Jump to content

Recommended Posts

I for the life of me can get this to work:

 

When you first land on the homepage of my site, the links at the top are set to the user being logged out. When you log-in the links on the top the page change to the menu for a logged in user as they should. When You select sign-out everything looks like it goes okay, you get logged out and the user is returned to the homepage. However, if you simply click the log-in button again, without typing anything into the username or password fields, you're magically signed in again.

 

login.php

<?php
header('Content-type: text/html; charset=utf-8');
session_start();
$viewed_homepage=$_SESSION['homepage'];
$login_username=$_POST['email'];
$login_username=strtolower($login_username);
$login_password=$_POST['password'];
$login_stay_logged_in=$_POST['stayloggedin'];
$login_form_submitted=$_POST['login_form_submit'];

/*if form has been submitted and the front page has been viewed*/
if($viewed_homepage=="viewed" && $login_form_submitted=="submitted"){
require_once 'db_select.php';
require_once 'function.php';

/*Connect to DB*/
$LoginDB = $db->connect('mysqli', 'persist', 'db418598519');

/*Encode - Sanitize user input for query*/
$sanitized_email = $LoginDB->mysqli_sanitize($login_username);
$encoded_password = $LoginDB->kam3($login_password);

/*run query*/
$result = $LoginDB->query("SELECT * FROM user WHERE email_address='$sanitized_email' AND password='$encoded_password'");
$num_rows = $result->num_rows;
$rows = $result->fetch_assoc();

/*Close Database Connection*/
$LoginDB->close();

/*If user matches a database entry log-in*/
if(($num_rows==1) && ($rows["email_address"]==$sanitized_email && $rows["password"]==$encoded_password)){

/*Set Session/Cookie data to stay logged in*/
$_SESSION['username']=$sanitized_email;
$_SESSION['password']=$encoded_password;
$_SESSION['user_id']=$rows['id'];

/*If selected, Set Cookies*/
if($login_stay_logged_in=="yes"){
/*Connect to DB to insert cookie key*/
$CookieDB = $db->connect('mysqli', 'persist', 'db418598519');

/*Generate key, encode username, and get current time for cookies */
$hased_value = kam3(md5(generatepassword(6)));
$hashed_username = md5s($rows["email_address"]);
$time = time();
setcookie("knxn_hash", $hased_value, time()+(86400*180), "/", "beta.area51entertainment.com",false,false);
setcookie("knxn_username", $hased_username, time()+(86400*180), "/", "beta.area51entertainment.com",false,false);
setcookie("knxn_visited", $time, time()+(86400*180), "/", "beta.area51entertainment.com",false,false);
}

/*Unset error alert for log-in form*/
unset($_SESSION['login_error']);

/*redirect to dashboard*/
header("Location: /?p=newsstream");
}
else{
/*redirect to index.php with error message*/
$_SESSION['login_error']="error";
header("Location: ./");
}
}
else{
/*redirect to index.php if submission didn't originate from log-in form on index.php*/
header("Location: ./");
}
?>

 

 

Logout.php

<?php
header('Content-type: text/html; charset=utf-8');
session_start();

/*Unset and destroy users session data*/
if(isset($_SESSION['username'])){
unset($_SESSION['username']);
unset($_SESSION['password']);
unset($_SESSION['user_id']);
unset($_SESSION['homepage']);
session_destroy();

header("location: ./");
}
else{
header("location: ./");
}
?>

Link to comment
https://forums.phpfreaks.com/topic/264471-log-inlog-out/
Share on other sites

Alright, just tried echoing everything out, and everything is doing what it should, still getting magically logged in when I have the redirects in place though.

 

echoing out all the log-in information in login.php displays the information when details are entered, and shows no details when no details are entered.

 

Echoing everything out in logout.php after everything is unset shows a blank page, as expected.

Link to comment
https://forums.phpfreaks.com/topic/264471-log-inlog-out/#findComment-1355333
Share on other sites

Alright, I made a test.php... If I log-in, then manually type in test.php in the address bar, it loads and displays the $_SESSION['username']. Then I manually type in logout.php, and it displays the $_SESSION['username']... but if I try to access it directly though a link, like the sign-out link, it doesn't show it.

Link to comment
https://forums.phpfreaks.com/topic/264471-log-inlog-out/#findComment-1355338
Share on other sites

  // Delete the hash, username and visited cookies by setting their expiration's to an hour ago (3600)
  setcookie('knxn_hash', ' ', time() - 3600);
  setcookie('knxn_username', ' ', time() - 3600);
  setcookie('knxn_visited', ' ',time() -3600)

 

Just curious if you're deleting the cookies if the user isn't selecting stay logged in, even still you should make them expire 30 days out or so. Is the form defaulting to selected for the stay logged in box? If you've tested it checked then your going to be able to log out and back in without any issues, you'd have to clear your browser data.

Link to comment
https://forums.phpfreaks.com/topic/264471-log-inlog-out/#findComment-1355341
Share on other sites

  // Delete the hash, username and visited cookies by setting their expiration's to an hour ago (3600)
  setcookie('knxn_hash', ' ', time() - 3600);
  setcookie('knxn_username', ' ', time() - 3600);
  setcookie('knxn_visited', ' ',time() -3600)

 

Just curious if you're deleting the cookies if the user isn't selecting stay logged in, even still you should make them expire 30 days out or so. Is the form defaulting to selected for the stay logged in box? If you've tested it checked then your going to be able to log out and back in without any issues, you'd have to clear your browser data.

 

I'm not worried about the cookies right now. They're not being set because I couldn't get them to work, and I disabled the option on the log-in form for the time being.

 

 

I turned error reporting on in logout.php and I'm getting this:

 

Notice: Undefined index: username

Link to comment
https://forums.phpfreaks.com/topic/264471-log-inlog-out/#findComment-1355343
Share on other sites

if (isset($_SESSION['user_id']) && isset($_SESSION['username']) &&  isset($_SESSION['password']) &&!empty($_SESSION['user_id']) && !empty($_SESSION['username']) && !empty($_SESSION['password'])) {

// Execute code here

} else {

// do redirect
}

 

The page that the login for redirects to should check for the session data or redirect back to the login page, I want to see if the session data is being deleted properly. The above code will check that the session is set and that the values are not empty then proceed. Pretty late here and my brain is mush, hope you get it solved soon, make sure to echo all variables to verify they are correct as stated above and then move piece by piece over the code to help debug any issues with mistyping etc..

 

I don't know what the redirect page has for code so I'm hoping your checking the data like above :)

Link to comment
https://forums.phpfreaks.com/topic/264471-log-inlog-out/#findComment-1355352
Share on other sites

I throw in a unset($_SESSION['username']; in the login.php

 

<?php
header('Content-type: text/html; charset=utf-8');
session_start();
$viewed_homepage=$_SESSION['homepage'];
$login_username=$_POST['email'];
$login_username=strtolower($login_username);
$login_password=$_POST['password'];
$login_stay_logged_in=$_POST['stayloggedin'];
$login_form_submitted=$_POST['login_form_submit'];

/*if form has been submitted and the front page has been viewed*/
if($viewed_homepage=="viewed" && $login_form_submitted=="submitted"){
require_once 'db_select.php';
require_once 'function.php';

/*Connect to DB*/
$LoginDB = $db->connect('mysqli', 'persist', 'db418598519');

/*Encode - Sanitize user input for query*/
$sanitized_email = $LoginDB->mysqli_sanitize($login_username);
$encoded_password = $LoginDB->kam3($login_password);

/*run query*/
$result = $LoginDB->query("SELECT * FROM user WHERE email_address='$sanitized_email' AND password='$encoded_password'");
$num_rows = $result->num_rows;
$rows = $result->fetch_assoc();

/*Close Database Connection*/
$LoginDB->close();

/*If user matches a database entry log-in*/
if(($num_rows==1) && ($rows["email_address"]==$sanitized_email && $rows["password"]==$encoded_password)){

/*Set Session/Cookie data to stay logged in*/
$_SESSION['username']=$sanitized_email;
$_SESSION['password']=$encoded_password;
$_SESSION['user_id']=$rows['id'];

/*If selected, Set Cookies*/
if($login_stay_logged_in=="yes"){
/*Connect to DB to insert cookie key*/
$CookieDB = $db->connect('mysqli', 'persist', 'db418598519');

/*Generate key, encode username, and get current time for cookies */
$hased_value = kam3(md5(generatepassword(6)));
$hashed_username = md5s($rows["email_address"]);
$time = time();
setcookie("knxn_hash", $hased_value, time()+(86400*180), "/", "beta.area51entertainment.com",false,false);
setcookie("knxn_username", $hased_username, time()+(86400*180), "/", "beta.area51entertainment.com",false,false);
setcookie("knxn_visited", $time, time()+(86400*180), "/", "beta.area51entertainment.com",false,false);
}

/*Unset error alert for log-in form*/
unset($_SESSION['login_error']);


/*redirect to dashboard*/
header("Location: /?p=newsstream");
}
else{
/*redirect to index.php with error message*/
$_SESSION['login_error']="error";
unset($_SESSION['username']);
header("Location: ./");
}
}
else{
/*redirect to index.php if submission didn't originate from log-in form on index.php*/
header("Location: ./");
}
?>

 

Seems to be working correctly that way.

Link to comment
https://forums.phpfreaks.com/topic/264471-log-inlog-out/#findComment-1355354
Share on other sites

Well it's not quite working correctly. Right now if I log-in, it'll change the top menu bar, and if I directly access the rewritten URLs (using mod_rewrite) via browser address bar, such as /home it loads fine... but if I access it via a link with /home it logs me out. But right now I guess it's good enough to do development...

Link to comment
https://forums.phpfreaks.com/topic/264471-log-inlog-out/#findComment-1355374
Share on other sites

I think this whole issue might be non-www. vs. www. issue...

 

How would I make sure everything uses one or the other?

 

It seems as though the session is getting set on www. (if the users access via www.) and redirected to www.kynxin.com/newsstream, but the links in my site are for non-www.

 

So I need something to set something so the site always uses one or the other.

Link to comment
https://forums.phpfreaks.com/topic/264471-log-inlog-out/#findComment-1355379
Share on other sites

Mod_Rewrite Solved:

RewriteCond %{HTTP_HOST} !^www [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

 

Solved the log-in/out issue as well.

Turns out the sessions themselves were fine, it was the SessionID cookie being written as non-www to the browser.

Link to comment
https://forums.phpfreaks.com/topic/264471-log-inlog-out/#findComment-1355380
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.