pcmedic Posted February 9, 2009 Share Posted February 9, 2009 Greetings, I need help with this php script.... I got it all up and running and it seems to be pretty solid... All the functions and features seem to work just fine, EXCEPT.....it wont let any user LOGOUT. Instead it displays the "You are already logged in" page at any logout attempt... Not being a programming guy, just a tinkerer....I need a hand figuring the problem here..... Here's a sample: http://quantamwebdesign.info/helpdesk/login.php Name:test Pass:test the menu sends all login/logout traffic to this page... login.php <?php // // Project: Help Desk support system // Description: User log in page // // Copyright 2005 http://simplehelpdesk.com Do not resell or redistribute.. This is free copyrighted software. $page_title = "Log in"; require_once "includes/auth.php"; require_once "includes/db.php"; require_once "includes/funcs.php"; require_once "includes/tpl.php"; // User authentication if($hduser['logged_in'] && empty($HTTP_GET_VARS)) { // If user logged in, show message & redirect to index die(dialog("You are already logged in.", $page_title, "Index", "index.php", true, true)); } // // User logs out ---------------------------------------------------------------------------------------------------- // if($_GET['action'] == "logout") { // // Check if user logged in, if not show error // if(!$hduser['logged_in']) { die(dialog("You are not logged in.", $page_title, "Index", "index.php", true, true)); } else { setcookie("hd_userdata", "", time()-36000); die(dialog("You are now logged out.", $page_title, "Log In", "login.php", true, true)); } } # # Lost password: Show form ------------------------------------------------------------------------------------------ # elseif($_GET['action'] == "lostpassword" && empty($_POST) && empty($_GET['key'])) { $page_title = "Lost password"; $tpl_lost = new tpl("tpl/lost_password.tpl"); // Delete, "wrong info" row fragment_delete("info_error", $tpl_lost->template); echo build_page(content_box($tpl_lost->template, $page_title), $page_title); } # # Lost password: Check validity and mail instructions --------------------------------------------------------------- # elseif($_GET['action'] == "lostpassword" && isset($_POST['btn_submit'])) { $page_title = "Lost password"; $user_name = $_POST['user_name']; $user_email = $_POST['user_email']; $r_user = mysql_query("SELECT * FROM $TABLE_USERS WHERE user_name='$user_name' AND user_email='$user_email' LIMIT 1") or error("Cannot check user info validity."); // If user does not exist, show error if(mysql_num_rows($r_user) < 1) { $tpl_lost = new tpl("tpl/lost_password.tpl"); die(build_page(content_box($tpl_lost->template, $page_title))); } $db_user = mysql_fetch_object($r_user); // // Build and send mail to user // $key = md5($db_user->first_name . $db_user->last_name . $db_user->user_name . $db_user->user_password); $url_changepass = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'] . "?action=lostpassword&id=$db_user->user_id&key=$key"; $tpl_mail = new tpl("tpl/mail_lostpassword.tpl"); $tpl_mail_tags = array( "user_name" => $db_user->user_name, "url_changepass" => $url_changepass ); $tpl_mail->parse($tpl_mail_tags); user_mail($db_user->user_id, $tpl_mail->parsed, "Password changing instructions"); dialog("Your instructions have been mailed. Please check your mail account in a while.", $page_title, "Log In", "login.php"); } // // Lost password: Check new password and update db // //elseif(isset($_POST['btn_changepass']) && !empty($_GET['key']) && !empty($_GET['id'])) //{ // //} // // Lost password: Show new password form ---------------------------------------------------------------------------- // elseif($_GET['action'] == "lostpassword" && !empty($_GET['id']) && !empty($_GET['key'])) { $page_title = "Change password"; $user_id = intval($_GET['id']); $key = $_GET['key']; // Get user info $r_user = mysql_query("SELECT * FROM $TABLE_USERS WHERE user_id=$user_id") or error("Cannot get user info."); $db_user = mysql_fetch_object($r_user); // Build user key and check for validity $user_key = md5($db_user->first_name . $db_user->last_name . $db_user->user_name . $db_user->user_password); if($user_key != $key) dialog("Wrong user key.", $page_title, "Log In", "login.php"); // If user typed new pass if(isset($_POST['btn_changepass'])) { $user_pass = $_POST['user_pass']; $user_pass2 = $_POST['user_pass2']; // Check password length if(strlen($user_pass) < 3 || strlen($user_pass) > 25) { $error = "Your password length must be between 3 and 25 characters."; } else { // Check if password and retyped password match if($user_pass != $user_pass2) $error = "Passwords do not match."; } if($error) { $tpl_changepass = new tpl("tpl/lost_password_new.tpl"); $tpl_changepass_tags = array("pass_error" => $error); $tpl_changepass->parse($tpl_changepass_tags); die(build_page(content_box($tpl_changepass->parsed, $page_title), $page_title)); } $new_pass = md5($user_pass); // Update db mysql_query("UPDATE $TABLE_USERS SET user_password='$new_pass' WHERE user_id=$user_id") or error("Cannot change user password."); dialog("Your password has been changed successfully.", $page_title, "Log In", "login.php"); } // Show form $tpl_changepass = new tpl("tpl/lost_password_new.tpl"); fragment_delete("pass_error", $tpl_changepass->template); die(build_page(content_box($tpl_changepass->template, $page_title), $page_title)); } // // User submitted the login form, set the cookie and proceed to index ----------------------------------------------- // elseif(isset($_POST['btn_login'])) { $user_name = $_POST['user_name']; $user_password = md5($_POST['user_password']); // Check if username and password are correct $r_user = mysql_query("SELECT user_id, user_password FROM $TABLE_USERS WHERE user_name='$user_name' AND user_password='$user_password'") or error("Cannot verify user info."); // if user info is correct, set cookie if(mysql_num_rows($r_user)) { $cookie_expire = ($_POST['chk_autologin']) ? (time() + 60*60*24*30) : (0); $db_user = mysql_fetch_object($r_user); $user['user_id'] = $db_user->user_id; $user['auth'] = $db_user->user_password; setcookie("hd_userdata", serialize($user), $cookie_expire); // Redirect user to index header("Location: index.php"); } else { // Show wrong password or username page $tpl_login = new tpl("tpl/login.tpl"); echo build_page(content_box($tpl_login->template, $page_title)); } } // // Check if user logged in. If not show log in form else redirect to index------------------------------------------- // // Copyright 2005 http://simplehelpdesk.com Do not resell or redistribute.. This is free copyrighted software. else { if($user['logged']) { header("Location: index.php"); exit(); } else { $tpl_login = new tpl("tpl/login.tpl"); // Delete the login error message fragment_delete("login_error", $tpl_login->template); echo build_page(content_box($tpl_login->template, $page_title), $page_title); } } // Copyright 2005 http://simplehelpdesk.com Do not resell or redistribute.. This is free copyrighted software. ?> Quote Link to comment Share on other sites More sharing options...
revraz Posted February 10, 2009 Share Posted February 10, 2009 First things, put your code in either code or php tags. Second, I wouldn't check their status like this if($hduser['logged_in'] && empty($HTTP_GET_VARS)) For one, HTTP_GET_VARS is depreciated. Second, I think it's just a poor validation. Check your if($_GET['action'] == "logout") up higher in your logic. Quote Link to comment Share on other sites More sharing options...
pcmedic Posted February 11, 2009 Author Share Posted February 11, 2009 You were correct...depreciated tags were the problem... Thank for pointing me in the right direction... PC-MEDIC Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.