mroberts46 Posted June 22, 2012 Author Share Posted June 22, 2012 I removed the connect.php file (or at least I think I did) and attached the .zip file containing all the files in use. I then saw that my file was too big to upload (3.04MB). In using the development tools I was at least able to see that the session isn't traveling across pages. I can delete the cookie on all pages, log in on one and still have a log in form on the other. There is a block of code similar to what you mentioned in your last post that looks like this: if (logged_in() === true) { $session_user_id = $_SESSION{'id'}; $user_data = user_data($session_user_id, 'id', 'username', 'password', 'first', 'last', 'email'); if (user_active($user_data['username']) === false) { session_destroy(); header('Location: index.php'); exit(); } } After doing another test of it, when I log in on one page and go to another and refresh that page, it reflects me being logged in. When I log out, however, it redirects my to index.php like it should but it keeps me logged in. Here are the files: init.php : <?php session_start(); //error_reporting(0); require 'database/connect.php'; require 'functions/general.php'; require 'functions/users.php'; if (logged_in() === true) { $session_user_id = $_SESSION{'id'}; $user_data = user_data($session_user_id, 'id', 'username', 'password', 'first', 'last', 'email'); if (user_active($user_data['username']) === false) { session_destroy(); header('Location: index.php'); exit(); } } $errors = array(); ?> general.php: <?php function sanitize($data) { return mysql_real_escape_string($data); } function output_errors($errors) { $output = array(); foreach($errors as $error) { $output[] = '<li>' . $error . '</li>'; } return '<ul>' . implode('', $output) . '</ul>'; } ?> users.php: <?php function user_data($user_id) { $data = array(); $user_id = (int)$user_id; $func_num_args = func_num_args(); $func_get_args = func_get_args(); if ($func_num_args > 1) { unset($func_get_args[0]); $fields = '`' . implode('`, `', $func_get_args) . '`'; $data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `user` WHERE `id` = '$user_id'")); return $data; } } function logged_in() { return (isset($_SESSION['id'])) ? true : false; } function user_exists($username) { $username = sanitize($username); return (mysql_result(mysql_query("SELECT COUNT(`id`) FROM `user` WHERE `username` = '$username'"), 0) == 1) ? true : false; } function user_active($username) { $username = sanitize($username); return (mysql_result(mysql_query("SELECT COUNT(`id`) FROM `user` WHERE `username` = '$username' AND `active` = 1"), 0) == 1) ? true : false; } function user_id_from_username($username) { $username = sanitize($username); return mysql_result(mysql_query("SELECT `id` FROM `user` WHERE `username` = '$username'"), 0, 'id'); } function login($username, $password) { $user_id = user_id_from_username($username); $username = sanitize($username); $password = md5($password); return (mysql_result(mysql_query("SELECT COUNT(`id`) FROM `user` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $user_id : false; } ?> aside.php: <aside id="sidebar"> <aside class="widgets"> <?php if (logged_in() === true) { include 'includes/widgets/loggedin.php'; } else { include 'includes/widgets/login.php'; } ?> </aside> <aside class="other"> <header> <h1>Related Links</h1> </header> <nav id="side-links"> <li><a href="#">Sample Link</a></li> <li><a href="#">Sample Link</a></li> <li><a href="#">Sample Link</a></li> <li><a href="#">Sample Link</a></li> <li><a href="#">Sample Link</a></li> </nav> </aside> </aside> loggedin.php: <div class="widget"> <h1>Hello, <?php echo $user_data['first']; ?>!</h1> <div class="inner"> <nav id="side-links"> <li><a href="logout.php">Log Out</a></li> <li><a href="changepassword.php">Change Password</a></li> </nav> </div> </div> login.php: <div class="widget"> <h1>Log In</h1> <div class="inner"> <form action="login.php" id="login" method="post"> <fieldset id="inputs"> <input autocomplete="on" autofocus id="username" name="user" placeholder="Username" required type="text"> <input autocomplete="on" id="pass" name="password" placeholder="Password" required type="password"> </fieldset> <fieldset id="actions"> <input id="submit" type="submit" value="Log In"> <a href="register.php">Register</a> <a href="">Forgot Password?</a> </fieldset> </form> </div> </div> logout.php: <?php session_start(); unset($_SESSION['id']); session_destroy(); header('Location: index.php'); ?> I think that's all the files relating to this issue. It's driving me nuts that I've spent the entire day working on logging a user out. I thought sure this would be a quick fix. Quote Link to comment Share on other sites More sharing options...
mroberts46 Posted June 22, 2012 Author Share Posted June 22, 2012 At least here I can see where I might have an issue however I still don't know what to do to fix it. I noticed in users.php that all of the functions are green except for function logged_in(). That, to me, says that there must be something wrong with the function above it. Do you see any errors in that function? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 22, 2012 Share Posted June 22, 2012 It would probably be a good idea if you shared what this script is from? I'm guessing you didn't write this, but are trying to debug it. You are trying to sneak up on a problem, by posting snippets that you think are where the problem is, but debugging code doesn't work that way, especially if you are not the one doing the debugging and you want someone in a help forum to actually help you without it taking three pages of posts to pin down the problem. Nothing you posted above is identified as being in or for index.php. Without that whole picture, no one here can possibly help you. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 22, 2012 Share Posted June 22, 2012 I noticed in users.php that all of the functions are green except for function logged_in(). That, to me, says that there must be something wrong with the function above it. If your code runs without any php syntax or sql syntax errors, any highlighting anomalies are due to the forum software. Quote Link to comment Share on other sites More sharing options...
mroberts46 Posted June 22, 2012 Author Share Posted June 22, 2012 I following along with a video tutorial series on creating an Admin/Login/Registration System. The series is 44 videos long but I'm just on video 13. I have broken down index.php into smaller files that are included as needed. I there were some way to send or post the zip file you'd be better able to see the file structure. Of course doing it this way causes a major headache when debugging. index.php: <?php include 'core/init.php'; include 'includes/overall/header.php'; ?> <div id="container"> <section id="slider"> </section> <?php include 'includes/aside.php'; ?> <section id="content"> <header> <hgroup> <h1>Welcome</h1> <h2>to the official website of the Alcorn Alumnae Chapter (Lorman, MS) of Delta Sigma Theta Sorority, Incorporated.</h2> </hgroup> </header> <p class="dropcaps">The Alcorn Alumnae Chapter of Delta Sigma Theta Sorority, Incorporated was chartered in February of 1960 by fourteen (14) college educated women. Their mission was to provide constructive development of its members and to provide service to the communities of Claiborne and Jefferson Counties in southwest Mississippi. That mission continues today as we partner with various community-based organizations to provide programs and services beneficial to our primary service areas.</p> <hr /> <figure style="float: left;"> <a href="http://www.deltasigmatheta.org/home.htm"> <img alt="Delta Sigma Theta Corporate Homepage" src="resources/images/corporate.png" style="height: 125px;" /></a> <figcaption> <p><a href="http://www.deltasigmatheta.org/home.htm">Corporate Site</a><br /> <small>Visit our corporate site</small></p> </figcaption> </figure> <figure style="float: left;"> <a href="http://www.deltasigmatheta.org/centennial/index.htm"> <img alt="Delta Sigma Theta Centennial Site" src="resources/images/centennial.png" style="height: 125px;" /></a> <figcaption> <p> <a href="http://www.deltasigmatheta.org/centennial/index.htm"> Centennial Site</a><br /> <small>Celebrating our rich history</small></p> </figcaption> </figure> <figure style="float: left;"> <a href="http://thewomengather.com/"> <img alt="Delta Sigma Theta International Conference Homepage" src="resources/images/international-conference.png" style="height: 125px;" /> </a> <figcaption> <p><a href="http://thewomengather.com/">International Conference</a><br /> <small>Secrets Breaking The Culture of Silence</small></p> </figcaption> </figure> </section> <div style="clear:both"></div> </div> <?php include 'includes/overall/footer.php'; ?> core/init.php: <?php session_start(); //error_reporting(0); require 'database/connect.php'; require 'functions/general.php'; require 'functions/users.php'; if (logged_in() === true) { $session_user_id = $_SESSION{'id'}; $user_data = user_data($session_user_id, 'id', 'username', 'password', 'first', 'last', 'email'); if (user_active($user_data['username']) === false) { session_destroy(); header('Location: index.php'); exit(); } } $errors = array(); ?> functions/general.php: <?php function sanitize($data) { return mysql_real_escape_string($data); } function output_errors($errors) { $output = array(); foreach($errors as $error) { $output[] = '<li>' . $error . '</li>'; } return '<ul>' . implode('', $output) . '</ul>'; } ?> functions/users.php: <?php function user_data($user_id) { $data = array(); $user_id = (int)$user_id; $func_num_args = func_num_args(); $func_get_args = func_get_args(); if ($func_num_args > 1) { unset($func_get_args[0]); $fields = '`' . implode('`, `', $func_get_args) . '`'; $data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `user` WHERE `id` = '$user_id'")); } return $data; } function logged_in() { return (isset($_SESSION['user_id'])) ? true : false; } function user_exists($username) { $username = sanitize($username); return (mysql_result(mysql_query("SELECT COUNT(`id`) FROM `user` WHERE `username` = '$username'"), 0) == 1) ? true : false; } function user_active($username) { $username = sanitize($username); return (mysql_result(mysql_query("SELECT COUNT(`id`) FROM `user` WHERE `username` = '$username' AND `active` = 1"), 0) == 1) ? true : false; } function user_id_from_username($username) { $username = sanitize($username); return mysql_result(mysql_query("SELECT `id` FROM `user` WHERE `username` = '$username'"), 0, 'id'); } function login($username, $password) { $user_id = user_id_from_username($username); $username = sanitize($username); $password = md5($password); return (mysql_result(mysql_query("SELECT COUNT(`id`) FROM `user` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $user_id : false; } ?> overall/header.php: <!DOCTYPE HTML> <html> <?php include 'includes/head.php'; ?> <body> <?php include 'includes/header.php'; ?> This just the <head> section of the html and the masthead of the page along with the main menu. No php code in any of the included files here. All HTML. includes/aside.php: <aside id="sidebar"> <aside class="widgets"> <?php if (logged_in() === false) { include 'includes/widgets/login.php'; } else if (logged_in() === true) { include 'includes/widgets/loggedin.php'; } ?> </aside> <aside class="other"> <header> <h1>Related Links</h1> </header> <nav id="side-links"> <li><a href="#">Sample Link</a></li> <li><a href="#">Sample Link</a></li> <li><a href="#">Sample Link</a></li> <li><a href="#">Sample Link</a></li> <li><a href="#">Sample Link</a></li> </nav> </aside> </aside> widgets/login.php: <div class="widget"> <h1>Log In</h1> <div class="inner"> <form action="login.php" id="login" method="post"> <fieldset id="inputs"> <input autocomplete="on" autofocus id="username" name="user" placeholder="Username" required type="text"> <input autocomplete="on" id="pass" name="password" placeholder="Password" required type="password"> </fieldset> <fieldset id="actions"> <input id="submit" type="submit" value="Log In"> <a href="register.php">Register</a> <a href="">Forgot Password?</a> </fieldset> </form> </div> </div> widgets/loggedin.php: <div class="widget"> <h1>Hello, <?php echo $user_data['first']; ?>!</h1> <div class="inner"> <nav id="side-links"> <li><a href="logout.php">Log Out</a></li> <li><a href="changepassword.php">Change Password</a></li> </nav> </div> </div> login.php: <?php include 'core/init.php'; if (empty($_POST)=== false) { $username = $_POST['user']; $password = $_POST['password']; if (empty($username) === true || empty($password) === true) { $errors[] = 'You must enter username and password'; } else if (user_exists($username) === false) { $errors[] = 'Username not found'; } else if (user_active($username) === false) { $errors[] = 'You must activate your account before you may login'; } else { $login = login($username, $password); if ($login === false) { $errors[] = 'The username/password combination you have entered is incorrect'; } else { $_SESSION['user_id'] = $login; header('Location: index.php'); exit(); } } } else { $errors[] = 'No data received.'; } include 'includes/overall/header.php'; if (empty($errors) === false) { ?> <div id="container"> <?php include 'includes/aside.php'; ?> <section id="content"> <h1>We tried to log you in but ...</h1> <?php echo output_errors($errors); } ?> </section> <div style="clear:both"></div> </div> <?php include 'includes/overall/footer.php'; ?> This processes the widgets/login.php login form. logout.php: <?php session_start(); unset($_SESSION['user_id']); session_destroy(); header('Location: index.php'); ?> One of the main things that I liked about this video tutorial is the fact that everything that makes the site work is in an included file instead of in the file itself. This is a benefit since the site is being turned over to people with not web development training. The pages themselves are designed so that all they will have to do is type in there information and post the site. I didn't realize when taking on this project that I would run into quite so much trouble with it. Having never worked with or even looked at PHP until this project, I almost feel like I'm in over my head but I pick up on the concepts faster than anyone else who has access to this project so it fell into my lap. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 22, 2012 Share Posted June 22, 2012 The only specific problem I can see is in core/init.php. The following line - $session_user_id = $_SESSION{'id'}; should probably be - $session_user_id = $_SESSION['user_id']; I actually ran your code, bypassing what I don't have, and log in and log out works as expected, as far as I can tell. Do you have php's error_reporting set to E_ALL and display_errors set to ON in your master php.ini so that ALL the php detected errors will be reported and displayed? Quote Link to comment Share on other sites More sharing options...
mroberts46 Posted June 23, 2012 Author Share Posted June 23, 2012 Yes. I just ran the page again and was able to log in and out. However, this test was done only on one page (index.php) and I had to refresh the page in order to see the login form again. When I tried logging in and changing to another page, I had to refresh the page to see that I was logged in. Same thing with logging out. If I click Log Out for a second time without refreshing the page first, when I do refresh the page, I am still logged in. How do I fix this? Quote Link to comment Share on other sites More sharing options...
mroberts46 Posted June 23, 2012 Author Share Posted June 23, 2012 Also, I un-commented the error_reporting line in init.php and changed it to error_reporting(-1) and ran the page, ran through the logging in and out process, and got no errors. I did the same thing after changing the line to error_reporting(E_NOTICE) and got nothing. If there is no error or notices then why must I refresh the page in order to have the changes be reflected? In the last post in which I posted code, I supplied all of the included files with the exception of the files that only contained HTML code. In index.php, includes/overall/footer.php contains includes/footer.php (which is completely blank) and the closing body and html tags. overall/header.php contains includes/head.php (<head>, meta tags, link to stylesheet, link to jquery and modernizr scripts, and two modernizr tweaking scripts, </head>), includes/header.php (open body tag, logo, includes/navigation.php (just ul navigation)) Everything else is listed up there. The only other page I created is called register.php but since I haven't made it to that yet I'm using the content area to display phpinfo(). if you want to see for yourself the way the silly thing is behaving, go to: http://alcornalumnaedst.org/new_site/testing/index.php. I'll create an account for username(test) password(test). Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 23, 2012 Share Posted June 23, 2012 If you goto www.yourdomain.com and do this, A) Logout works as expected, B) But your logout redirect returns to an index2.php page. I suspect that you have some .htaccess redirecting and/or url rewriting going on and/or multiple logout.php pages and multiple index.php and index2.php pages. Quote Link to comment Share on other sites More sharing options...
mroberts46 Posted June 23, 2012 Author Share Posted June 23, 2012 For a temporary fix, I have found that redirecting to a different file (index2.php allows me to log in and out without refreshing the page. One known issue is that on index.php the logged in info still shows until you refresh the page. For now, though, I feel I can move on a little bit further. Quote Link to comment Share on other sites More sharing options...
mroberts46 Posted June 23, 2012 Author Share Posted June 23, 2012 Before I created the index2.php page, I had to refresh the page after loging out in order to get the login form back. Redirecting to index2.php seemed to fix that issue until I can figure out how to get it to work redirecting back to index.php without refreshing. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 23, 2012 Share Posted June 23, 2012 I have just been reviewing code you have been posting. You are changing which $_SESSION variable you are using all over the place. One time you post, it's $_SESSION['id'], the next time it's $_SESSION['user_id']. Until your code starts using the same variable everywhere, you are not going to get this to work. Quote Link to comment Share on other sites More sharing options...
mroberts46 Posted June 23, 2012 Author Share Posted June 23, 2012 When I changed it from 'id' to 'user_id' I made the change across the site, not to just one page. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.