('-2 days'));
setcookie('cookie2', '', strtotime('-2 days'));
// etc.
header('Location: index.php');
exit();
I usually use the method prescribed by the manual:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
The only thing that remains is header('Location: index.php');
Submit a parameter in your link like index.php?logout=true, check for that parameter in your index.php and if set, delete cookies:
http://php.net/manual/de/function.setcookie.php
If you set the "lifetime" (expire) of a cookie to something in the past (or leave it out completely), it will be removed on the next pageload (do a Google search for "php delete cookie" to find help). Force a page reload, if needed.
You may also want to destroy the user's session.
Here's your HTML link
Log-out
And your PHP to handle to logging out
if(isset($_GET['logout'])) {
// clear the session variable, display logged out message
}
Use link like that:
<?php
echo( 'Log-out' );
?>
And index.php is:
<?php
$link = $_GET["link"];
if($link == "logout")
{
session_destroy();
}
?>
In the navigation menu:
Log out
In logout.php:
<?php
// kill the session
header('Location: index.php');
exit();
For killing the session, see the example at session_destroy() in the PHP manual.
Logout Link:
Log Out
logout.php
<?php
session_start();
session_destroy();
?>