I'm trying to figure out how to Log out. I got the example from http://ca3.php.net/manual/en/function.session_destroy: <?php // Initialize the session. // If you are using session_name("something"), don't forget it now! session_start(); // Unset all of the session variables. $_SESSION = array(); // If it's desired to kill the session, also delete the session cookie. // Note: This will destroy the session, and not just the session data! if (ini_get("session.use_cookies")) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"] ); } // Finally, destroy the session. session_destroy(); /* session_start(); include("dbconnection.php"); $past = time() - 100; //this makes the time in the past to destroy the cookie setcookie("ID_my_site", "gone", $past); setcookie("Key_my_site", "gone", $past); setcookie("Admin_my_site", "gone", $past); */ header("Location: ../index.php"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Logout</title> </head> <body> <?php ?> </body> </html> PHP: It's not logging out.
Is this the page you acces when you want to log out? or what is that page for? With the current code you will always kill your current session and therefore log out
This is my login script before the html tags in the twotext/index.php: session_start(); include("dbconnection.php"); //say goodbye to magic_quotes_gpc! no false security. /* $errors = array(); if($_SERVER['REQUEST_METHOD'] == "POST"){ if(empty($_POST['username'])){ $errors[] = "username was empty"; } if(empty($_POST['password'])){ $errors[] = "password was empty"; } if(empty($_POST['email'])){ $errors[] = "e-mail was empty"; } if(count($errors) == 0){*/ //fix magic_quotes_gpc() being on if(get_magic_quotes_gpc()){ foreach($_GET as $k => $v){ $_GET[$k] = stripslashes($v); } foreach($_POST as $k => $v){ $_POST[$k] = stripslashes($v); } foreach($_COOKIE as $k => $v){ $_COOKIE[$k] = stripslashes($v); } } //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])){ //if there is, it logs you in and directs you to the members page $myusername = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $admin = $_COOKIE['Admin_my_site']; $user = $_COOKIE['User_my_site']; $sql = "SELECT * FROM "; if($admin=="yes"){ $sql .= $dbTable2; }else{ $sql .= $dbTable; } $sql .= " WHERE username = '".mysql_real_escape_string($myusername)."'"; $check = mysql_query($sql)or die(mysql_error()); while($info = mysql_fetch_array( $check )){ if($pass == $info['password']){ $writeusername = "Welcome ".$myusername."! <br />Visit your <a href=\"login/member.php\">member's stat</a> <br /><a href=\"login/logout.php\">Logout</a>"; } } } //variable to keep track of whether to show the user the login form or not $showlogin = true; //we show the form by default, -unless- we know they have logged in //if the login form is submitted if (isset($_POST['submit'])){ // if form has been submitted if(!$_POST['username'] || !$_POST['pass']) {// makes sure they filled it in $writeemptyfield = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">You did not fill in a required field.</td></tr>"; }// checks it against the database $_POST['email'] = mysql_real_escape_string($_POST['email']); $db['username'] = mysql_real_escape_string($_POST['username']); $sql = "SELECT * FROM "; if($admin=="yes"){ $sql .= $dbTable2; }else{ $sql .= $dbTable; } $sql .= " WHERE username = '".$db['username']."'"; $check = mysql_query($sql) or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { $writeusernoexist = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">That user does not exist in our database.</td></tr>"; } while($info = mysql_fetch_array( $check )){ $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']){ $writewrongpassword = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">Incorrect password, please try again.</td></tr>"; }else{ // if login is ok then we add a cookie $hour = time() + 3600; setcookie("ID_my_site", $_POST['username'], $hour); setcookie("Key_my_site", $_POST['pass'], $hour); //they are logged in. no need to show the login form $showlogin = false; if($_POST["admin"]=="yes"){ setcookie("Admin_my_site", $_POST['admin'], $hour); }else{ setcookie("User_my_site", $_POST['admin'], $hour); } header("Location: ../index.php"); } } } /* } }*/ $_SESSION['logged_in'] = 1; PHP: The login form is as an include file within the html tags: <?php include("dbconnection.php"); ?> <div style="float: left; width: 100%; margin: 0px 0px 0px 0px; background-color: #7C7C7C; border: 1px solid #A5A498; border-width: 1px 1px 0px 1px;"> <span style="float: left; padding: 2px 10px 0px 12px; color: #FFFFFF; font-family: arial; font-weight:bold; font-size: 13px;">Login</span> </div> <div style="float: left; width: 100%; height: 150px; background-color: #B4B3A9; border: 1px solid #A5A498; margin: 0px 0px 0px 0px; overflow-x: hidden; overflow-y: auto;"> <?php if(isset($_COOKIE['ID_my_site'])){ ?> <span style="float: left; text-align: left; padding: 5px 5px 5px 5px;"> Welcome <span id="myusername"><?php echo $myusername; ?> </span>!<br /> Visit your <a style="text-decoration: none;" href="login/member.php" onmouseover="this.style.textDecoration='underline';" onmouseout="this.style.textDecoration='none';" >member's stat</a><br /> <a style="text-decoration: none;" href="login/logout.php" onmouseover="this.style.textDecoration='underline';" onmouseout="this.style.textDecoration='none';" >Logout</a> </span> <?php }else { ?> <table border="0"> <tr> <td>Administrator:</td><td><input type="checkbox" id="adminid" name="admin" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C;" value="no" onClick="if(this.value=='no'){this.value='yes'; document.getElementById('register').style.display = 'none';} else{this.value='no';document.getElementById('register').style.display = 'block';};" /></td> </tr> <?php echo $writeemptyfield; ?> <?php echo $writeusernoexist; ?> <tr> <td>Username:</td> <td><input type="text" name="username" id="username" style="float: left; border: 1px solid #7C7C7C; font: 9px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" value="User Name" onBlur="if (this.value == '') this.value = 'User Name';" onFocus="if (this.value == 'User Name') this.value = '';" /></td> </tr> <?php echo $writewrongpassword; ?> <tr> <td>Password:</td><td><input type="password" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" name="pass" id="pass" /></td></tr> <tr> <td><a id="register" href="login/register.php" style="float: left; display: block; background-color: #7C7C7C; text-align: left; padding: 0px 0px 0px 5px; width: 80px; height: 20px; text-decoration: none; color: #ffffff; border: 1px solid #7C7C7C; font-weight: bold;" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'">Register</a></td><td align="right"><input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Login" /></td> </tr> </table> <?php } ?> </div> PHP: And the logout is a completely different page but redirects to the twotexts/index.php page. But it's not logging out.
Its because your not using $_SESSION's but $_COOKIE's, remove all code from your logout.php and replace with: logout.php <?php //destroy all $_COOKIE's unset($_COOKIE); ?> PHP:
It's not working. unset($_COOKIE['ID_my_site']); unset($_COOKIE['Key_my_site']); unset($_COOKIE['Admin_my_site']); unset($_COOKIE['User_my_site']); header("Location: ../index.php"); PHP:
I used 3 php files: login.php, logout.php and index.php. I think the checking the $_POST[] should be in the login.php. But then I'm guessing that the index.php page needs to read cookies which the login.php has set right? <?php # index.php session_start(); $logged_in = isset($_SESSION['logged_in']); include("../dbconnection.php"); //say goodbye to magic_quotes_gpc! no false security. $errors = array(); if($_SERVER['REQUEST_METHOD'] == "POST"){ if(empty($_POST['username'])){ $errors[] = "username was empty"; } if(empty($_POST['password'])){ $errors[] = "password was empty"; } if(empty($_POST['email'])){ $errors[] = "e-mail was empty"; } if(count($errors) == 0){ //fix magic_quotes_gpc() being on if(get_magic_quotes_gpc()){ foreach($_GET as $k => $v){ $_GET[$k] = stripslashes($v); } foreach($_POST as $k => $v){ $_POST[$k] = stripslashes($v); } foreach($_COOKIE as $k => $v){ $_COOKIE[$k] = stripslashes($v); } } //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])){ //if there is, it logs you in and directs you to the members page $myusername = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $admin = $_COOKIE['Admin_my_site']; $user = $_COOKIE['User_my_site']; $sql = "SELECT * FROM "; if($admin=="yes"){ $sql .= $dbTable2; }else{ $sql .= $dbTable; } $sql .= " WHERE username = '".mysql_real_escape_string($myusername)."'"; $check = mysql_query($sql)or die(mysql_error()); while($info = mysql_fetch_array( $check )){ if($pass == $info['password']){ $writeusername = "Welcome ".$myusername."! <br />Visit your <a href=\"member.php\">member's stat</a> <br /><a href=\"login/logout.php\">Logout</a>"; } } } //variable to keep track of whether to show the user the login form or not $showlogin = true; //we show the form by default, -unless- we know they have logged in //if the login form is submitted if (isset($_POST['submit'])){ // if form has been submitted if(!$_POST['username'] || !$_POST['pass']) {// makes sure they filled it in $writeemptyfield = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">You did not fill in a required field.</td></tr>"; }// checks it against the database $_POST['email'] = mysql_real_escape_string($_POST['email']); $db['username'] = mysql_real_escape_string($_POST['username']); $sql = "SELECT * FROM "; if($admin=="yes"){ $sql .= $dbTable2; }else{ $sql .= $dbTable; } $sql .= " WHERE username = '".$db['username']."'"; $check = mysql_query($sql) or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { $writeusernoexist = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">That user does not exist in our database.</td></tr>"; } while($info = mysql_fetch_array( $check )){ $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']){ $writewrongpassword = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">Incorrect password, please try again.</td></tr>"; }else{ // if login is ok then we add a cookie $hour = time() + 3600; setcookie("ID_my_site", $_POST['username'], $hour); setcookie("Key_my_site", $_POST['pass'], $hour); //they are logged in. no need to show the login form $showlogin = false; if($_POST["admin"]=="yes"){ setcookie("Admin_my_site", $_POST['admin'], $hour); }else{ setcookie("User_my_site", $_POST['admin'], $hour); } header("Location: login.php"); } } } } } //$_SESSION['logged_in'] = 1; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login</title> </head> <body> <?php if ($logged_in): ?> <form action="<?php echo "logout.php";//$_SERVER['PHP_SELF'];?>" method="POST"> <span style="float: left; text-align: left; padding: 5px 5px 5px 5px;"> Welcome <span id="myusername"><?php echo $myusername; ?> </span>!<br /> Visit your <a style="text-decoration: none;" href="member.php" onmouseover="this.style.textDecoration='underline';" onmouseout="this.style.textDecoration='none';" >member's stat</a><br /> <input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Logout" /> </span> </form> <?php else: ?> <form action="<?php echo "login.php";//$_SERVER['PHP_SELF'];?>" method="POST"> <table border="0"> <tr> <td>Administrator:</td><td><input type="checkbox" id="adminid" name="admin" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C;" value="no" onClick="if(this.value=='no'){this.value='yes'; document.getElementById('register').style.display = 'none';} else{this.value='no';document.getElementById('register').style.display = 'block';};" /></td> </tr> <?php echo $writeemptyfield; ?> <?php echo $writeusernoexist; ?> <tr> <td>Username:</td> <td><input type="text" name="username" id="username" style="float: left; border: 1px solid #7C7C7C; font: 9px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" value="User Name" onBlur="if (this.value == '') this.value = 'User Name';" onFocus="if (this.value == 'User Name') this.value = '';" /></td> </tr> <?php echo $writewrongpassword; ?> <tr> <td>Password:</td><td><input type="password" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" name="pass" id="pass" /></td></tr> <tr> <td><a id="register" href="login/register.php" style="float: left; display: block; background-color: #7C7C7C; text-align: left; padding: 0px 0px 0px 5px; width: 80px; height: 20px; text-decoration: none; color: #ffffff; border: 1px solid #7C7C7C; font-weight: bold;" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'">Register</a></td><td align="right"><input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Login" /></td> </tr> </table> </form> <?php endif; ?> </body> </html> PHP: <?php # login.php if ($_SERVER['REQUEST_METHOD'] == 'POST'){ session_start(); $_SESSION['logged_in'] = true; header('HTTP/1.1 303 See Other'); } header('Location: index.php'); ?> PHP: <?php # logout.php if ($_SERVER['REQUEST_METHOD'] == 'POST'){ session_start(); session_destroy(); header('HTTP/1.1 303 See Other'); } header('Location: index.php'); ?> PHP:
<?php # logout.php if ($_SERVER['REQUEST_METHOD'] == 'POST'){ session_start(); session_destroy(); setcookie("ID_my_site", '', time()-3600); setcookie("Key_my_site", '', time()-3600); setcookie("Admin_my_site", '', time()-3600); setcookie("User_my_site", '', time()-3600); } header('Location: index.php'); ?> PHP: Maybe that will work for your logout.php script.
Ok but how am I supposed to split up index.php into login.php? It's not logging in properly. I login with a false username and it logs in.
Just keep your original script and link to the new logout.php script for users to logout. I don't see any portion of your original script that logs the user out.
Hello, I simply use unset function of PHP like unset($_SESSION['session_variable']); PHP: and session_destroy(); PHP: it works fine for me
This is your original: <?php # index.php session_start(); $logged_in = isset($_SESSION['logged_in']); include("../dbconnection.php"); //say goodbye to magic_quotes_gpc! no false security. $errors = array(); if($_SERVER['REQUEST_METHOD'] == "POST"){ if(empty($_POST['username'])){ $errors[] = "username was empty"; } if(empty($_POST['password'])){ $errors[] = "password was empty"; } if(empty($_POST['email'])){ $errors[] = "e-mail was empty"; } if(count($errors) == 0){ //fix magic_quotes_gpc() being on if(get_magic_quotes_gpc()){ foreach($_GET as $k => $v){ $_GET[$k] = stripslashes($v); } foreach($_POST as $k => $v){ $_POST[$k] = stripslashes($v); } foreach($_COOKIE as $k => $v){ $_COOKIE[$k] = stripslashes($v); } } //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])){ //if there is, it logs you in and directs you to the members page $myusername = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $admin = $_COOKIE['Admin_my_site']; $user = $_COOKIE['User_my_site']; $sql = "SELECT * FROM "; if($admin=="yes"){ $sql .= $dbTable2; }else{ $sql .= $dbTable; } $sql .= " WHERE username = '".mysql_real_escape_string($myusername)."'"; $check = mysql_query($sql)or die(mysql_error()); while($info = mysql_fetch_array( $check )){ if($pass == $info['password']){ $writeusername = "Welcome ".$myusername."! <br />Visit your <a href=\"member.php\">member's stat</a> <br /><a href=\"login/logout.php\">Logout</a>"; } } } //variable to keep track of whether to show the user the login form or not $showlogin = true; //we show the form by default, -unless- we know they have logged in //if the login form is submitted if (isset($_POST['submit'])){ // if form has been submitted if(!$_POST['username'] || !$_POST['pass']) {// makes sure they filled it in $writeemptyfield = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">You did not fill in a required field.</td></tr>"; }// checks it against the database $_POST['email'] = mysql_real_escape_string($_POST['email']); $db['username'] = mysql_real_escape_string($_POST['username']); $sql = "SELECT * FROM "; if($admin=="yes"){ $sql .= $dbTable2; }else{ $sql .= $dbTable; } $sql .= " WHERE username = '".$db['username']."'"; $check = mysql_query($sql) or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { $writeusernoexist = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">That user does not exist in our database.</td></tr>"; } while($info = mysql_fetch_array( $check )){ $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']){ $writewrongpassword = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">Incorrect password, please try again.</td></tr>"; }else{ // if login is ok then we add a cookie $hour = time() + 3600; setcookie("ID_my_site", $_POST['username'], $hour); setcookie("Key_my_site", $_POST['pass'], $hour); //they are logged in. no need to show the login form $showlogin = false; if($_POST["admin"]=="yes"){ setcookie("Admin_my_site", $_POST['admin'], $hour); }else{ setcookie("User_my_site", $_POST['admin'], $hour); } header("Location: login.php"); } } } } } //$_SESSION['logged_in'] = 1; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login</title> </head> <body> <?php if ($logged_in): ?> <form action="<?php echo "logout.php";//$_SERVER['PHP_SELF'];?>" method="POST"> <span style="float: left; text-align: left; padding: 5px 5px 5px 5px;"> Welcome <span id="myusername"><?php echo $myusername; ?> </span>!<br /> Visit your <a style="text-decoration: none;" href="member.php" onmouseover="this.style.textDecoration='underline';" onmouseout="this.style.textDecoration='none';" >member's stat</a><br /> <input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Logout" /> </span> </form> <?php else: ?> <form action="<?php echo "login.php";//$_SERVER['PHP_SELF'];?>" method="POST"> <table border="0"> <tr> <td>Administrator:</td><td><input type="checkbox" id="adminid" name="admin" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C;" value="no" onClick="if(this.value=='no'){this.value='yes'; document.getElementById('register').style.display = 'none';} else{this.value='no';document.getElementById('register').style.display = 'block';};" /></td> </tr> <?php echo $writeemptyfield; ?> <?php echo $writeusernoexist; ?> <tr> <td>Username:</td> <td><input type="text" name="username" id="username" style="float: left; border: 1px solid #7C7C7C; font: 9px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" value="User Name" onBlur="if (this.value == '') this.value = 'User Name';" onFocus="if (this.value == 'User Name') this.value = '';" /></td> </tr> <?php echo $writewrongpassword; ?> <tr> <td>Password:</td><td><input type="password" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" name="pass" id="pass" /></td></tr> <tr> <td><a id="register" href="login/register.php" style="float: left; display: block; background-color: #7C7C7C; text-align: left; padding: 0px 0px 0px 5px; width: 80px; height: 20px; text-decoration: none; color: #ffffff; border: 1px solid #7C7C7C; font-weight: bold;" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'">Register</a></td><td align="right"><input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Login" /></td> </tr> </table> </form> <?php endif; ?> </body> </html> PHP:
How do you separate it into a login.php that would redirect to the index.php? It's been weeks I'm looking for answer on this and haven't gotten any.