PHP Login Script Issues

[Jessica1231234]

Hi,

 

 

I am having an issue with php login/logout script. The script works fine but the issue is the logout function doesnt seem to work and the user stays constantly logged in. Although i dont think the problem is the logout script.

 

 

 

 Login form (in page header):

 

<div class="loginform">
<form name="input" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" >

 <b>Username:</b> <input type="text" name="liusername">
 <b>Password:</b> <input type="password" name="lipassword">
 <input type="submit" value="Login" name="lisubmit">

 </form>
 
 

<?php
if ($_SESSION['loggedin'] == true){
echo "<p>You are logged in</p>\n";
}

else{
    
echo "<p>You are NOT logged in</p>\n";
}
?>
</div>

 

 

 

 

PHP authenticate (in page top)

 

<?php



if (isset($_POST['lisubmit'])) ;
    
    
    $query = "SELECT user_id, user_password FROM user WHERE user_username = '".$_POST['liusername']."'";

    $result = mysql_query($query) or die (mysql_error());

    $row = mysql_fetch_array($result);

    
    
    if ($row['user_password'] == $_POST['lipassword']){
    $_SESSION['loggedin'] = true;
    $_SESSION['id'] = $row['user_id'];
    
    
    }else{
        
    $_SESSION['loggedin'] = false;
    $_SESSION['id'] = 0;
    }



?>

 

 

 

Logout script (in logout)

 

 

<?php
session_start();
$_SESSION['loggedin'] = false;
$_SESSION = array();
session_destroy();

header('Location: index.php');


?>

 

 

 

Im truely stuck on this which is why ive come to you guys. If it helps ive done a little testing and i think the problem may be due to the id is not being stored in the session for some reason if that helps. Thanks!!

Edited April 17, 2014 by Jessica1231234

[Jessica1231234]

Anyone have any ideas? So close but so far

[jazzman1]

where do you set a session_start() for logged in users?

[Jessica1231234]

Hi, there is a session_start() at the top of index.php if that is what you mean

[Jessica1231234]

Ive been struggling with this the last few days and i just cant figure it out :/

[jazzman1]

Put the following code at top of every file ( template ) where you called a session.

ini_set('display_startup_errors',1);
ini_set('display_errors',1);
error_reporting(-1);

You need to set a session_start() to first and second code you're  provided above. If you're using one centralized "controler" file that includes all other files you don't have to, but since I don't know how the code is designed i can't tell you much more on that, just check for errors using php error reporting functions.  

[Jessica1231234]

I have start session above any page that uses sessions and i use include files. Its still not working

[mac_gyver]

your posted snippets of code don't tell us the full story of what the code is doing on the page. best guess is you have some code somewhere that's using one = sign in a comparison statement, which is setting $_SESSION['loggedin'] = true, rather than testing if $_SESSION['loggedin'] == true. it's also possible that your logout script is using a different variation of your domain name in the url (one with with and the other with out the www. on it) and the session it is trying to clear isn't the same session as the one your login code created.

 

please post all the code making up your index.php page (less any database credentials) and i would recommend echoing the session_id() value on both your index and logout web pages to see if the session being operated on is the same one.