Jump to content

Login Script Help with Sessions

phpQuestioner

By phpQuestioner
in PHP Coding Help

 Share

Recommended Posts

phpQuestioner Regular Member

phpQuestioner

Posted
Posted

I have created script with a single user login validation within php page. I have tried to use sessions to create a log-out page, but when a user clicks the link to the log-out page and is redirected; if the click the browser back button and click reload, the page will still have them logged in. My script is below, any help would be very gr8t - Thanks

 

HTML Form Page

 

<html>
<head>

<title>Login</title>

</head>

<body>

<form action="login.php" method="post">
Username:<br><input type="text" name="username" size="25"><br><br>
Password:<br><input type="password" name="password" size="25"><br><br>
<input type="submit" value="Login">
</form>

</body>
</html>

 

 

PHP Login Page

 

<?php

@$username = stripslashes($_POST['username']);
@$password = stripslashes($_POST['password']);
$letementer = "ok";

// strcmp = Case Sensitive
// strcasecmp = Not Case Sensitive

if ( strcmp($username, "John") != 0)
{
$letementer = "notok";
}

if ( strcmp($password, "Doe") != 0)
{
$letementer = "notok";
}


if ($letementer=="notok")
{
echo "You Do Not Have Premission To View This Page";
exit;
}
if ($letementer=="ok")
{
session_start();
session_register('username');
echo "<a href=\"logout.php?un=$username\" style=\"float:right\">Log Out</a><br><br><br>You Have Premisson To View This Page";
}
?>

 

 

PHP Log-Out Page

 

<?php

//start the session 
session_start(); 

//check to make sure the session variable is registered 
if(session_is_registered('username')){ 

//session variable is registered, the user is ready to logout 
session_unset(); 
session_destroy();
echo "<script>\nalert(\"$un You Have Successfully Been Logged Out\");\n</script>";
} 
else{ 

//the session variable isn't registered, the user shouldn't even be on this page 
header("Location: login.html");
} 

?>

Link to comment
https://forums.phpfreaks.com/topic/41879-login-script-help-with-sessions/
Share on other sites
Snooble Regular Member

Snooble

Posted
Posted

best thing'd be to (at the top of your pages you want only logged in users to see have this:

 

if(!isset($_SESSION['username'])){
header("Location: pleaselogin.php");
}

 

If the user has logged out and trys to go back it will take the user to "pleaselogin.php"

 

No problem

 

Snooble

phpQuestioner Regular Member

phpQuestioner

Posted
  • Author
Posted

So I tried to do like jscix said to do and I replaced this:

 

session_unset(); 
session_destroy();

 

in the PHP Log-Out Page for this:

 

unset($username);
session_destroy();

 

but this did not do the trick; when browser back button was clicked and page reloaded; log-in session still existed.

 

Next I tried Snooble advice and put this:

 

if(!isset($_SESSION['username'])){
header("Location: login.html");
}

 

in the very top part of my PHP Login Page and then tried to login with the correct username and password, but the script kept on redirecting me back to the html page; even when the username and password is correct.

 

Does anyone else have any ideas about this?

Eiolon Advanced Member

Eiolon

Posted
Posted

This is what I have in my secured page called main.php and works fine:

 

<?php # main.php

// Start the session.
session_start();

// Check for the session value.
if (isset($_SESSION['username'])) {
echo '<p>Welcome back, '.$_SESSION['username'].'.</p>';
} else {
// Quit the script and redirect to login page.
header ("Location: http://" . $_SERVER['HTTP_HOST'] . 
dirname ($_SERVER['PHP_SELF']) . "login.php");
exit();
}
?>

benjaminbeazy Member

benjaminbeazy

Posted
Posted

session_start(); must be at top of script, very top

 

use $_SESSION['username'] to declare session vars instead of session_register, register_globals is off by default and on its way out of the php picture

 

for destroying session, try

$_SESSION = array();

session_destroy;

 

to keep it from relogging in, use

header("Cache-Control: private, no-cache, must-revalidate");

 

 

phpQuestioner Regular Member

phpQuestioner

Posted
  • Author
Posted

So I tried this below, but I am still having the same problem. Once the user logs out, clicks the browser back button and then reload; they are still logged in. So what do I need to correct?

 

PHP Login Page

 

<?php
session_start();
$_SESSION['username'];
header("Cache-Control: private, no-cache, must-revalidate");

@$username = stripslashes($_POST['username']);
@$password = stripslashes($_POST['password']);
$letementer = "ok";

// strcmp = Case Sensitive
// strcasecmp = Not Case Sensitive

if ( strcmp($username, "John") != 0)
{
$letementer = "notok";
}

if ( strcmp($password, "Doe") != 0)
{
$letementer = "notok";
}


if ($letementer=="notok")
{
echo "You Do Not Have Premission To View This Page";
exit;
}
if ($letementer=="ok")
{
session_start();
session_register('username');
echo "<a href=\"logout.php?un=$username\" style=\"float:right\">Log Out</a><br><br><br>You Have Premisson To View This Page";
}
?>

 

 

PHP Log-Out Page

 

<?php

//start the session 
session_start(); 

//check to make sure the session variable is registered 
if(session_is_registered('username')){ 

//session variable is registered, the user is ready to logout 
$_SESSION = array();
session_destroy();
echo "<script>\nalert(\"$un You Have Successfully Been Logged Out\");\n</script>";
} 
else{ 

//the session variable isn't registered, the user shouldn't even be on this page 
header("Location: login.html");
} 

?>

redarrow Advanced Member

redarrow

Posted
Posted

try it all this way ok.

<?php session_start(); 
if($_SESSION['username']){
unset($_SESSION['username']);
session_destroy();
echo "<script>\nalert(\"$un You Have Successfully Been Logged Out\");\n</script>";
exit;
}else{ 
header("Location: login.html");
exit;
} 
?>

 

<?php session_start();
header("Cache-Control: private, no-cache, must-revalidate");

@$username = stripslashes($_POST['username']);
@$password = stripslashes($_POST['password']);
$letementer = "ok";

// strcmp = Case Sensitive
// strcasecmp = Not Case Sensitive

if ( strcmp($username, "John") != 0)
{
$letementer = "notok";
}

if ( strcmp($password, "Doe") != 0)
{
$letementer = "notok";
}


if ($letementer=="notok")
{
echo "You Do Not Have Premission To View This Page";
exit;
}
if ($letementer=="ok")
{

$_SESSION['username']=$username;

echo "<a href=\"logout.php?un=$username\" style=\"float:right\">Log Out</a><br><br><br>You Have Premisson To View This Page";
}
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.