helraizer Posted March 16, 2008 Share Posted March 16, 2008 Hi folks, I have a perfectly functioning login and logout script but it has one flaw... It is all done by sessions.. I have this code login.php <?php if (isset($_POST['submit'])) { if ($_POST['user'] == "" || $_POST['pass'] == "") { $errors[] .= _INCORRECT; } else { } $username = mysql_real_escape_string(htmlspecialchars($_POST['user'])); $password = mysql_real_escape_string(md5(sha1($_POST['pass']))); $_SESSION['user'] = $username; $_SESSION['pass'] = $password; $date = date("Y-m-d G:i:s"); $sql = "SELECT * FROM `web86-chatbox-1`.`user` WHERE `user`.`username`='$username' AND `user`.`password`='$password'"; $result = mysql_query($sql); $row = mysql_fetch_array($result); $count = mysql_num_rows($result); if ($count == 1) { if($row['active'] == 0) { echo ('<div class="ddgb_entrybox"> <table width="100%" border="0" cellspacing="8" cellpadding="0"> <tr> <td width="42%" align="right" valign="top"></td> <td align="center" valign="top"> <h2> ' . _ERROR . '</h2><ul> <li> ' . _INACTIVE . '</li> </ul> <br><br><br> </td> </tr> </table> </div>'); } else { $sqli = "UPDATE user SET user.logged_in = 1 WHERE username='$username' AND password='$password'"; $resulti = mysql_query($sqli); $sqlx = "UPDATE user SET last_login = '$date' WHERE username='$username' AND password='$password'"; $resultx = mysql_query($sqlx); unset($_SESSION['logged']); $_SESSION['login'] = 1; session_register("user"); session_register("pass"); $_SESSION['user'] = $username; $_SESSION['pass'] = $password; header("Location: index.php5"); exit(); } } else { echo ('<div class="ddgb_entrybox"> <table width="100%" border="0" cellspacing="8" cellpadding="0"> <tr> <td width="42%" align="right" valign="top"></td> <td align="center" valign="top"> <h2> ' . _ERROR . '</h2><ul> <li> ' . _LOGIN . '</li> </ul> <br><br><br> </td> </tr> </table> </div>'); } if (isset($_POST['submit']) && $errors[0] != null) { echo ' <div class="ddgb_entrybox"> <table width="100%" border="0" cellspacing="8" cellpadding="0"> <tr> <td width="42%" align="right" valign="top"></td> <td align="center" valign="top">'; echo "<h2>" . _ERROR . "</h2><ul>"; foreach ($errors as $f) { echo "<li>" . $f . "</li>"; } echo "</ul>"; echo '<br><br><br> </td> </tr> </table> </div>'; } } ?> and with logout.php <?php if(isset($_SESSION['login'])) { $username = $_SESSION['user']; $password = $_SESSION['pass']; $_SESSION['logged'] = 1; $sqli = "UPDATE user SET user.logged_in = 0 WHERE username='$username' AND password='$password'"; $resulti = mysql_query($sqli) or die("Error with sql: ".mysql_error()); unset($_SESSION['login']); echo ('<div class="ddgb_entrybox"> <table width="100%" border="0" cellspacing="8" cellpadding="0"> <tr> <td width="42%" align="right" valign="top"></td> <td align="center" valign="top"> <h2> '. _SUCCESS . '</h2><ul> <li> '. _LOGGED_OUT . '</li> </ul> <br><br><br> </td> </tr> </table> </div>'); } else { die('<div class="ddgb_entrybox"> <table width="100%" border="0" cellspacing="8" cellpadding="0"> <tr> <td width="42%" align="right" valign="top"></td> <td align="center" valign="top"> <h2> '. _ERROR . '</h2><ul> <li> '. _LOGGED_IN . '</li> </ul> <br><br><br> </td> </tr> </table> </div>'); } ?> At the bottom of each page I have <?php $user = $_SESSION['user']; $pass = $_SESSION['pass']; $sql_f = "SELECT COUNT(logged_in) FROM user WHERE logged_in='1'"; $result_f = mysql_query($sql_f) or die("Error in part sql_f: ".mysql_error()); $row = mysql_fetch_array($result_f); $online = $row['COUNT(logged_in)']; $sql_g = "SELECT COUNT(user_id) FROM user"; $result_g = mysql_query($sql_g) or die("Error in part sql_g: ".mysql_error()); $rows = mysql_fetch_array($result_g); $total = $rows['COUNT(user_id)']; if ($online == 1 ) { echo "<div align='left'><center>There is currently ". $online . " user online.</center></div>"; } else { echo "<div align='left'><center>There are currently ". $online . " users online.</center></div>"; } if ($total == 1 ) { echo "<div align='left'><center>There is currently ". $total . " user registered.</center></div>"; } else { echo "<div align='left'><center>There are currently ". $total . " users registered.</center></div>"; } ?> The problem is that when the user logs in, the value 'logged_in' on the database is set to 1, so the bottom of the page says "there is currently 1 user online", which is fine. But only when they go to 'logout.php' does it change 'logged_in' back to 0, so if the user closes the window before going to logout.php the database is still set to 1, but they have been logged out.. so the bottom still says "there is currently 1 user online", even though no one is logged in. How would I make it that if $_SESSION['login'] is unset on any page, then 'logged_in' is set back to 0? I can imagine it's if(!isset($_SESSION['login']) { $sql = "UPDATE user SET user.logged_in = 0"; $result = mysql_query($sql) or die("Error in SQL part 1: ".mysql_error()); } but how would I form the WHERE claus? I can't use $_SESSION['user'] and $_SESSION['pass'] because they won't be set... Any ideas? Thanks, Sam Quote Link to comment Share on other sites More sharing options...
helraizer Posted March 16, 2008 Author Share Posted March 16, 2008 *bumpage* Anyone got any ideas? Sam Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted March 16, 2008 Share Posted March 16, 2008 "The problem is that when the user logs in, the value 'logged_in' on the database is set to 1, so the bottom of the page says "there is currently 1 user online", which is fine. " whenever someone logs in or does anything on the site, set a field on their database record to indicate that they are logged on. when someone loads a page, check to see how many visitors have had that field updated since X time, where X is how long you want to wait before officially declaring someone logged out, probably session duration. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.