Gainax Posted April 10, 2008 Share Posted April 10, 2008 Hi I'm writing a script and when a user logs out and a new user signs up, the new user sees the details of the previous user. The code is as follows: Code in the contollers <?php //$this_file_name = 'authentication.php'; //start_trace($file_name); //check config exists. If we come in from a cron job, the config file will be 2 dirs nack // and already included if(file_exists("../config.php")) { include_once("../config.php"); } require_once(ROOT_DIRECTORY . 'models/authentications.php'); class Authentication_Controller extends Authentications_Model { function Authentication_Controller() { $fct_name = 'Authentication'; function_start($fct_name); global $authentication; $this->session_id = session_id(); $session_row = $this->get_session(); if($session_row) { debug("there is a session, lets get the user information and put it into a global array"); require_once(ROOT_DIRECTORY . 'models/users.php'); $user_object = new Users_Model; $user_object->id = $session_row['user_id']; $user_details = $user_object->get_details(); debug("got user details:"); debug_row($user_details); $authentication = array(); foreach($user_details as $one_user_details_col=>$one_user_value) { $authentication[$one_user_details_col] = $one_user_value; } debug("we now have the user row in the global array. Now update the session row so that it has the new expiry time"); $this->update_session_time(); } else { $authentication = false; } function_end($fct_name); } function Perform_Login($user_name = '', $password = '') { $fct_name = 'Perform_Login'; function_start($fct_name); $attempt = $this->insert_login($user_name, $password); if($attempt) { debug("login was successfull. Run the Authentication function to populate global"); } else { debug("the login failed. Throw an exception"); throw new exception('FAILED AUTHENTICATION'); } function_end($fct_name); } function Log_User_Out() { $fct_name = 'Log_User_Out'; function_start($fct_name); $this->expire_login(); function_end($fct_name); return true; } } ?> Code in the models <?php class Authentications_Model { function Authentications_Model() { $this->session_id = session_id(); } function get_session() { $fct_name = 'get_session'; function_start($fct_name); $time = time(); global $db; $ins_session_id = $db->quote_null_or_var($this->session_id); $ins_expiry_time= $db->quote_null_or_var($time); $sql = " SELECT * FROM sessions ". " WHERE session_id = $ins_session_id ". " AND expires > $ins_expiry_time "; $result = $db->db_query($sql); $rows = $db->db_num_rows($result); $rows?$row=$db->db_fetch($result):$row=false; if(!$row) { debug("there is no session for this user. They are not logged in, returning false"); } else { debug("The user is logged in. The row is:"); debug_row($row); } function_end($fct_name); return $row; } function update_session_time() { $fct_name = 'update_session_time'; function_start($fct_name); $expiry_time = time() + MAX_LOGIN_TIME; global $db; $res = $db->update_row( 'sessions', array('expires'=> $expiry_time), array('session_id' => $this->session_id) ); function_end($fct_name); return $res; } function insert_login($user_name, $password) { $fct_name = 'insert_login'; function_start($fct_name); global $db; $encrypted_password = encrypt_password($password); $ins_user_name = $db->quote_null_or_var($user_name); $ins_encrypted_password = $db->quote_null_or_var($encrypted_password); $sql = " SELECT * FROM users " . " WHERE UPPER(user_name) = UPPER($ins_user_name) ". " AND password = $ins_encrypted_password ". " AND coach = '1' "; $res = $db->db_query($sql); $user_row = $db->db_fetch($res); if($user_row) { global $authentication; $authentication = $user_row; debug("correct username and password so now insert a session"); $expires = time() + MAX_LOGIN_TIME; $insert = $db->insert_row( 'sessions', array('session_id' => $this->session_id, 'user_id' => $user_row['id'], 'expires' => $expires, 'ip_address' => $_SERVER["REMOTE_ADDR"] ) ); function_end($fct_name); return true; } else { function_end($fct_name); return false; } } function expire_login() { $fct_name = 'expire_login'; function_start($fct_name); global $db; global $authentication; session_destroy(); setcookie ("PHPSESSID", "", time()-60000); $expires = time() - 60; debug("set the logout time to be an hour ago [$expires]"); $insert = $db->delete( 'sessions', array('user_id' => $authentication['id']) ); $authentication = false; function_end($fct_name); } } ?> All help appreciated Link to comment https://forums.phpfreaks.com/topic/100460-destroying-session-help/ Share on other sites More sharing options...
thesaleboat Posted July 30, 2008 Share Posted July 30, 2008 Don't know if you still need this but heres a logout code that will destroy all session variables. <?php require_once("functions.php"); ?> <?php // Four steps to closing a session // (i.e. logging out) // 1. Find the session session_start(); // 2. Unset all the session variables $_SESSION = array(); // 3. Destroy the session cookie if(isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); } // 4. Destroy the session session_destroy(); redirect_to("index.php?logout=1"); ?> Link to comment https://forums.phpfreaks.com/topic/100460-destroying-session-help/#findComment-603874 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.