Logging out multiple users on one click

[PNewCode]

Hello,

I have a chat system where I need the ability to log out all users at the end of the meeting. They can do this individually, however most of them neglect to do so and it is necessary for other purposes. Below is the link they have individually to log out. How could I edit this so that I can add it on my ADMIN page, and log out ALL of the people in the "unique_id" column of the database?

<a href="php/logout.php?logout_id=<?php echo $row['unique_id']; ?>" class="logout">Logout</a>

And here is the logout page php

 

<?php
    session_set_cookie_params(0);
    session_start();
    if(isset($_SESSION['unique_id'])){
        include_once "config.php";
        $logout_id = mysqli_real_escape_string($conn, $_GET['logout_id']);
        if(isset($logout_id)){
            $status = "Offline now";
            $sql = mysqli_query($conn, "UPDATE users SET status = '{$status}' WHERE unique_id={$_GET['logout_id']}");
            if($sql){
                session_unset();
                session_destroy();
                header("location: https://www.peredy1.com/adminchat/logintool.php");
            }
        }else{
            header("location: ../users.php");
        }
    }else{  
        header("location: https://www.peredy1.com/adminchat/logintool.php");
    }
?>

Many many thanks for any help with this

[ginerjm]

If you have a table of the ids I would use that to get all of them and then do the logging out with just one query execution that uses that array of ids.

Delete from my_table_name where table_id in ("key1","key2","key3"........)

[PNewCode]

@ginerjmthanks for the reply. But I'm not wanting to delete all the users. I just need to log them out. Unless I'm misunderstanding. I should also note that I didn't write that. Its part of a package of pages that I paid someone to create.

[ginerjm]

Then instead of a delete query you do an update query.  Doh.

[phppup]

I'm not familiar with the subject, but I can share some ideas:

To expand on ginerjm comment, perhaps you create a table that populates as users join the chat. Then, use that same information from an array to disconnect these people.

Or, can the chat room simply be destroyed?

Is this a general chat or a private conference?

If the average conference lasts 1 hour, can you set an automatic logout/end of season for 90 minutes? This will provide a buffer but also unsure that users are thrown out when their time is done.

Edited November 11, 2022 by phppup
Typos

[ginerjm]

How will you know who was in the latest session that needs to be logged out?  Is that not stored somewhere?

Edited November 11, 2022 by ginerjm

[PNewCode]

Sure, sorry I should explain more. So when we get together online (there are only 8 of us) we all join at the same time. It's internal so it's private. It's not open to the public. And we all leave at the same time. There's a set amount of people and specific people that are in there and it never changes.

I went in and manually changed the status to "Offline now" and that didn't log them out. That just made them look offline. I need to log them out completely because they would still have to manually click the logout button and then log back in to be able to appear back online themselves (sometimes some of them leave early or don't show up)

So I need to be able to do more than change the "status" and literally log them out. Below is a screen shot of the Mysql database

 

[ginerjm]

So - WHAT makes them look "logged out"?  The absence of their record?  Or some setting that you are not telling us about?  It's really very simple so I don't know what the problem is.

[Barand]

UPDATE users SET status = 'Offline now' WHERE status = 'Active now' ;

[ginerjm]

When you click the logout button what changes on these records you have showed us?  You are not telling us the difference between "looking offline" and being logged out.

Edited November 11, 2022 by ginerjm

[mac_gyver]

the code wasn't designed to let you do this, because it isn't querying on each page request to get the user's current status, which would let the login check code force a log-out based on a value stored in the database table.

you can either rewrite the code to do this, or you could delete all the session data files, which would also log-out the admin performing this action, unless you want to scan through the session data files to find the one for the admin and not delete it too.

btw - not only should the logout be a post method form, but using mysqli_real_escape_string() on a value that isn't being used in a string context in a query doesn't provide any sql injection protection, which still can occur for trusted users if cross site scripting is possible, since any value submitted to your code can be changed by cross site scripting to be anything and cannot be trusted. the only fool-proof way of preventing sql injection is to use a prepared query.

[PNewCode]

Okay, so the status... if it changes to Offline now, then yes he APPEARS to be offline. That part is awesome. 
So lets say I just update the Mysql to show offline. Then yes they will all APPEAR to be offline.
But that doesn't mean they aren't still logged into the chat. They need to be literally logged out completely.

I don't know what the function is that makes them logout. But I know when they click on "Logout", then they can't get back in unless they login again.

Changing the "Status" only makes them LOOK offline but they can still be in the chat. That "Status" only changes the way they appear.

[PNewCode]

Since most of them just refuse to click that Logout button, there has to be a way to force a logout so that wondering eyes on their computer don't get nosey (other people in their houses, etc)
So if they wont click the button, then I need an ability to do it for them without logging into each account one by one and logging them out

Edited November 11, 2022 by PNewCode

[PNewCode]

@ginerjmthat is the only thing that changes in those records, correct. But my point of the screen shot was to show how the unique_id column is

[ginerjm]

YOu still haven't told us what the logout button does to make them be logged out.  Is there some other table that tracks each 'session' that?  Could that be what the logout button updates?

[PNewCode]

@mac_gyverI think you're onto something. Would you be willing to elaborate on how to delete all the session files? I'm the admin so I don't mind if it logs me out too

[PNewCode]

@ginerjmlike I said I don't know what the function is that makes that happen. I just know that is the link on the button, and it goes to that logout.php page. The only thing that changes in the database that you see is the status to appear offline when they click it. I'm sorry but that is all I know. Like I said I paid for someone to make this, I didn't write it. And unfortunately he said he doesn't know how to make what I'm wanting to happen, happen

[mac_gyver]

you would have to find out where the session data files are stored and unlink() them.

it would be much better to query on each page request to get the user's current status, so that you can individually implement things like promoting, demoting, suspending, or banning a user.

[mac_gyver]

5 minutes ago, ginerjm said:

YOu still haven't told us what the logout button does to make them be logged out.

it's in the posted code, by deleting the session data.

[ginerjm]

You do not have access to the individual users sessions.  You can't remove them.  Over time each session will go away.

Edited November 11, 2022 by ginerjm

[PNewCode]

@mac_gyverI'll have to go the first route. Maybe it's in one of the js files. I'm not sure. I wont need any functions like  promoting, demoting, suspending, or banning a user because they can't even get in unless I register them manually (it's a private chat thing) so if I wanted them out I would just delete them from the database completely. I don't have any folders that look to be storing anything like that so I'm thinking it might be written to a file? (session log)

[PNewCode]

@ginerjmthe logout.php script is in my original post. Right under where I typed "And here is the logout page php"

[mac_gyver]

session_save_path() returns the path of the current directory used to save session data.

[PNewCode]

@mac_gyverthank you for that. I'm clearly in way over my head. I truly thought it would be as easy as making one button that sends to multiple pages that I could just put in the id in but I can see that it's not. I just tried to put in the session_save_path() in the logout page and it came back as page isn't working haha. So yeah, sigh... this is way beyond my understanding. I spent all my money having this made but maybe I can save a couple more months and hire someone to fix all this for me

[PNewCode]

Hey @mac_gyverI did find this page called data.php do you think it answers where I need to look? EDIT: Actually this looks like the functioning for the chat messages only

 

<?php
    while($row = mysqli_fetch_assoc($query)){
        $sql2 = "SELECT * FROM messages WHERE (incoming_msg_id = {$row['unique_id']}
                OR outgoing_msg_id = {$row['unique_id']}) AND (outgoing_msg_id = {$outgoing_id} 
                OR incoming_msg_id = {$outgoing_id}) ORDER BY msg_id DESC LIMIT 1";
        $query2 = mysqli_query($conn, $sql2);
        $row2 = mysqli_fetch_assoc($query2);
        (mysqli_num_rows($query2) > 0) ? $result = $row2['msg'] : $result ="No message available";
        (strlen($result) > 28) ? $msg =  substr($result, 0, 28) . '...' : $msg = $result;
        if(isset($row2['outgoing_msg_id'])){
            ($outgoing_id == $row2['outgoing_msg_id']) ? $you = "You: " : $you = "";
        }else{
            $you = "";
        }
        ($row['status'] == "Offline now") ? $offline = "offline" : $offline = "";
        ($outgoing_id == $row['unique_id']) ? $hid_me = "hide" : $hid_me = "";

        $output .= '<a href="chat.php?user_id='. $row['unique_id'] .'">
                    <div class="content">
                    <img src="php/images/'. $row['img'] .'" alt="">
                    <div class="details">
                        <span>'. $row['fname']. " " . $row['lname'] .'</span>
                        <p>'. $you . $msg .'</p>
                    </div>
                    </div>
                    <div class="status-dot '. $offline .'"><i class="fas fa-circle"></i></div>
                </a>';
    }
?>

 

Edited November 11, 2022 by PNewCode