Jump to content

Sessions causing login issues

newbtophp

By newbtophp
in PHP Coding Help

 Share

Recommended Posts

newbtophp Advanced Member

newbtophp

Posted
Posted

I'm having abit of trouble, logging in and out, sometimes when i login it keeps me logged in for a few hours then auto logs out, sometimes once i log in it logs me back out when viewing a protected page, and sometimes when i click logout (run logout.php) it does'nt log me out (and keeps me signed in).

 

Logout.php:

 

<?php 
require("func.php");

$logged_in = inc_online();

auto_logout();

update();

if($logged_in == 'yes') {

	$time = time();
	$online_query = mysql_query("UPDATE ".$users_table." SET user_online = '0', user_time = '$time', user_lastlog = '$time' WHERE user_username = '".addslashes($_SESSION['username'])."'");
	$ip = $_SERVER['REMOTE_ADDR'];
	$sql = mysql_query("select userid from site_remember where userip = '$ip'");
	$num = mysql_num_rows($sql);
	if ($num > 0) {
		$sql = mysql_query("DELETE FROM `site_remember` WHERE userip = '".$ip."'");
	}


echo "You have logged out sucessfully";

} else {          
print "You cannot logout if your not logged in!<br /><br><a href=\"login.php\">Login</a>";
}
?>

 

 

func.php:

 

<?php

// online function

function inc_online() {

$ip = $_SERVER['REMOTE_ADDR'];

$sql = mysql_query("SELECT `userid` FROM `site_remember` WHERE `userip` = '$ip'");

$num = mysql_num_rows($sql);

if ($num > 0)

{

$row = mysql_fetch_array($sql);

$userid = $row['userid'];



$sql2 = mysql_query("SELECT `user_password`, `user_username`, `user_level`, `user_slashed` FROM `site_users` WHERE `user_id` = '$userid'");

$row2 = mysql_fetch_array($sql2);

$username = $row2['user_username'];

$password = $row2['user_password'];

$user_level = $row2['user_level'];

$user_slashed = $row2['user_slashed'];



$time = time();

mysql_query("UPDATE `site_users` SET `user_online` = '1' WHERE `user_username` = '$username'");

mysql_query("UPDATE `site_users` SET `user_time` = '$time'  WHERE `user_username` = '$username'");

mysql_query("UPDATE `site_users` SET `user_ip` = '$ip'  WHERE `user_username` = '$username'");





$_SESSION['user_id'] = $userid;

$_SESSION['username'] = $username;

$_SESSION['user_level'] = $user_level;

$_SESSION['password'] = $password;

$_SESSION['user_slashed'] = $user_slashed;

}



if (isset($_SESSION['user_id']) && isset($_SESSION['username']) && isset($_SESSION['password']) && isset($_SESSION['user_level']) && isset($_SESSION['user_slashed']))

{

$sql44 = mysql_query("select user_id, user_password, user_username, user_slashed, user_level from site_users where user_ip = '$ip'");



if ($sql44)

{

$row2 = mysql_fetch_array($sql44);

$username = $row2['user_username'];

$password = $row2['user_password'];

$user_level = $row2['user_level'];

$user_slashed = $row2['user_slashed'];

$_SESSION['user_id'] = $userid;

$_SESSION['username'] = $username;

$_SESSION['user_level'] = $user_level;

$_SESSION['password'] = $password;

$_SESSION['user_slashed'] = $user_slashed;

$logged_in = "yes";

}

else

{

$logged_in = "no";

}

}

else

{

$logged_in = "no";

}



return $logged_in;

}



// auto logout

function auto_logout() {

$username = $_SESSION['username'];

$user_slashed = $_SESSION['user_slashed'];

if (isset($username))

{

$offline = 500;

$current = time();

$offline = ($current-$offline);

$time = time();



$sql_query = mysql_query("SELECT `user_id` FROM `site_users` WHERE `user_time` >= '$offline' AND `user_online` = '1' AND `user_slashed` = '$user_slashed'");

if (mysql_num_rows($sql_query) == 0)

{

session_destroy();

mysql_query("UPDATE `site_users` SET `user_online` = '0' AND `user_lastlog` = '$time' WHERE user_slashed = '$user_slashed'");

}

else

{

mysql_query("UPDATE `site_users` SET `user_time` = '$time' WHERE `user_slashed` = '$user_slashed'");

}

}

}
?>

 

 

Login.php

 

<?php

require("func.php");

$logged_in = inc_online();


auto_logout();


update();



if($logged_in == 'yes'){



print "You are already logged in!<br /><a href=\"logout.php\">Logout?</a>";



} else {



if ($_GET['pg'] == '') {



?>



<form action="?pg=login" method="post" enctype="multipart/form-data">


Username:<br>


<input name="username" type="text" class="textfield3" />


<br>
<br>

Password:<br>

<input name="password" type="password" class="textfield3" />


<br>
<br>
                 
<input type="hidden" name="auto" value="" />


<input name="Submit" type="submit" class="button" value="Login" />


</form>


<?php



} elseif ($_GET['pg'] == 'login') {


$username = clean($_POST['username']);



$password = clean($_POST['password']);



$auto = $_POST['auto'];


if (!$username) {


echo "Fill in username";



}



elseif (!$password) {



echo "Fill in password";



} else{



$username = clean($username);


$password = clean($password);


$pass = md5($password);


$sql = mysql_query("SELECT user_id, user_password, user_username, user_slashed, user_level FROM ".$users_table." WHERE `user_slashed` = '".$username."' and `user_password` = '".$pass."' and (`user_verified` = 'Y' || `user_verified` = 'B')");
$sql1 = mysql_query("SELECT user_verified FROM ".$users_table." WHERE `user_slashed` = '".$username."' and `user_password` = '".$pass."' and `user_verified` = 'B'");


$u_v=mysql_fetch_array($sql1);



$time = time();



$online_query = mysql_query("UPDATE ".$users_table." SET user_online = '1' WHERE user_username = '$username'");



$online_query2 = mysql_query("UPDATE ".$users_table." SET user_time = '$time'  WHERE user_username = '$username'");


mysql_query("UPDATE ".$users_table." SET user_lastlog = '$time'  WHERE user_username = '$username'");


$row = mysql_fetch_array($sql);



$user_id = $row['user_id'];



$username = $row['user_username'];



$password = $row['user_password'];



$user_level = $row['user_level'];



$user_slashed = $row['user_slashed'];



$user_ip = $_SERVER['REMOTE_ADDR'];






if ($auto == 'yes')



{



$sql = mysql_query("select userid from site_remember where userip = '$user_ip'");



$num = mysql_num_rows($sql);



if ($num == 0)



{



$auto_query = mysql_query("INSERT INTO `site_remember` ( `userip` , `userid` ) VALUES ('".$user_ip."', '".$user_id."')");



}



}



mysql_query("UPDATE `site_users` SET `user_ip` = '$user_ip'  WHERE `user_username` = '$username'");



// Get them logged in



$_SESSION['user_id'] = $user_id;



$_SESSION['username'] = $username;



$_SESSION['user_level'] = $user_level;



$_SESSION['user_level1'] = $user_level;



$_SESSION['password'] = $password;



$_SESSION['user_slashed'] = $user_slashed;



echo "You are not logged in";


if ($auto == 'yeS') { 
print "<br />You have also enabled auto login. You will be logged in automaticlly now until u click log out.";   
} 
} 
} 
} 

if(@$_SESSION['username']){

echo "You will be logged in until you close your browser or click on log out.";                 

}

?>

 

 

When logged in and i access a protected page it logs me back out, its usually when i have the following code on the protected page:

 

require("func.php"); 
$logged_in = inc_online();
auto_logout();
update();

if($logged_in == 'yes') {

//protected stuff....
}

 

Can anyone, help identify the problem?  :-\

 

 

Thanks.

Link to comment
Share on other sites
newbtophp Advanced Member

newbtophp

Posted
  • Author
Posted 

require("func.php");
$logged_in = inc_online();
auto_logout();
update();

if($logged_in == 'yes') {

//protected stuff....
}

^ your telling it to run auto_logout(); when you load the page.

 

Still the same problem it logs me out upon page load even though the function aint been declared.

 

Besides auto_logout(); only occurs upon a fixed period of time.

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

You should be learning php (or learning anything new in php), developing php code, and debugging php code on a system with error_reporting set to E_ALL and display_errors set to ON in your master php.ini so that php will help you by displaying all errors it finds. Stop and start your server to get any changes made to php.ini to take effect and confirm that the actual settings get changed by using a phpinfo() statement in case the php.ini that you are changing is not the one that php is using.

Link to comment
Share on other sites
newbtophp Advanced Member

newbtophp

Posted
  • Author
Posted

I get the following errors:

 

Notice: Undefined index: username

 

In the file func.php; in the first line of the auto_logout() function which is this line:

 

$username = $_SESSION['username'];

 

And this error:

 

Notice: Undefined index: user_slashed

 

In the file func.php; in the second line of the auto_logout() function which is this line:

 

$user_slashed = $_SESSION['user_slashed'];

 

:-\

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Undefined index names for $_SESSION variables would indicate that those variables don't exist where they are being referenced. Either the code that is setting them is not being executed or some code is un-setting them or a valid session was not started on the page where they were set or a valid session was not started on the page where they are being referenced...

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.