Jump to content

Recommended Posts

i am having another problem now, i am using this code

if (isset($_GET['logout']))
{
session_unset();
session_destroy();
setcookie("cookname", $_SESSION['username'], time() - 3600, "/");
setcookie("cookpass", $_SESSION['user_password'], time() - 3600, "/");
}

 

with this

<a href="<?php print $_SERVER["PHP_SELF"]; ?>?logout=true">Logout</a><br />

 

but now when i have been logged out, the page displays a login form but it doesn't work.

i get this address when i log out

http://deanwhitehouse.awardspace.co.uk/test/main_forum.php?logout=true

 

but if i delete the logout=true bit , i can login ,but not if its theres

This problem might be unrelated but you're using the session variables after you've destroyed them.

 

if (isset($_GET['logout']))
{
setcookie("cookname", $_SESSION['username'], time() - 3600, "/");
setcookie("cookpass", $_SESSION['user_password'], time() - 3600, "/");
session_destroy();
}

well this is my whole code,

<?php
if (isset($_GET['logout']))
{
setcookie("cookname", $_SESSION['username'], time() - 3600, "/");
setcookie("cookpass", $_SESSION['user_password'], time() - 3600, "/");
session_unset();
session_destroy();
}

if ($_SESSION['is_valid'] == true){
if ($_SESSION['user_level'] == 2){
?>
<table class='logged_in'><tr><td>
<p>Welcome, <br><?php echo $_SESSION['username']; ?>
<br><a href='user_profile.php?id=<?php echo $_SESSION['user_id']; ?>'>User Profile</a><br>
<a href='user_setting.php'>Settings</a><br>
<a href="<?php print $_SERVER["PHP_SELF"]; ?>?logout=true">Logout</a><br />
</td></tr><tr><td>Logged In</td></tr></table></p>
<?php 
}
if ($_SESSION['user_level'] == 1){
?>
<table class='logged_in'><tr><td>
<p>Welcome, <?php echo $_SESSION['username']; ?>
<br><a href='user_profile.php?id=<?php echo $_SESSION['user_id']; ?>'>User Profile</a><br>
<a href='user_setting.php'>Settings</a><br>
<a href='admin_centre.php'>Admin Area</a><br>
<a href="<?php print $_SERVER["PHP_SELF"]; ?>?logout=true">Logout</a><br />
</td></tr><tr><td>Logged In</td></tr></table></p>
<?php
}
}
else
{
require_once 'db_connect.php';

if ($_SESSION['is_valid'] == false){
if (isset($_POST['login'])){

$user_name = $_POST["user_name"];        
$user_password = $_POST["user_password"]; 
$cookiename = forumcookie;   
$verify_username = strlen($user_name);
$verify_pass = strlen($user_password);
if ($verify_pass > 0 && $verify_username > 0)
{
$salt = substr($user_password, 0, 2);
$userPswd = crypt($user_password, $salt);
$sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' LIMIT 1;";
$result = mysql_query($sql);
if (mysql_num_rows($result) == 1){
	$row = mysql_fetch_assoc($result);
	$user_level = $row['userlevel'];
	if ($user_level == 1) {
		$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = 	'$_GET[p]'"));

		$userright = array($login_check['user_name'], $login_check['userlevel']);
		$s_userpass = serialize($userpass);
	$_SESSION['username'] = $row['user_name'];
	$_SESSION['user_password'] = $row['user_password'];
	$_SESSION['user_level'] = $row['userlevel'];
	$_SESSION['user_id'] = $row['user_id'];
	header("Location:http://".$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI]);
	$_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files
	 if(isset($_POST['remember'])){
    	  setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
    	  setcookie("cookpass", $_SESSION['user_password'], time()+60*60*24*100, "/");
   		}
	} 
		elseif ($user_level == 2){    
			$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'"));

			$userright = array($login_check['user_name'], $login_check['userlevel']);
		$s_userpass = serialize($userpass);
	$_SESSION['username'] = $row['user_name'];
	$_SESSION['user_password'] = $row['user_password'];
	$_SESSION['user_level'] = $row['userlevel'];
	$_SESSION['user_id'] = $row['user_id'];
	header("Location:http://".$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI]);
	$_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files
	 if(isset($_POST['remember'])){
    	  setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
    	  setcookie("cookpass", $_SESSION['user_password'], time()+60*60*24*100, "/");
   		}
	}
}
else{
	echo "Login failed. Username and Password did not match database entries.";    
}
}

else
{
echo "Form was not completed. Please go back and make sure that the form was fully completed.";    
}
}
?> 

<html>
<table bgcolor='#999999' align='right'><form action="<?php $_SERVER['PHP_SELF']; ?>" method='POST'>
<tr><td>Username: </td><td><input type='text' name='user_name' /><br /></td></tr>
<tr><td>Password:</td><td> <input type='password' name='user_password' /><br /></td></tr>
<tr><td><input type="hidden" name="login" value="true"><input type="submit" value="Submit"></td></tr>
<tr><td><input type="checkbox" value="1" name="remember"> Remember Me </td></tr><tr><td><a href="register.php">[Register]</a></td></tr><tr><td><a href="forgot_password.php">[Forgot Password?]</a></td></tr></table>
</form>
</html>

<?php 
mysql_close();
}
else
{
header("Location:http://".$_SERVER[HTTP_HOST]);
}
}
?>

as you can see it has the login form intergrated

Make a page named logout_inc.php and have the code to destroy the session in it, and put this line on top every page OR a  header which you include in every page (which is generally a good idea):

<?php
if (isset($_GET['logout'])) {
    include ('logout_inc.php');
}
?>

Try this, I removed the get var from the <form> tag:

 

<?php
if (isset($_GET['logout']))
{
setcookie("cookname", $_SESSION['username'], time() - 3600, "/");
setcookie("cookpass", $_SESSION['user_password'], time() - 3600, "/");
session_unset();
session_destroy();
}

if ($_SESSION['is_valid'] == true){
if ($_SESSION['user_level'] == 2){
?>
<table class='logged_in'><tr><td>
<p>Welcome, <br><?php echo $_SESSION['username']; ?>
<br><a href='user_profile.php?id=<?php echo $_SESSION['user_id']; ?>'>User Profile</a><br>
<a href='user_setting.php'>Settings</a><br>
<a href="<?php print $_SERVER["PHP_SELF"]; ?>?logout=true">Logout</a><br />
</td></tr><tr><td>Logged In</td></tr></table></p>
<?php 
}
if ($_SESSION['user_level'] == 1){
?>
<table class='logged_in'><tr><td>
<p>Welcome, <?php echo $_SESSION['username']; ?>
<br><a href='user_profile.php?id=<?php echo $_SESSION['user_id']; ?>'>User Profile</a><br>
<a href='user_setting.php'>Settings</a><br>
<a href='admin_centre.php'>Admin Area</a><br>
<a href="<?php print $_SERVER["PHP_SELF"]; ?>?logout=true">Logout</a><br />
</td></tr><tr><td>Logged In</td></tr></table></p>
<?php
}
}
else
{
require_once 'db_connect.php';

if ($_SESSION['is_valid'] == false){
if (isset($_POST['login'])){

$user_name = $_POST["user_name"];        
$user_password = $_POST["user_password"]; 
$cookiename = forumcookie;   
$verify_username = strlen($user_name);
$verify_pass = strlen($user_password);
if ($verify_pass > 0 && $verify_username > 0)
{
$salt = substr($user_password, 0, 2);
$userPswd = crypt($user_password, $salt);
$sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' LIMIT 1;";
$result = mysql_query($sql);
if (mysql_num_rows($result) == 1){
	$row = mysql_fetch_assoc($result);
	$user_level = $row['userlevel'];
	if ($user_level == 1) {
		$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = 	'$_GET[p]'"));

		$userright = array($login_check['user_name'], $login_check['userlevel']);
		$s_userpass = serialize($userpass);
	$_SESSION['username'] = $row['user_name'];
	$_SESSION['user_password'] = $row['user_password'];
	$_SESSION['user_level'] = $row['userlevel'];
	$_SESSION['user_id'] = $row['user_id'];
	header("Location:http://".$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI]);
	$_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files
	 if(isset($_POST['remember'])){
    	  setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
    	  setcookie("cookpass", $_SESSION['user_password'], time()+60*60*24*100, "/");
   		}
	} 
		elseif ($user_level == 2){    
			$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'"));

			$userright = array($login_check['user_name'], $login_check['userlevel']);
		$s_userpass = serialize($userpass);
	$_SESSION['username'] = $row['user_name'];
	$_SESSION['user_password'] = $row['user_password'];
	$_SESSION['user_level'] = $row['userlevel'];
	$_SESSION['user_id'] = $row['user_id'];
	header("Location:http://".$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI]);
	$_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files
	 if(isset($_POST['remember'])){
    	  setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
    	  setcookie("cookpass", $_SESSION['user_password'], time()+60*60*24*100, "/");
   		}
	}
}
else{
	echo "Login failed. Username and Password did not match database entries.";    
}
}

else
{
echo "Form was not completed. Please go back and make sure that the form was fully completed.";    
}
}
$server = str_replace("?logout=true","",$_SERVER['PHP_SELF']);
?> 

<html>
<table bgcolor='#999999' align='right'><form action="<?php echo $server ?>" method='POST'>
<tr><td>Username: </td><td><input type='text' name='user_name' /><br /></td></tr>
<tr><td>Password:</td><td> <input type='password' name='user_password' /><br /></td></tr>
<tr><td><input type="hidden" name="login" value="true"><input type="submit" value="Submit"></td></tr>
<tr><td><input type="checkbox" value="1" name="remember"> Remember Me </td></tr><tr><td><a href="register.php">[Register]</a></td></tr><tr><td><a href="forgot_password.php">[Forgot Password?]</a></td></tr></table>
</form>
</html>

<?php 
mysql_close();
}
else
{
header("Location:http://".$_SERVER[HTTP_HOST]);
}
}
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.