Jump to content

Logging out multiple users on one click

PNewCode

By PNewCode
in PHP Coding Help

 Share

Recommended Posts

PNewCode Advanced Member

PNewCode

Posted
  • Author
Posted

@mac_gyveryup I'm officially lost now. I was looking for something that would list all the data that I could do some sort of clear script or something. Are there people (maybe you?) on here that can be for hire to do things like this? Or is that not allowed to ask. I don't want to break any rules.

mac_gyver Prolific Member

mac_gyver

Posted
Posted

the simplest, straightforward solution would be to query on each page request to get the current user's status. even though you are not performing any of the actions i listed, you are forcing the user to become logged out.

in the current code you should have login check logic on each protected page, that starts the session and tests if $_SESSION['unique_id'] is or is not set. you would change it to the following to cause a status value of "Offline now" to log the user out and redirect to the logintool.php page - 

<?php
// this sets the lifetime to zero and the rest of the values to null
session_set_cookie_params(0);
session_start();

// login check code
if(!isset($_SESSION['unique_id']))
{
	// if not logged in, go elsewhere
	header("location: https://www.peredy1.com/adminchat/logintool.php");
	die;
}

// at this point there's a logged in user, get the user's current status
// note: use 'require' for things your code must have for it to work
require "config.php";

$sql = "SELECT status from users WHERE unique_id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('i', $_SESSION['unique_id']);
$stmt->execute();
$stmt->bind_result($user_status);
$stmt->fetch();

if($user_status === "Offline now")
{
	// force a log-out
	// note: you should only unset() $_SESSION['unique_id'] since a session can contain other pieces of data
	session_unset();
	session_destroy();
	header("location: https://www.peredy1.com/adminchat/logintool.php");
	die;
}

// at this point the user is logged in and can access the rest of the code on the protected page

 

PNewCode Advanced Member

PNewCode

Posted
  • Author
Posted

@mac_gyverI hope that I'm not a nuesence at this point. I tried like crazy to put in your example on the page that is being used itself. And I get the following errors. Any thoughts? And thank you again btw for all the guidance
 

Quote

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at index.php:5) in index.php on line 10

Warning: require(): https:// wrapper is disabled in the server configuration by allow_url_include=0 in index.php on line 23

Warning: require(https://www.peredy1.com/adminchat/php/config.php): failed to open stream: no suitable wrapper could be found in index.php on line 23

Fatal error: require(): Failed opening required 'php/config.php' (include_path='.:/opt/cpanel/ea-php71/root/usr/share/pear') in index.php on line 23

Here is what I have now in the top of the script down to where the page begins it's normal look

You may notice some of the URL is different than my orginal post, this is because this index page is in the same folder now so I didn't need to put a full URL in 

<?php 
error_reporting(E_ALL);
ini_set('display_errors', '1');
?>


<?php
// this sets the lifetime to zero and the rest of the values to null
session_set_cookie_params(0);
session_start();

// login check code
if(!isset($_SESSION['unique_id']))
{
	// if not logged in, go elsewhere
	header("location: logintool.php");
	die;
}

// at this point there's a logged in user, get the user's current status
// note: use 'require' for things your code must have for it to work

require "php/config.php";

$sql = "SELECT status from users WHERE unique_id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('i', $_SESSION['unique_id']);
$stmt->execute();
$stmt->bind_result($user_status);
$stmt->fetch();

if($user_status === "Offline now")
{
	// force a log-out
	// note: you should only unset() $_SESSION['unique_id'] since a session can contain other pieces of data
	session_unset();
	session_destroy();
	header("location: logintool.php");
	die;
}

// at this point the user is logged in and can access the rest of the code on the protected page
?>


<?php include_once "header.php"; ?>



 

Barand Prolific Member

Barand

Posted
Posted

As the message tells you, you can't call session_start() after you have sent data to the browser. You are sending output on line 10 apparently.

For example, the gap between ?> and the following <?php will result in a couple of newlines being sent.

PNewCode Advanced Member

PNewCode

Posted
  • Author
Posted

@BarandThank you for that info. I moved the session to the bottom so it is after it but now I get

 

Quote

Warning: Cannot modify header information - headers already sent by (output started at index.php:5) in index.php on line 12

Which is the second line in this
 

Quote

    // if not logged in, go elsewhere
    header("location: logintool.php");
    die;

 

PNewCode Advanced Member

PNewCode

Posted
  • Author
Posted

Yup... I give up haha.
At least for today. I'm normally very good at "Ohhhh okay that makes sense" but this has my head feeling like spaghetti where the noodles have been boiled too long and then turned into mashed potatos, and then mixed with dog food and thrown at a wall haha.

kicken Prolific Member

kicken

Posted
Posted (edited)

Going back to the original statement of ending the other user's sessions, you can get PHP to do that for you by setting the session lifetime to 0 and invoking a garbage collection pass.  

//You must end the current session before you can change the lifetime settings.
session_write_close();

//If you want to preserve your admin session, save a copy of $_SESSION
$sessionCache = $_SESSION;

//Make the lifetime 0 so every session is considered expired.
ini_set('session.gc_maxlifetime', 0);

//Re-start your admin session, GC requires an active session.
session_start();

//Restore the saved $_SESSION if desired.
$_SESSION = $sessionCache;

//Run GC to delete other sessions.
session_gc();

 

Edited by kicken
PNewCode Advanced Member

PNewCode

Posted
  • Author
Posted

@kickenThank you much for your time. I appreciate it. I tried that one too and I got a huge list of errors. I would post them but I can see from the previous answer that even being told what is wrong, I can't seem to figure out where or what to fix, or really... how to fix it.
What is frustrating me the most is I can almost always see the codes and if I get help then it makes sense, then I learned from it, then I can build again from that. But this one... has me about ready to put my forehead in the monitor.

I really do appreciate everyones help though. I just hate that this time I can't make heads or tales of it all

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.