Jump to content

Recommended Posts

I am not the best at php.. I just need a button that will log the user out. The code that I have for the login is below:

-----------------------------------------------------------------------------

<?php$connection = mysql_connect("localhost", "root", "") or die("Couldn't connect to server!");mysql_select_db("test", $connection) or die("Couldn't connect to database! :(");error_reporting (E_ALL ^ E_NOTICE);session_start(); if ($_POST['loginbtn']){if ($_POST['username'] && $_POST['password']){$username = mysql_real_escape_string($_POST['username']);$password = mysql_real_escape_string(hash("sha512", $_POST['password']));$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `Username` ='$username'"));if ($user == '0'){die("That username no exist  Try making <i>$username</i> today! <a href='login4.php'>← Back</a>"); }if ($user['Password'] != $password){die("Incorrect password! <a href='login3.php'>← Back</a>");}$salt = hash("sha512", rand() . rand() . rand());setcookie("c_user", hash("sha512", $username), time() +24 * 60 * 60, "/");setcookie("c_salt", $salt, time() + 24 * 60 * 60, "/");$userID = $user['ID'];mysql_query("UPDATE `users` SET `Salt`='$salt' WHERE `ID`=$userID'");die("You are now logged in as $username!");} } include "algor.php"; if ($logged==true)die("You are already logged in! <a href='logout.php'>Log Out</a>"); ?><!DOCTYPE html PUBLIC><html><head><title>QAM-Login</title>        <meta name="viewport" content="width=device-width, initial-scale=1.0">        <link href="css/bootstrap.min.css" rel="stylesheet" media="screen"></head><body><br>             <div class="alert alert-danger">                 <strong>Warning</strong> This page is still under construction!            </div><br> <form action='./login3.php' method='post'><table> <div class="col-sm-6"><tr><td><input type='text' name='username' placeholder="Username" /></td></tr></div> <tr><td><input type='password' name='password' placeholder="Password" /></td></tr> <tr><imput type='submit' value='Login2' /><td><p style="line-height: 1px; text-align: center;"><button type="submit" class="btn btn-primary btn" name='loginbtn' value='Login'>Login</button></p></td></tr><tr><td><p style="text-align: center"><a class="btn btn-info btn-xs" href="#readmore">Help / Forgot Password</a></td></tr><tr><td><p style="text-align: center"><a class="btn btn-info btn-xs" href="register.php">Register</a></td></tr></tr></table></form> ?><script src="//code.jquery.com/jquery.js"></script>        <script src="js/bootstrap.min.js"></script></body></html>

 
So I need to create the login.php file
Edited by kir
Link to comment
https://forums.phpfreaks.com/topic/288102-how-do-i-make-a-logout-button/
Share on other sites

Hi,

 

this code is pretty weird. I think you should fix it before you do anything else.

  • How is this a login? I don't see you doing anything with the session. I hope you don't use the cookies for authentication? Because those can easily forged by anybody, so the first thing people will do is take over the admin account.
  • The mysql_* functions you're using are obsolete since more than a decade and will be removed in the future. Nowadays, we use PDO or MySQLi.
  • Using SHA-512 to hash passwords is completely ineffective. An average gaming PC can easily calculate hundreds of millions of SHA-512 hashes per second and find out almost any password simply by trying out a lot of combinations. You need a hash algorithm specifically designed for password protection.
  • What are all those strange random numbers and cookies supposed to do?

 

Hi,

 

this code is pretty weird. I think you should fix it before you do anything else.

  • How is this a login? I don't see you doing anything with the session. I hope you don't use the cookies for authentication? Because those can easily forged by anybody, so the first thing people will do is take over the admin account.
  • The mysql_* functions you're using are obsolete since more than a decade and will be removed in the future. Nowadays, we use PDO or MySQLi.
  • Using SHA-512 to hash passwords is completely ineffective. An average gaming PC can easily calculate hundreds of millions of SHA-512 hashes per second and find out almost any password simply by trying out a lot of combinations. You need a hash algorithm specifically designed for password protection.
  • What are all those strange random numbers and cookies supposed to do?

 

I'm really new at this and this is the first time I was actually able to connect to the database.  If you would be willing to help me re write the code so that it works better that would be awesome!

I gave you two links which explain the basics of accessing a database and hashing a password in a very simple way with plenty of examples. I suggest you read them and try things out yourself. If there's something particular you don't understand, simply ask.

 

But I can't do the learning for you.

I gave you two links which explain the basics of accessing a database and hashing a password in a very simple way with plenty of examples. I suggest you read them and try things out yourself. If there's something particular you don't understand, simply ask.

 

But I can't do the learning for you.

Ok thanks!

Make a new file called logout.php which contains..

<?php
  session_start();
  session_destroy();
  print '<meta http-equiv="refresh" content="0;url=http://google.com">';
?>

Then just make a <a href=""> to logout.php

 

EDIT: Didn't read the other replies. If your not doing anything decent with your sessions then this won't work. Read: http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL

Edited by Clarkey
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.