kir Posted April 29, 2014 Share Posted April 29, 2014 (edited) I am not the best at php.. I just need a button that will log the user out. The code that I have for the login is below: ----------------------------------------------------------------------------- <?php$connection = mysql_connect("localhost", "root", "") or die("Couldn't connect to server!");mysql_select_db("test", $connection) or die("Couldn't connect to database! :(");error_reporting (E_ALL ^ E_NOTICE);session_start(); if ($_POST['loginbtn']){if ($_POST['username'] && $_POST['password']){$username = mysql_real_escape_string($_POST['username']);$password = mysql_real_escape_string(hash("sha512", $_POST['password']));$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `Username` ='$username'"));if ($user == '0'){die("That username no exist Try making <i>$username</i> today! <a href='login4.php'>← Back</a>"); }if ($user['Password'] != $password){die("Incorrect password! <a href='login3.php'>← Back</a>");}$salt = hash("sha512", rand() . rand() . rand());setcookie("c_user", hash("sha512", $username), time() +24 * 60 * 60, "/");setcookie("c_salt", $salt, time() + 24 * 60 * 60, "/");$userID = $user['ID'];mysql_query("UPDATE `users` SET `Salt`='$salt' WHERE `ID`=$userID'");die("You are now logged in as $username!");} } include "algor.php"; if ($logged==true)die("You are already logged in! <a href='logout.php'>Log Out</a>"); ?><!DOCTYPE html PUBLIC><html><head><title>QAM-Login</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link href="css/bootstrap.min.css" rel="stylesheet" media="screen"></head><body><br> <div class="alert alert-danger"> <strong>Warning</strong> This page is still under construction! </div><br> <form action='./login3.php' method='post'><table> <div class="col-sm-6"><tr><td><input type='text' name='username' placeholder="Username" /></td></tr></div> <tr><td><input type='password' name='password' placeholder="Password" /></td></tr> <tr><imput type='submit' value='Login2' /><td><p style="line-height: 1px; text-align: center;"><button type="submit" class="btn btn-primary btn" name='loginbtn' value='Login'>Login</button></p></td></tr><tr><td><p style="text-align: center"><a class="btn btn-info btn-xs" href="#readmore">Help / Forgot Password</a></td></tr><tr><td><p style="text-align: center"><a class="btn btn-info btn-xs" href="register.php">Register</a></td></tr></tr></table></form> ?><script src="//code.jquery.com/jquery.js"></script> <script src="js/bootstrap.min.js"></script></body></html> So I need to create the login.php file Edited April 29, 2014 by kir Quote Link to comment https://forums.phpfreaks.com/topic/288102-how-do-i-make-a-logout-button/ Share on other sites More sharing options...
Jacques1 Posted April 29, 2014 Share Posted April 29, 2014 Hi, this code is pretty weird. I think you should fix it before you do anything else. How is this a login? I don't see you doing anything with the session. I hope you don't use the cookies for authentication? Because those can easily forged by anybody, so the first thing people will do is take over the admin account. The mysql_* functions you're using are obsolete since more than a decade and will be removed in the future. Nowadays, we use PDO or MySQLi. Using SHA-512 to hash passwords is completely ineffective. An average gaming PC can easily calculate hundreds of millions of SHA-512 hashes per second and find out almost any password simply by trying out a lot of combinations. You need a hash algorithm specifically designed for password protection. What are all those strange random numbers and cookies supposed to do? Quote Link to comment https://forums.phpfreaks.com/topic/288102-how-do-i-make-a-logout-button/#findComment-1477575 Share on other sites More sharing options...
kir Posted April 29, 2014 Author Share Posted April 29, 2014 Hi, this code is pretty weird. I think you should fix it before you do anything else. How is this a login? I don't see you doing anything with the session. I hope you don't use the cookies for authentication? Because those can easily forged by anybody, so the first thing people will do is take over the admin account. The mysql_* functions you're using are obsolete since more than a decade and will be removed in the future. Nowadays, we use PDO or MySQLi. Using SHA-512 to hash passwords is completely ineffective. An average gaming PC can easily calculate hundreds of millions of SHA-512 hashes per second and find out almost any password simply by trying out a lot of combinations. You need a hash algorithm specifically designed for password protection. What are all those strange random numbers and cookies supposed to do? I'm really new at this and this is the first time I was actually able to connect to the database. If you would be willing to help me re write the code so that it works better that would be awesome! Quote Link to comment https://forums.phpfreaks.com/topic/288102-how-do-i-make-a-logout-button/#findComment-1477577 Share on other sites More sharing options...
Jacques1 Posted April 29, 2014 Share Posted April 29, 2014 I gave you two links which explain the basics of accessing a database and hashing a password in a very simple way with plenty of examples. I suggest you read them and try things out yourself. If there's something particular you don't understand, simply ask. But I can't do the learning for you. Quote Link to comment https://forums.phpfreaks.com/topic/288102-how-do-i-make-a-logout-button/#findComment-1477578 Share on other sites More sharing options...
kir Posted April 29, 2014 Author Share Posted April 29, 2014 I gave you two links which explain the basics of accessing a database and hashing a password in a very simple way with plenty of examples. I suggest you read them and try things out yourself. If there's something particular you don't understand, simply ask. But I can't do the learning for you. Ok thanks! Quote Link to comment https://forums.phpfreaks.com/topic/288102-how-do-i-make-a-logout-button/#findComment-1477649 Share on other sites More sharing options...
Clarkey Posted April 30, 2014 Share Posted April 30, 2014 (edited) Make a new file called logout.php which contains.. <?php session_start(); session_destroy(); print '<meta http-equiv="refresh" content="0;url=http://google.com">'; ?> Then just make a <a href=""> to logout.php EDIT: Didn't read the other replies. If your not doing anything decent with your sessions then this won't work. Read: http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL Edited April 30, 2014 by Clarkey Quote Link to comment https://forums.phpfreaks.com/topic/288102-how-do-i-make-a-logout-button/#findComment-1477696 Share on other sites More sharing options...
Jacques1 Posted April 30, 2014 Share Posted April 30, 2014 A redirect is done with a Location header: header('Location: https://yoursite.com/some_page'); exit; Quote Link to comment https://forums.phpfreaks.com/topic/288102-how-do-i-make-a-logout-button/#findComment-1477707 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.