webguync Posted January 21, 2010 Share Posted January 21, 2010 Hello, I have some code that in theory should be logging out automatically after 60 minutes. It doesn't appear to be working though, and I am not sure how to debug. Any ideas? Also, how would I echo a message prior to logout? session_start(); /*logout after 60 minutes*/ function login_validate() { /*Set the timeout on a login session. */ $timeout = 60*60; $_SESSION["expires_by"] = time() + $timeout; } Quote Link to comment Share on other sites More sharing options...
ignace Posted January 21, 2010 Share Posted January 21, 2010 60*60 = 3600 write it instead of calculating it again and again. Quote Link to comment Share on other sites More sharing options...
webguync Posted January 21, 2010 Author Share Posted January 21, 2010 doesn't seem to work when I write it out either. Does the code only calculate between periods of inactivity? I want something to logout after a certain period of time no matter what. Quote Link to comment Share on other sites More sharing options...
MatthewJ Posted January 21, 2010 Share Posted January 21, 2010 Well, it looks like you're storing the timeout "time" in a session. You would have to have that page call back to the server every so often to check if the time has expired, if it has then you could print a message out to the page, but again, you have to communicate back to check the session. If that makes sense. Quote Link to comment Share on other sites More sharing options...
webguync Posted January 21, 2010 Author Share Posted January 21, 2010 it makes sense, but not really sure how I would code that. Quote Link to comment Share on other sites More sharing options...
shlumph Posted January 21, 2010 Share Posted January 21, 2010 Every time the page is loaded, check to see time current time() and compare it to what's stored in $_SESSION["expires_by"]. Quote Link to comment Share on other sites More sharing options...
webguync Posted January 21, 2010 Author Share Posted January 21, 2010 I found some code in one of my PHP books, for an automatic logout, but when I add it, I can no longer login at all. Just get redirected back to the login page. Here is the code I am trying: /ini_set("display_errors","1"); //ERROR_REPORTING(E_ALL); session_start(); ob_start(); //set a time limit in seconds $timelimit=15; //get the current time $now = time(); //where to redirect if rejected if(isset($_POST['submit'])) { if(empty($_POST['username']) || empty($_POST['pwid']) ) { echo "<h2 style='color:#039;font-size:14px;font-family:arial, helvetica,sans-serif'>Please fill in both your username and password to access the editor exam. You will be redirected back to the login screen in 5 seconds</h2>"; echo "<meta http-equiv='refresh' content='5; url=EditorLogin.php'>"; exit; } //if time limit has expired, destroy session and redirect elseif ($now > $_SESSION['start'] + $timelimit) { //empty the $_SESSION array $_SESSION = array(); // invalidate the session cookie if (isset($_cookie[session_name()])) { setcookie(session_name(), '', time()-86400, '/'); } //end session and destroy with query string session_destroy(); header("Location: {$redirect}?expired=yes"); exit; } //if it's got this far, it's ok to update start time else { $_SESSION['start'] = time(); } $con = mysql_connect("localhost","ETSI","Editor") or die('Could not connect: ' . mysql_error()); mysql_select_db("ETSI_Internal") or die(mysql_error()); // Create the variables again. $username = mysql_real_escape_string($_POST['username']); $pwid = $_POST['pwid']; //set a time limit in seconds $timelimit=15; //get the current time $now = time(); //where to redirect if rejected // Encrypt the password again with the md5 hash. // This way the password is now the same as the password inside the database. //$pwid = md5($pwid); // Store the SQL query inside a variable. // ONLY the username you have filled in is retrieved from the database. $query = "SELECT username,pwid,name FROM TableName WHERE pwid = '$pwid' AND username='$username'"; $result = mysql_query($query) or die(mysql_error()); if(mysql_num_rows($result) == 0) { // Gives an error if the username/pw given does not exist. // or if something else is wrong. echo "<h2 style='color:#039;font-size:14px;font-family:arial, helvetica,sans-serif'>You have entered a username or password that does not match our database records. please try again. You will be directed back to the login screen in 5 seconds. </h2> " . mysql_error(); echo "<meta http-equiv='refresh' content='5; url=EditorLogin.php'>"; exit(); /* this would benefit from a redirect to a page giving better information to the user and maybe logging some errors. */ } else { // Now create an object from the data you've retrieved. $row = mysql_fetch_object($result); // You've now created an object containing the data. // You can call data by using -> after $row. // For example now the password is checked if they're equal. // By storing data inside the $_SESSION superglobal, // you stay logged in until you close your browser. $_SESSION['name'] = $row->name; $_SESSION['username'] = $username; $_SESSION['sid'] = session_id(); // Make it more secure by storing the user's IP address. $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; // Now give the success message. // $_SESSION['username'] should print out your username. //move this to after your redirect further below.. } } // Start a session. If not logged in will be redirected back to login screen. if(!isset($_SESSION['username'])){ header("Location:EditorLogin.php"); exit; } echo "<div id='welcome'><h3>Welcome! You are now logged in " . $_SESSION['name'] . "</h3>"; echo "<a class='logout' href='logout.php'>Logout</a></div>"; ?> Quote Link to comment Share on other sites More sharing options...
webguync Posted January 22, 2010 Author Share Posted January 22, 2010 anyone have any ideas on why this code would bypass the database check? Quote Link to comment Share on other sites More sharing options...
ignace Posted February 22, 2010 Share Posted February 22, 2010 Every time the page is loaded, check to see time current time() and compare it to what's stored in $_SESSION["expires_by"]. What's this for bullshit? Are we now storing a session expiration date on an expiring session? Just use: ini_set('session.save_path', SESSION_SAVE_PATH); ini_set('session.gc_probability', 100);// not recommended but will make sure the session is removed immediatly after expiration session_set_cookie_params(3600);//cookie expires 3600 seconds after initialization session_start(); Another method is using a database as it allows for more control as: SELECT * FROM sessions WHERE id = $id AND last_modified + lifetime > now() This will effectively expire the session when last_modified + lifetime <= now() altough the deletion of the record may well be a few minutes later. It has also other advantages like a session will be re-used instead of creating a new one whenever the user logs-in before the session expires by which the last_modified time is modified and the expiration is delayed Quote Link to comment Share on other sites More sharing options...
shlumph Posted February 23, 2010 Share Posted February 23, 2010 What's this for bullshit? LOL. Yes, and now the OP doesn't even need this logout function. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.