Shadowing Posted December 8, 2011 Share Posted December 8, 2011 I cant figure out why my log out script doesnt work all you need is session_start(); session_destroy(); right? here is my script to keep people loged in which works fine. if ($_SESSION['login_time'] < strtotime('-60 minutes')) { header("Location: signup.php"); exit(); session_destroy(); Quote Link to comment Share on other sites More sharing options...
meltingpoint Posted December 8, 2011 Share Posted December 8, 2011 <?php session_start(); $_session['login_time'] = "";//-------to kill for sure the variable session_destroy(); ?> The above should go at the very top of your logout page Quote Link to comment Share on other sites More sharing options...
Shadowing Posted December 8, 2011 Author Share Posted December 8, 2011 Thanks for the reply meltingpoint I tried that still isnt working. this is one wierd issue. here is my full code and my connect.php file has this <?php session_start(); ob_start(); what is the deal with the ob_start. I added that a long time ago cause someone else had it. <?php include_once("connect.php"); if(isset($_SESSION['user_id'])) { // checks for id in session $sql = "UPDATE users SET lastactive = NOW() WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'"; mysql_query($sql); // updates the last activity of user if ($_SESSION['login_time'] < strtotime('-60 minutes')) { // logs user out after 15 minutes and redirects to login and ends session header("Location: signup.php"); exit(); session_destroy(); echo "You have been loged out."; Quote Link to comment Share on other sites More sharing options...
meltingpoint Posted December 8, 2011 Share Posted December 8, 2011 <?php include_once("connect.php"); if(isset($_SESSION['user_id'])) { $sql = "UPDATE users SET lastactive = NOW() WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'"; mysql_query($sql); // updates the last activity of user if ($_SESSION['login_time'] < strtotime('-60 minutes')) { $_session['login_time'] = "";//-------to kill for sure the variable session_destroy(); header("Location: signup.php"); exit; } } ob_start() is for output buffering. Don't know all your code so not sure if you need it or are using it properly. Give the above a try Quote Link to comment Share on other sites More sharing options...
Shadowing Posted December 8, 2011 Author Share Posted December 8, 2011 if my log out timer works fine with no problems then the problem has to be in my session not getting destroyed. so the problem must some how be in the way im staying loged in I dont see how though since that entire page is reading from sessions Quote Link to comment Share on other sites More sharing options...
Shadowing Posted December 8, 2011 Author Share Posted December 8, 2011 my inner webpages goes to <? require("menu.php"); ?> // which is a menu i have load on every webpage. and its menu.php that has the <? include_once("Safe.php"); ?> which is the file that keeps you loged in could daisy chaining that effect anything? Quote Link to comment Share on other sites More sharing options...
Shadowing Posted December 8, 2011 Author Share Posted December 8, 2011 well that cancels that idea just ran a test still isnt working. crazy Quote Link to comment Share on other sites More sharing options...
meltingpoint Posted December 8, 2011 Share Posted December 8, 2011 I really do not know. You are piece-mealing code out a little at a time. I am not sure what is included on each page nor do I know what is on menu.php and Safe.php. You said you added ob_start() along time ago. I assume that this script was working for a while and now has issues. If that is the case, what exactly have you changed? Quote Link to comment Share on other sites More sharing options...
Shadowing Posted December 8, 2011 Author Share Posted December 8, 2011 i never had a log out script. this is the first. the auto log out still works just fine. If i wait how ever long i set it for it logs out and i cant access any pages with out logging back in again. I went ahead and by passed the menu page so now all we have is the log out page <?php include_once("connect.php"); header("Location: signup.php"); session_destroy(); ?> the page im connecting back with after i hit log out <? require("Safe.php"); ?> <html> <head> <link rel="stylesheet" type="text/css" href="sitestyle.css" /> </head> <body> Under Construction </body> </html> then the safe page which is the staying loged in page <?php include_once("connect.php"); if(isset($_SESSION['user_id'])) { // checks for id in session $sql = "UPDATE users SET lastactive = NOW() WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'"; mysql_query($sql); // updates the last activity of user if ($_SESSION['login_time'] < strtotime('-60 minutes')) { // logs user out after 15 minutes and redirects to login and ends session header("Location: signup.php"); exit(); session_destroy(); } } ?> Quote Link to comment Share on other sites More sharing options...
Shadowing Posted December 8, 2011 Author Share Posted December 8, 2011 I was thinking maybe when I auto log out after 60 minutes its not really destroying the session at that time either and the reason it works is cause the session still matches the codition. if ($_SESSION['login_time'] < strtotime('-60 minutes')) { header("Location: signup.php"); exit(); session_destroy(); so the problem has to be the session isnt being destroyed. I also typed a simple if command that has to be true and it still didnt work. Which narrows this down to the session isnt being destroyed. Quote Link to comment Share on other sites More sharing options...
Shadowing Posted December 8, 2011 Author Share Posted December 8, 2011 ok did some tests im using this as my log out code now <?php include_once("connect.php");?> <?php if(isset($_SESSION['login_time'])) { session_unset(); session_destroy(); header("Location: signup.php"); } ?> what I learn was and I almost didnt notice this but when I ran this code it didnt redirect me to the header. meaning the if statment turned up false. So that means the session was destroyed cause when I go and log in and log out it redirected me to the header. then if i go to a page inside and log out again it doesnt redirect me. so im thinking this. when the login_time session is blank its still reading it as less than which is making it true and allowing me to access pages. if ($_SESSION['login_time'] < strtotime('-60 minutes')) Quote Link to comment Share on other sites More sharing options...
Drummin Posted December 8, 2011 Share Posted December 8, 2011 If you are using include_once at the top of each of your pages, I believe this is fine for constants or variables but I'm not sure about session_start(); which is required on each page that uses a SESSION. Hey, maybe I'm wrong. I always use include() for DB connection and session_start. Maybe require_once() would be a better option in your case. Quote Link to comment Share on other sites More sharing options...
Shadowing Posted December 8, 2011 Author Share Posted December 8, 2011 Thanks for joining the conversation Drummin i dont know what i was thinking. that theory is down the hole lol. of course destroying the session is making a impact on keeping me loged off since when the timer runs out it destroys session and keeps me loged off. i did a test and put start session on every page lol with no affect. what baffles me the most is the auto log out works fine. I just tested it again works perfectly. this is driving me crazy lol Quote Link to comment Share on other sites More sharing options...
Drummin Posted December 8, 2011 Share Posted December 8, 2011 Hey sorry about that. Glad you got a good laugh. I don't see where you are setting $_SESSION['login_time']. Maybe??? $_SESSION['login_time']=date(strtotime('now')); IF that's the case, try if ($_SESSION['login_time'] < strtotime('now - 60 minutes')) { session_destroy(); header("Location: signup.php"); exit(); } Quote Link to comment Share on other sites More sharing options...
Shadowing Posted December 8, 2011 Author Share Posted December 8, 2011 k i tried and still not working <?php include_once("connect.php"); if ($_SESSION['login_time'] < strtotime('now - 60 minutes')) { session_destroy(); header("Location: signup.php"); exit(); } ?> here is my login script with the session login beign created. Restarted my computer just for the heck of it too. <? include_once("connect.php"); ?> <?php if(isset($_POST['Login'])) { if(!preg_match('/^[A-Za-z0-9]{5,20}$/',$_POST['loginusername'])) { // checks username format. echo "Invalid Username. Usernames can only be letters or numbers"; } else { $querys = "SELECT password,id,login_ip FROM users WHERE name='".mysql_real_escape_string($_POST['loginusername'])."'"; $results = mysql_query($querys) or die(mysql_error()); $roe = mysql_fetch_array($results); // Search the database and get the password, id, and login ip that belongs to the name in the username field. if(empty($roe['id'])){ // check if the id exist and it isn't blank. echo "Account doesn't exist."; } else { if(md5($_POST['loginpassword']) != $roe['password']){ // if the account exist this is matching the password with the password typed in the password field. echo "Your password is incorrect."; } else { if(empty($roe['login_ip'])){ // checks to see if the login ip has an ip already $roe['login_ip'] = $_SERVER['REMOTE_ADDR']; } $ip_information = explode("-", $roe['login_ip']); // if the ip is different from the ip that is on the database it will store it if (in_array($_SERVER['REMOTE_ADDR'], $ip_information)) { $roe['login_ip'] = $roe['login_ip']; } else { $roe['login_ip'] = $roe['login_ip']."-".$_SERVER['REMOTE_ADDR']; } $_SESSION['user_id'] = $roe['id'];// stores the id of the user $_SESSION['login_time'] = time(); // stores the log in time of the user $results = mysql_query("UPDATE users SET userip='".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',login_ip='".mysql_real_escape_string($roe['login_ip'])."' WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'") or die(mysql_error()); // to test that the session saves well we are using the sessions id update the database with the ip information we have received. header("Location: dominion.php"); // redirects me to main.php } } } } ?> so I reset my minutes to -1 minute and sure enough it keeps me loged out as usual. hmmm. going to test to make sure my session is being deleted again on hitting log out. <?php include_once("connect.php"); if(isset($_SESSION['user_id'])) { // checks for id in session $sql = "UPDATE users SET lastactive = NOW() WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'"; mysql_query($sql); // updates the last activity of user if ($_SESSION['login_time'] < strtotime('-1 minutes')) { // logs user out after 15 minutes and redirects to login and ends session header("Location: signup.php"); exit(); session_destroy(); echo "You have been loged out."; } } ?> Quote Link to comment Share on other sites More sharing options...
Shadowing Posted December 8, 2011 Author Share Posted December 8, 2011 I dont know what i was thinking. Last night I was right about what I said. lets break this down and just look at this code. Lets say my session is not being deleted in this script. If it wasnt then the condition would still remain true. So what keeps me loged out is the condition is still true not that my session is destroyed cause when i log in again it just updates the session which makes this condition false again for one minute. <?php if ($_SESSION['login_time'] < strtotime('-1 minutes')) { header("Location: signup.php"); exit(); session_destroy(); echo "You have been loged out."; } ?> so I did this. I deleted the session_destroy on the script above and the script still works. then I went to log out file which now reads <?php include_once("connect.php"); echo $_SESSION['user_id']; echo $_SESSION['login_time']; ?> and it displayed the user id and login time. so then I added the destory session back to the auto log out script. loged in and waited for one minute to go by and then hit log out and it didnt display any session. So now we know it does create and destroy the session. and we know that the session existing or not has no affect on the script that keeps me loged in. Also I just notice something. when I wait 1 minute and it auto logs me out if I double click on a page really fast that i need to be loged in to view it messes up and lets me view it. The first click sends me to the log in page but the 2nd click lets me view it. i see it flip the page real fast before letting me in so that means that my auto log out script isnt really sucessful Quote Link to comment Share on other sites More sharing options...
Shadowing Posted December 8, 2011 Author Share Posted December 8, 2011 so I added this line if(empty($_SESSION['login_time'])){ if ($_SESSION['login_time'] < strtotime('-1 minutes')) { // logs user out after 15 minutes and redirects to login and ends session header("Location: signup.php"); session_destroy() i hit a page and it lets me in after its been triped from double clicking. and i hit log out and no session is being displayed so this should work since no session exists. Also i should mention when i do that fast double click and it lets me in. If I wait one minute it doesnt sign me out. So that script stops working. So having no login time session its still reading it as less than the time Quote Link to comment Share on other sites More sharing options...
Shadowing Posted December 8, 2011 Author Share Posted December 8, 2011 yah! i figured out why its doing what its doing. For starters the double click thing wasnt triping anything. The auto log out script just wasnt working. cause i double clicked slowly and it still did it haha and its because I removed exit(); from the script. So that problem is solved. So I log in wait 1 minute and click on a page and it logs me out like it should. Then I run this script on log out <?php include_once("connect.php"); echo $_SESSION['user_id']; echo $_SESSION['login_time']; ?> and it displays both sessions. meaning its not destroying the session but if i put exit(); after session_destroy it destroys the session. if I leave exit all together it doesnt destroy the session. also i noticed that if I delete or move the exit after session_destroy command it lets me view the page and once it lets me view the page and i stay on that page and put exit(); back before session_destroy command it makes the auto log out page not work anymore unless I log in. Anyways one thing i know for sure is this that right now this script is 100 percent for sure not destroying my session. if ($_SESSION['login_time'] < strtotime('now - 1 minutes')) { header("Location: signup.php"); exit(); session_destroy(); so I have figured out why its doing all this. if there is no session then if ($_SESSION['login_time'] < strtotime('now - 1 minutes')) doesnt work at all which allows me to view pages. and the reason my auto log out has been working is because with the exit before the session destroy command the session doesnt get destroyed. and the reason this command doesnt log me out exit(); session_destroy(); is because its deleting the session. So im saying my auto log out needs to have a active session in order to work. which is bad cause anyone with out a session can log in. so that is why its not working. Cant believe took me this long to figure this out. so the problem is with my auto log out script. If it has no session to compare the time to then it wont work. If I use this as my log out script and put a exit before the session_destroy exit(); session_destroy(); it wont destroy the session and if one minute hasnt pass it will let me view the page. if I only use session_destroy(); on the log out script then it will destory the session allowing my auto log out script not to work. so i need to figure out how to tell my auto log out script to log people out that dont have a session login_time if(!isset($_SESSION['login_time'])){ header("Location: signup.php"); exit(); that didnt work Quote Link to comment Share on other sites More sharing options...
Shadowing Posted December 8, 2011 Author Share Posted December 8, 2011 ok i got rid of the auto log out and got the log out to work. using destroy session on log out and <?php include_once("connect.php"); session_start(); if (!(isset($_SESSION['login_time']) && $_SESSION['login_time'] != '')) { header ("Location: login.php"); } ?> i wanted a auto log out though I think Quote Link to comment Share on other sites More sharing options...
Shadowing Posted December 8, 2011 Author Share Posted December 8, 2011 I got it all working now. log out and auto log out <?php include_once("connect.php"); session_start(); if (!(isset($_SESSION['login_time']) && $_SESSION['login_time'] != '')) { header ("Location: signup.php"); exit(); } else { if ($_SESSION['login_time'] < strtotime('now - 60 minutes')) { // logs user out after 15 minutes and redirects to login and ends session header("Location: signup.php"); exit(); } } ?> Quote Link to comment Share on other sites More sharing options...
meltingpoint Posted December 8, 2011 Share Posted December 8, 2011 In your second if statement- if the session time has expired you have it re-direct to the login page. Where are you destroying the session in the 2nd if statment? The session id is still set- just the time will trigger a redirect. I would include ; $_SESSION['login_time'] = ""; $_SESSION_DESTROY(); in the 2nd if statement. That way it is all gone for sure. Just a thought. Quote Link to comment Share on other sites More sharing options...
Shadowing Posted December 9, 2011 Author Share Posted December 9, 2011 oh yah i forgot i should destroy the session there too. Thanks. to day has been quite the day haha I found out the larger problem I was having. What was really cuasing my problems was a if statement i had before all that code. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.