How do I make a logout button?

[kir]

I am not the best at php.. I just need a button that will log the user out. The code that I have for the login is below:

-----------------------------------------------------------------------------

<?php$connection = mysql_connect("localhost", "root", "") or die("Couldn't connect to server!");mysql_select_db("test", $connection) or die("Couldn't connect to database! :(");error_reporting (E_ALL ^ E_NOTICE);session_start(); if ($_POST['loginbtn']){if ($_POST['username'] && $_POST['password']){$username = mysql_real_escape_string($_POST['username']);$password = mysql_real_escape_string(hash("sha512", $_POST['password']));$user = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `Username` ='$username'"));if ($user == '0'){die("That username no exist  Try making <i>$username</i> today! <a href='login4.php'>← Back</a>"); }if ($user['Password'] != $password){die("Incorrect password! <a href='login3.php'>← Back</a>");}$salt = hash("sha512", rand() . rand() . rand());setcookie("c_user", hash("sha512", $username), time() +24 * 60 * 60, "/");setcookie("c_salt", $salt, time() + 24 * 60 * 60, "/");$userID = $user['ID'];mysql_query("UPDATE `users` SET `Salt`='$salt' WHERE `ID`=$userID'");die("You are now logged in as $username!");} } include "algor.php"; if ($logged==true)die("You are already logged in! <a href='logout.php'>Log Out</a>"); ?><!DOCTYPE html PUBLIC><html><head><title>QAM-Login</title>        <meta name="viewport" content="width=device-width, initial-scale=1.0">        <link href="css/bootstrap.min.css" rel="stylesheet" media="screen"></head><body><br>             <div class="alert alert-danger">                 <strong>Warning</strong> This page is still under construction!            </div><br> <form action='./login3.php' method='post'><table> <div class="col-sm-6"><tr><td><input type='text' name='username' placeholder="Username" /></td></tr></div> <tr><td><input type='password' name='password' placeholder="Password" /></td></tr> <tr><imput type='submit' value='Login2' /><td><p style="line-height: 1px; text-align: center;"><button type="submit" class="btn btn-primary btn" name='loginbtn' value='Login'>Login</button></p></td></tr><tr><td><p style="text-align: center"><a class="btn btn-info btn-xs" href="#readmore">Help / Forgot Password</a></td></tr><tr><td><p style="text-align: center"><a class="btn btn-info btn-xs" href="register.php">Register</a></td></tr></tr></table></form> ?><script src="//code.jquery.com/jquery.js"></script>        <script src="js/bootstrap.min.js"></script></body></html>

 

So I need to create the login.php file

Edited April 29, 2014 by kir

[Jacques1]

Hi,

 

this code is pretty weird. I think you should fix it before you do anything else.

• How is this a login? I don't see you doing anything with the session. I hope you don't use the cookies for authentication? Because those can easily forged by anybody, so the first thing people will do is take over the admin account.
• The mysql_* functions you're using are obsolete since more than a decade and will be removed in the future. Nowadays, we use PDO or MySQLi.
• Using SHA-512 to hash passwords is completely ineffective. An average gaming PC can easily calculate hundreds of millions of SHA-512 hashes per second and find out almost any password simply by trying out a lot of combinations. You need a hash algorithm specifically designed for password protection.
• What are all those strange random numbers and cookies supposed to do?

[kir]

 

Hi,

 

this code is pretty weird. I think you should fix it before you do anything else.

• How is this a login? I don't see you doing anything with the session. I hope you don't use the cookies for authentication? Because those can easily forged by anybody, so the first thing people will do is take over the admin account.
• The mysql_* functions you're using are obsolete since more than a decade and will be removed in the future. Nowadays, we use PDO or MySQLi.
• Using SHA-512 to hash passwords is completely ineffective. An average gaming PC can easily calculate hundreds of millions of SHA-512 hashes per second and find out almost any password simply by trying out a lot of combinations. You need a hash algorithm specifically designed for password protection.
• What are all those strange random numbers and cookies supposed to do?

 

I'm really new at this and this is the first time I was actually able to connect to the database.  If you would be willing to help me re write the code so that it works better that would be awesome!

[Jacques1]

I gave you two links which explain the basics of accessing a database and hashing a password in a very simple way with plenty of examples. I suggest you read them and try things out yourself. If there's something particular you don't understand, simply ask.

 

But I can't do the learning for you.

[kir]

I gave you two links which explain the basics of accessing a database and hashing a password in a very simple way with plenty of examples. I suggest you read them and try things out yourself. If there's something particular you don't understand, simply ask.

 

But I can't do the learning for you.

Ok thanks!

[Clarkey]

Make a new file called logout.php which contains..

<?php
  session_start();
  session_destroy();
  print '<meta http-equiv="refresh" content="0;url=http://google.com">';
?>

Then just make a <a href=""> to logout.php

 

EDIT: Didn't read the other replies. If your not doing anything decent with your sessions then this won't work. Read: http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL

Edited April 30, 2014 by Clarkey

[Jacques1]

A redirect is done with a Location header:

header('Location: https://yoursite.com/some_page');
exit;