Jump to content

[SOLVED] Ending Session???

elmas156

By elmas156
in PHP Coding Help

 Share

Recommended Posts

elmas156 Regular Member

elmas156

Posted
Posted

Hello,

 

I just came across this membership system tutorial located at http://www.phpfreaks.com/forums/index.php/topic,192840.0.html and I wanted to see how it worked.  I copied and pasted the code exactly how the tutorial said to do it and everything worked perfectly except for one thing.  On the index or main page there is a link to the logout page, which is supposed to end the session and redirect the page back to the login page.  For some reason, when I click on this "logout" link, it doesn't do as it should.  I think what is happening is it is sending me to "logout.php" but it isn't destroying the session, then it sends me back to "login.php", which, because the session wasn't ended as it should have, the server recognizes that I'm still logged in, therefore sends me back to "index.php".  I'm not sure if there is something that I should have done to make this work or if it's a problem with the code.  Is there another way to end a session that would work better?  I'm at a loss as to what to try now.  Does anyone have any suggestions?  The code that I used is exactly as it is in the tutorial except for some database server and login information that works fine.  Thanks in advance for any suggestions....

 

Oh, I almost forgot... anywhere a password is entered in this code the author had the password encripted.  It wouldn't work for me... I had to remove the "md5" and change it to "form" like the rest of it to get it to work.  Any suggestions on that?

Link to comment
https://forums.phpfreaks.com/topic/120647-solved-ending-session/
Share on other sites
elmas156 Regular Member

elmas156

Posted
  • Author
Posted

Try this code:

<?php
session_start();
session_destroy(); // Destroys the session.
header("Location: login.php"); // Goes back to login.
?>

 

EDIT: this for logout page

It works perfectly, thanks!  Any ideas on the password encryption problem?

elmas156 Regular Member

elmas156

Posted
  • Author
Posted

well, I was trying the code the way the author wrote it, with the "md5" encryption, but it wouldn't work because when the page would check to see if the user name and password matched what was in the database, of course the password in the database would not be what the user entered because it was encrypted (I'm guessing this is what the case was).  Anyway, to make it work, I took the md5 part out and replaced it with "form" like it is for the username and email sections on the code.  I would rather make it work with the "md5" encryption but I don't know what was causing it to not work and I don't even know where to start to debug it.  If I have to I can leave it the way it is but I'd rather not.

mmarif4u Regular Member

mmarif4u

Posted
Posted

The best thing is to use it.

Now when you are creating new user that it will store it in table as md5 encryption password.

After when user will enter his/her simple password. Query will OR before sending the query PHP will convert that password to md5 which is entered by user in the form to login, then will check against table field password for that user.

If matches grant access to user if not send back user to login page OR show error.

So mean you have to use while registering user and then logging in.two times.password will be saved in md5 form in table field.

elmas156 Regular Member

elmas156

Posted
  • Author
Posted

So to clarify...

1. The user enters a simple password when they register.

 

2. That simple password is encrypted when it is sent to the database and stored as something other than the simple password.

 

3. When the user logs in they enter their simple password.

 

4. The simple password is encrypted and now should match whatever is stored in the database, therefore granting them access to the site.

 

Is this the way it should work?  Does each password always change to the same set of letters and numbers each time it's encrypted?  If so, I'm still confused about how to make the code on this membership system work.  Thanks for all your help, I know I'm being difficult here.

mmarif4u Regular Member

mmarif4u

Posted
Posted

Yup your flow is correct.

Script will store password in md5 form.then when they login will be matched as md5, but user will enter their own password not md5.

There are alot of encryption possibilities. md5,sh1 most popular and strong.

Every time it change the input from user to different characters.

But if you wana match them, then you have to run query like to match username for that password in the table.

It should work.

elmas156 Regular Member

elmas156

Posted
  • Author
Posted

I'll try it again tomorrow and see what it happens.  Maybe there was something that I missed.  If I can't get it to work, I'll be looking for some more help.  Do you mind if I contact you directly if you're online?  If not that's ok, I'll just start a new post asking specifically about the encryption.  Thanks very much, you've been a great help.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.