Jump to content

logout script help..

helraizer

By helraizer
in PHP Coding Help

Recommended Posts

helraizer Regular Member

helraizer

Posted
Posted

Hi folks,

 

I have a perfectly functioning login and logout script but it has one flaw... It is all done by sessions..

 

I have this code

login.php

<?php
if (isset($_POST['submit'])) {
    if ($_POST['user'] == "" || $_POST['pass'] == "") {
        $errors[] .= _INCORRECT;

    } else {
    }

    $username = mysql_real_escape_string(htmlspecialchars($_POST['user']));
    $password = mysql_real_escape_string(md5(sha1($_POST['pass'])));
    $_SESSION['user'] = $username;
    $_SESSION['pass'] = $password;
$date = date("Y-m-d G:i:s");

    $sql = "SELECT * FROM `web86-chatbox-1`.`user` WHERE `user`.`username`='$username' AND `user`.`password`='$password'";

    $result = mysql_query($sql);
    
    $row = mysql_fetch_array($result);
    
      $count = mysql_num_rows($result);

    if ($count == 1) {
  if($row['active'] == 0) {
	echo ('<div class="ddgb_entrybox">
	<table width="100%" border="0" cellspacing="8" cellpadding="0">
	<tr>
    <td width="42%" align="right" valign="top"></td>
	<td align="center" valign="top">
            <h2> ' . _ERROR . '</h2><ul>
             
              <li> ' . _INACTIVE . '</li>
            
            </ul>
            <br><br><br>
</td>
	</tr>
	</table>
	</div>');
} else {
        $sqli = "UPDATE user SET user.logged_in = 1 WHERE username='$username' AND password='$password'";

        $resulti = mysql_query($sqli);

	$sqlx = "UPDATE user SET last_login = '$date' WHERE username='$username' AND password='$password'";
	$resultx = mysql_query($sqlx);

	unset($_SESSION['logged']);
        $_SESSION['login'] = 1;
        session_register("user");
        session_register("pass");
        $_SESSION['user'] = $username;
        $_SESSION['pass'] = $password;
        header("Location: index.php5");
        exit();

}
    } else {
        echo ('<div class="ddgb_entrybox">
	<table width="100%" border="0" cellspacing="8" cellpadding="0">
	<tr>
    <td width="42%" align="right" valign="top"></td>
	<td align="center" valign="top">
            <h2> ' . _ERROR . '</h2><ul>
             
              <li> ' . _LOGIN . '</li>
            
            </ul>
            <br><br><br>
</td>
	</tr>
	</table>
	</div>');
    }

    if (isset($_POST['submit']) && $errors[0] != null) {
        echo '    <div class="ddgb_entrybox">
	<table width="100%" border="0" cellspacing="8" cellpadding="0">
	<tr>
    <td width="42%" align="right" valign="top"></td>
	<td align="center" valign="top">';
        echo "<h2>" . _ERROR . "</h2><ul>";
        foreach ($errors as $f) {
            echo "<li>" . $f . "</li>";
        }
        echo "</ul>";
        echo '<br><br><br>
</td>
	</tr>
	</table>
	</div>';

    }

}

?>

 

and with logout.php

<?php

if(isset($_SESSION['login'])) {
$username = $_SESSION['user'];
$password = $_SESSION['pass'];
$_SESSION['logged'] = 1;

$sqli = "UPDATE user SET user.logged_in = 0 WHERE username='$username' AND password='$password'";	

$resulti = mysql_query($sqli) or die("Error with sql: ".mysql_error());

unset($_SESSION['login']);

echo ('<div class="ddgb_entrybox">
	<table width="100%" border="0" cellspacing="8" cellpadding="0">
	<tr>
    <td width="42%" align="right" valign="top"></td>
	<td align="center" valign="top">
            <h2> '. _SUCCESS . '</h2><ul>
             
              <li> '. _LOGGED_OUT . '</li>
            
            </ul>
            <br><br><br>
</td>
	</tr>
	</table>
	</div>');




} else {
die('<div class="ddgb_entrybox">
	<table width="100%" border="0" cellspacing="8" cellpadding="0">
	<tr>
    <td width="42%" align="right" valign="top"></td>
	<td align="center" valign="top">
            <h2> '. _ERROR . '</h2><ul>
             
              <li> '. _LOGGED_IN . '</li>
            
            </ul>
            <br><br><br>
</td>
	</tr>
	</table>
	</div>');
}
?>

 

At the bottom of each page I have 

<?php
$user = $_SESSION['user'];
$pass = $_SESSION['pass'];

$sql_f = "SELECT COUNT(logged_in) FROM user WHERE logged_in='1'";
$result_f = mysql_query($sql_f) or die("Error in part sql_f: ".mysql_error());
$row = mysql_fetch_array($result_f); 

$online = $row['COUNT(logged_in)'];

$sql_g = "SELECT COUNT(user_id) FROM user";
$result_g = mysql_query($sql_g) or die("Error in part sql_g: ".mysql_error());
$rows = mysql_fetch_array($result_g);

$total = $rows['COUNT(user_id)'];

if ($online == 1 ) {
echo "<div align='left'><center>There is currently ". $online . " user online.</center></div>";
}
else {
echo "<div align='left'><center>There are currently ". $online . " users online.</center></div>";	
}
if ($total == 1 ) {
  echo "<div align='left'><center>There is currently ". $total . " user registered.</center></div>";
}
else {
  echo "<div align='left'><center>There are currently ". $total . " users registered.</center></div>";	
}
?>

 

The problem is that when the user logs in, the value 'logged_in' on the database is set to 1, so the bottom of the page says "there is currently 1 user online", which is fine.

 

But only when they go to 'logout.php' does it change 'logged_in' back to 0, so if the user closes the window before going to logout.php the database is still set to 1, but they have been logged out.. so the bottom still says "there is currently 1 user online", even though no one is logged in.

 

How would I make it that if $_SESSION['login'] is unset on any page, then 'logged_in' is set back to 0?

 

I can imagine it's

 

if(!isset($_SESSION['login']) {

$sql = "UPDATE user SET user.logged_in = 0";
$result = mysql_query($sql) or die("Error in SQL part 1: ".mysql_error());
}

 

but how would I form the WHERE claus? I can't use $_SESSION['user'] and $_SESSION['pass'] because they won't be set...

 

Any ideas?

 

Thanks,

Sam

Link to comment
https://forums.phpfreaks.com/topic/96383-logout-script-help/
Share on other sites
BlueSkyIS Newbie

BlueSkyIS

Posted
Posted

"The problem is that when the user logs in, the value 'logged_in' on the database is set to 1, so the bottom of the page says "there is currently 1 user online", which is fine. "

 

whenever someone logs in or does anything on the site, set a field on their database record to indicate that they are logged on. when someone loads a page, check to see how many visitors have had that field updated since X time, where X is how long you want to wait before officially declaring someone logged out, probably session duration.

Link to comment
https://forums.phpfreaks.com/topic/96383-logout-script-help/#findComment-493620
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.