i created a login page in php and used session in it... after checking the condition i am setting the session as
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
and in the login_succes.php i have the code as
<?
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>
<html>
<body>
<h2><?php session_start(); echo $_SESSION['myusername']; ?>
Welcome to hell</a>
</body>
</html>
and in logout.php the code is
<?
session_start();
session_destroy();
?>
the issue i am facing is on login 2nd time i am getting 1st user name itself in the output.
To destroy a session with one of the following:
$_SESSION = array();
unset($_SESSION);
Instead of session_is_registered, use standard $_SESSION super global. Like:
if(isset($_SESSION['myusername']))...
To register a session variable use:
$_SESSION['myusername'] = $myusername;
Also, PHP version, environment, could help us to find out.
Related
I cannot properly unset the session id of my page unless I close the browser and reopen it. I tried to set the $_SESSION = null; and to forcefully set the cookie to a negative value setcookie('cookiename', '', time()-3600); but no results yet.
<body>
<?php
session_start();
// Unset all of the session variables.
$_SESSION = null;
setcookie('cookiename', '', time()-3600);
session_destroy();
print "SESSION has been destroyed - all session data deleted";
?>
back to home page
</body>
replace lab5destroy.php with below code
<body>
<?php
ini_set('session.use_strict_mode', 1);
session_start();
// Unset all of the session variables.
session_regenerate_id();
session_destroy();
print "SESSION has been destroyed - all session data deleted";
?>
<hr>
back to home page
</hr>
</body>
session_start();
session_unset();
session_destroy();
The fix was session_name() instead of 'cookiename'
I'm trying to create a user login system for use on a website I'm building. I have the login script and register script, but I'm having trouble with the logout and destroying the sessions.
Here's my index code. It gets the database info in config (doesn't do anything with it yet), then runs check-login to make sure the user is actually logged in. It has a logout button that routes to logout.php
<?php
include_once("config.php");
include_once("check-login.php");
session_start();
$username = $_SESSION["username"];
?>
<html>
<body>
<h1>
Hello <? echo $username ?>! We're still building, but feel free to... wait?
</h1>
<form action="logout.php">
<input class="logoutbutton" type="submit" value="Logout" />
</form>
</body>
</html>
Here is my check-login.php file. Notice that anytime I link back to the index, I'm using a $_GET to post some information into the address bar. There is no place where I simply go back to index.php
<?php
ob_start();
include_once("../myreadingplanner_config/config.php");
if(($_SESSION['username']) != null){ //If user is already logged in...
$username=$_SESSION['username'];
header("Location: index.php?Message=AlreadyLoggedIn$username");
}
else {
if(isset($_POST['username']) && strlen($_POST['username'])!=0){ //if username is valid
$username = $_POST['username'];
} else {
header('Location: login.php');
}
if(isset($_POST['password']) && strlen($_POST['password'])!=0){
$password = $_POST['password'];
} else {
header('Location: login.php');
}
$SQLString = "SELECT TOP(1) * FROM Users WHERE Username = '$username' AND Password = '$password'";
$result = sqlsrv_query($conn, $SQLString) or die ("");
if($result != null)
{
$_SESSION['username'] = $username;
header("Location: index.php?Message=YouLoggedIn$username");
} else {
header("Location: index.php?Message=UserLoginNotFound&Username=$username");
}
}
ob_flush();
?>
And finally here is my logout.php, which should (in theory) destroy the session, and head back to index.php. When it gets back to index.php, index.php will reroute to login.php using the include_once("check-login.php");
<?php
session_start();
session_destroy();
header('Location: index.php');
?>
Just looking at my logic, there SHOULD be an infinite loop in the check-login, right? Because if the user is logged in, it should reroute to index, which includes check-login, which reroutes to index, which... etc.
If you want to check out the site for yourself, please go to www.myreadingplanner.com, and use this info to login (user will be deleted eventually)
Username: StackUser
Password: password1
So functionality wise, login.php should NEVER be visible unless you have a valid session, and when it does, it should say 'Welcome $username!'. But if you hit the logout button on index, it will still keep the session open, but it will be null.
Any advice on either why logout doesn't seem to fully logout the user OR why it is logging the user out but is keeping the NULL $_SESSION around?
To remove sessions use
unset($_SESSION['SESSION_VAR'] );
session_destroy(); //closes the session and prevents session riding
For more information I'd research session riding as you should close your session as soon as you can to prevent this.
Also do not unset the entire session global array.
//don't do this
unset($_SESSION);
First, have a look at index.php file. in that file, change the code below:
include_once("config.php");
include_once("check-login.php");
session_start(); // move the session_start function and place at the top of the script
$username = $_SESSION["username"];
change it, so that it becomes like this:
session_start();
include_once("config.php");
include_once("check-login.php");
$username = $_SESSION["username"];
This problem occurs because at the file check-login.php you do not declare the function session_start();
I have tested this problem. And it works!
I've got a login script that puts user details into session variables. Today I moved the website to a new host, and now my coding doesn't work. This is the best I can do, and it still doesn't work
main_login.php:
(script above here gets all the $info from the database. So far it is working)
if($count==1){
session_start();
$_SESSION['username'] = $info['username'];
$_SESSION['given'] = $info['given_name'];
$_SESSION['family'] = $info['family_name'];
$_SESSION['profile'] = $info['profile'];
$_SESSION['adultchild'] = $info['adultchild'];
$_SESSION['id'] = $info['id'];
header("location:welcome.php");
}
welcome.php:
// Check if session is not registered , redirect back to main page.
// Put this code in first line of web page.
session_start();
if(!isset($_SESSION['username'])){
header("location:main_login.php");
}
The trouble is when I print any of the session variables nothing happens. I've even tried doing a var_dump($_SESSION) but it comes up as an empty array. Frankly I've spent all day on this and am stuck.
session_start();
if(!isset($_SESSION['username']));
header("location:main_login.php");
}
change to:
session_start();
if(!isset($_SESSION['username'])){
// ^ typing mistake
header("location:main_login.php");
}
I'm using the following code. Session is working on the same page; on the next page it is not showing the session variable value. Please let me know what I'm doing wrong?
<?php
session_start();
$_SESSION['emailaddress']=$emailAddress;
header("Location: $success "); /* Redirect browser */
exit;
?>
use session_start() in the page that you are redirecting to, as well ($success), before accessing the session values there
So that the "success.php" page looks something like:
<?
session_start();
print_r($_SESSION);
?>
<?php
if(some_condition is true)
{
session_regenerate_id();
session_start();
$_SESSION['emailaddress']=$emailAddress;
header("location: member-index.php");
exit();
}
on secure page:
<?php
//Start session
session_start();
//Check whether the session variable is present or not
if(!$_SESSION['emailAddress'])
{
header("location: access-denied.php");
exit();
}
?>
<p>This is secured page with session: <b><?php echo $_SESSION['emailAddress']; ?></b>
I like to know how to use a condition on php sessions
in this code if the user is not loged in page will redirect to login.php.
<?
session_start();
if(!session_is_registered(username)){
header("location: login.php");
}
?>
what i want is to redirect user to another php if the user is loged in. if not stay on the same page. like if user is not loged in keep the user in index page and if user is loged in redirect the user to user.php
for the login script im using a code fount in this site :http://www.phpeasystep.com/phptu/6.html
thanks in advance.
Set a variable in $_SESSION when you have logged in.
i.e. in login.php:
if ( $passWordCorrect ) {
session_start();
$_SESSION['loggedIn'] = true;
}
in index.php:
session_start();
if ( !empty( $_SESSION['loggedIn'] ) ) {
// User logged in; do magic.
} else {
header('Location: user.php');
}
<?
session_start();
if(!$_SESSION['username]){
header("location: login.php");
}
?>
And in login page you asign the variable like this:
<?php
session_start();
$_SESSION['username']='JohnDoe';
?>
The code is on the same page as the tutorial you linked to:
<?php
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>
But really you should be using the $_SESSION variable. On the login page:
<?php
session_start()
$_SESSION['username'] = $username;
?>
And then on the other pages:
<?php
session_start()
if (!isset($_SESSION['username'])) {
header('location: login.php')
}
?>
UPDATE
It is better to not use short tags (i.e. <?php instead of ?>)