Jump to content

Help with logout.php page!

manddox

By manddox
in PHP Coding Help

 Share

Recommended Posts

manddox Newbie

manddox

Posted
Posted

Hi all,

 

I am unable to logout when I click on the logout.php page. I am using a simple link to get to the logout.php page. .i.e.

<a href='posts.php'>Home</a> || <a href='logout.php'>Logout</a>

 

My logout.php page looks like this:

<?php
session_start();

//Unset the $_SESSION array value
unset($_SESSION['username']);

if (isset($_SESSION['username'])) 
{
  $_SESSION['username'] = "";
}  

session_unset();
// Logout of the site
session_destroy();

if(!isset($_SESSION["username"]))
{
echo 'You have successfully logged out!<br/>';
echo 'To enter again, please <a href="login.php">login!</a>';
exit;
}

?>

 

After logging out if i click the back button on my browser I am able to view the pages which not be the case and also when I click on the login link, it logs me in without any prompt for the username and password. But when I clear the cache from my browser, it gives me the prompt for username and password upon clicking in the login link. So, basically the cache is not getting cleared when I log out but clearing the cache manually does the job. Please help me guys with this as am new to php programming! thanks in advance!

Link to comment
https://forums.phpfreaks.com/topic/164374-help-with-logoutphp-page/
Share on other sites
exhaler Member

exhaler

Posted
Posted

try this:

 

<?php
	// Four steps to closing a session
	// (i.e. logging out)

	// 1. Find the session
	session_start();

	// 2. Unset all the session variables
	$_SESSION = array();

	// 3. Destroy the session cookie
	if(isset($_COOKIE[session_name()])) {
		setcookie(session_name(), '', time()-42000, '/');
	}

	// 4. Destroy the session
	session_destroy();
?>

manddox Newbie

manddox

Posted
  • Author
Posted

exhaler..i have no idea what could be the issue in my case...it just doesn't work and i even tried with other way rounds like the ones below:

<?php
session_start();
if($_GET['user_id']){
$_SESSION['user_id'] = $_GET['user_id'];
}
if(!session_is_registered($_SESSION['user_id'])){	
header("location: login.php");
}
session_destroy();
echo "You have successfully logged out!<br/>";
?>

and

<?php
session_start();
unset($_SESSION['username']);
session_unset();
session_destroy();
echo "<meta http-equiv=\"refresh\" content=\"5;url=login.php\">" ;
?>

 

but am really running out of luck here...ne ideas?? I guess it could be the issue with some settings also why it's not working.

Bendude14 Member

Bendude14

Posted
Posted

Its more likely the problem is not in destroying the session in the logout page but checking wether or not the session is still set in your previous pages that you are returning to via the back button...

 

Can we see the code that validates a user to be logged in on each page?

 

Ben

manddox Newbie

manddox

Posted
  • Author
Posted

Yes, Ben sure. Below is my login.php page:

<?php
require_once('db_login.php');
require_once('DB.php');
if(!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
{
header('WWW-Authenticate: Basic realm="Member Area"');
header("HTTP/1.0 401 Unauthorized");
echo "You must enter a username and password combination!";
exit;
}
$web_username = $_SERVER['PHP_AUTH_USER'];
$web_password = $_SERVER['PHP_AUTH_PW'];
$connection = DB::connect("mysql://$db_username:$db_password@$db_host/$db_database");
if(DB::isError($connection))
{
die ("Could not connect to the database: <br />".DB::errorMessage($connection));
}
$query = "Select user_id, username from users WHERE username='".$web_username."' AND password=MD5('".$web_password."') LIMIT 1";
$result = $connection->query($query);
if(DB::isError($result))
{
die ("Could not query the database: <br />".$query." ".DB::errorMessage($result));
}
if(!$row = $result->fetchRow(DB_FETCHMODE_ASSOC))
{
header('WWW-Authenticate: Basic realm="Member Area"');
header("HTTP/1.0 401 Unauthorized");
echo "Your username and password combination was incorrect!";
exit;
}
echo ("You have logged in successfully as ".$row['username']."!");
?>

 

And finally the code which validates whether a user is logged in or not is as follows:

<?php
session_start();
require_once('config.php');
require_once('../db_login.php');
require_once('DB.php');
//Dispaly the page header
$smarty->assign('blog_title', $blog_title);
$smarty->display('header.tpl');
//Check the valid login
if(!isset($_SESSION['username']))
{
echo 'Please <a href="login.php">login </a>';
}
else //Connect to the database
{
$connection = DB::connect("mysql://$db_username:$db_password@$db_host/$db_database");
if(DB::isError($connection))
{
	die ("Could not connect to the database:<br />".DB::errorMessage($connection));
}
       $connection->disconnect();
       //Display the page footer
       $smarty->display('footer.tpl');
}
?>

gangsterwanster1 Member

gangsterwanster1

Posted
Posted

Yes, Ben sure. Below is my login.php page:

<?php
require_once('db_login.php');
require_once('DB.php');
if(!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
{
header('WWW-Authenticate: Basic realm="Member Area"');
header("HTTP/1.0 401 Unauthorized");
echo "You must enter a username and password combination!";
exit;
}
$web_username = $_SERVER['PHP_AUTH_USER'];
$web_password = $_SERVER['PHP_AUTH_PW'];
$connection = DB::connect("mysql://$db_username:$db_password@$db_host/$db_database");
if(DB::isError($connection))
{
die ("Could not connect to the database: <br />".DB::errorMessage($connection));
}
$query = "Select user_id, username from users WHERE username='".$web_username."' AND password=MD5('".$web_password."') LIMIT 1";
$result = $connection->query($query);
if(DB::isError($result))
{
die ("Could not query the database: <br />".$query." ".DB::errorMessage($result));
}
if(!$row = $result->fetchRow(DB_FETCHMODE_ASSOC))
{
header('WWW-Authenticate: Basic realm="Member Area"');
header("HTTP/1.0 401 Unauthorized");
echo "Your username and password combination was incorrect!";
exit;
}
echo ("You have logged in successfully as ".$row['username']."!");
?>

 

And finally the code which validates whether a user is logged in or not is as follows:

<?php
session_start();
require_once('config.php');
require_once('../db_login.php');
require_once('DB.php');
//Dispaly the page header
$smarty->assign('blog_title', $blog_title);
$smarty->display('header.tpl');
//Check the valid login
if(!isset($_SESSION['username']))
{
echo 'Please <a href="login.php">login </a>';
}
else //Connect to the database
{
$connection = DB::connect("mysql://$db_username:$db_password@$db_host/$db_database");
if(DB::isError($connection))
{
	die ("Could not connect to the database:<br />".DB::errorMessage($connection));
}
       $connection->disconnect();
       //Display the page footer
       $smarty->display('footer.tpl');
}
?>

 

$query = "Select user_id, username from users WHERE username='".$web_username."' AND password=MD5('".$web_password."') LIMIT 1";

Whats your sites URL? Lol that looks like is vulnerable to SQL injection.

manddox Newbie

manddox

Posted
  • Author
Posted

Hi, gangsterwanster1...I think you're right and its prone to SQL injection. I'll do the necessary to prevent this and btw am still testing my application on a localhost and not yet uploaded to any live server. Neway, thanks guys.

Yes, Ben...I tried that too and still no luck.  :'(

 

Neone mind dropping in here with a solution?? please!!

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.