SitePoint Sponsor

User Tag List

Results 1 to 17 of 17
  1. #1
    SitePoint Evangelist ckchin's Avatar
    Join Date
    Mar 2002
    Location
    msia
    Posts
    487
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    unregister Kevin Yank's Controlling Access script? HAVING ADDITIONAL PROBELM AGAIN!!!

    As per article written by Kevin Yanks, titled Managing Users with PHP Sessions and MySQL Part 2: Controlling Access, at http://www.sitepoint.com/article/319/4, how can I unregister the session register?

    I tried many as follows, but did't succeed.

    PHP Code:
    function do_Logout() {
    // Initialize the session. 
    // If you are using session_name("something"), don't forget it now! 
    session_start(); 
    // Unset all of the session variables.
    unset($uid);
    unset(
    $uid);
    unset(
    $_SESSION['uid']);
    unset(
    $_SESSION['uid']);
    unset(
    $username);
    unset(
    $_SESSION["myname"]);
    $_SESSION = array(); 
    // Finally, destroy the session. 
    session_destroy(); 
    exit;

    Thanks in advance for your help.
    Last edited by ckchin; Nov 11, 2003 at 14:35.

  2. #2
    SitePoint Zealot rae's Avatar
    Join Date
    Apr 2003
    Location
    bedroom :P
    Posts
    157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Have you tried that?

    session_unset ( );

    (From php manual)
    The session_unset() function frees all session variables currently registered.
    Cheers!
    d(o.O)b -- Notice: undefined variable: /me

  3. #3
    PHP manual bot bronze trophy Gaheris's Avatar
    Join Date
    Oct 2003
    Location
    Germany
    Posts
    2,195
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you use session_register then you have to use session_unregister. But if you use (as you should with newer PHP versions) the superglobal $_SESSION array then you unset a single session variable with unset($_SESSION['varname']) and if you want to unset them all you use $_SESSION = array()

  4. #4
    SitePoint Evangelist ckchin's Avatar
    Join Date
    Mar 2002
    Location
    msia
    Posts
    487
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Unhappy

    Below is my accesscontrol.php

    PHP Code:
    <?php // accesscontrol.php
    error_reporting (E_ALL E_NOTICE);
    include_once 
    "./common.php";
    include_once 
    "./db.php";
    include_once 
    "./functions.php";
     
    session_start();
    $uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
    $pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];
     
    if(!isset(
    $uid)) {
    login_form();
    exit;
    }
     
    $_SESSION['uid'] = $uid;
    $_SESSION['pwd'] = $pwd;
     
    dbConnect("sessions");
    $sql "SELECT * FROM user WHERE
            userid = '
    $uid' AND password = '$pwd'";
    $result mysql_query($sql);
    if (!
    $result) {
    error('A database error occurred while checking your '.
            
    'login details.\\nIf this error persists, please '.
            
    'contact [email="you@example.com"]you@example.com[/email].');
    }
     
    if (
    mysql_num_rows($result) == 0) {
    unset(
    $_SESSION['uid']);
    unset(
    $_SESSION['pwd']);
    login_form();
    exit;
    }
     
    $username mysql_result($result,0,'fullname');
    $_SESSION["myname"]=$username;
     
    function 
    ckdisplayname(){
    //global $username;
    echo "<P>";
    echo 
    "<P>";
    echo 
    "<P>";
    echo 
    $_SESSION["myname"];
    echo 
    $username// no display
    }
    ?>
    My functions.php:

    PHP Code:
    <?
    // functions.php
    function login_form() {
    global 
    $PHP_SELF$HTTP_REFERER$HTTP_HOST$REQUEST_URI;
    global 
    $uid$pwd$validate$logfailed;
    $listing_title="Surfmark's login form";
    $msg="";
    $format="";
    echo 
    '<br>';
    //tableform1a($listing_title);
    if ($logfailed && $uid == '') {
    $msg .= "- Please fill in the uid field!<br>";
    $format "BAD";
    }
    if (
    $logfailed && $pwd == '') {
    $msg .= "- Please fill in the your password field!<br>";
    $format "BAD";
    }
    if (
    $logfailed && $uid && $pwd && have_validated($uid) && incorrect_log_code($uid$pwd)){
    $msg .= "- Login failed. Please make sure your have typed in your uid and password correctly.<br>";
    $format "BAD";
    }
    if (
    $logfailed && $uid && $pwd && !have_validated($uid)){
    $msg .= "- Possibility 1: There is no such uid in our database.<br>";
    $msg .= "- Possibility 2: Membership has not been validated.<br>";
    $format BAD;
    }
    //$furl="[url="http://&quot;.$_server['http_host'].$request_uri/"]http://".$_SERVER['HTTP_HOST'].$REQUEST_URI[/url];
    $furl=$_SERVER['PHP_SELF'];
    //$_SERVER['REQUEST_URI']
    //$furl=$HTTP_REFERER;
    //$furl=$PHP_SELF;
    // <FORM METHOD="POST" ACTION="<? echo $furl
    ?>
    <FORM METHOD="POST" ACTION="<? echo $furl?>">
    <table border="0" cellpadding="3" width="100%">
    <tr>
        <td width="100%" align="right" height="19" colspan="3">
        <p align="left"><b><font color="#000080">Please log in to access the page 
        you requested.</font></b></td>
    </tr>
    <? if ($msg) { ?>
    <tr>
        <td width="100%" align="right" height="19" valign="top" colspan="3">
        <p align="left"><b><font color="#FF0000">Error :</font></b><br><?=$msg;?><br>
        </td>
    </tr>
    <? } if ($format=="BAD" || !$logfailed) { # if format equal to BAD OR NO $logfailed ?>
    <tr>
        <td width="18%" align="right" height="20">User ID</td>
        <td width="3%" align="center" height="20">:</td>
        <td width="79%" height="20" align="left">
        <input name="uid" size="20" value="<?=$uid;?>"></td>
    </tr>
    <tr>
        <td width="18%" align="right" height="22">Password</td>
        <td width="3%" align="center" height="22">:</td>
        <td width="79%" height="22" align="left">
        <input name="pwd" size="20" type="password" value="<?=$pwd;?>"></td>
    </tr>
    <tr>
        <td width="18%" align="right" height="19">Action</td>
        <td width="3%" align="center" height="19">:</td>
        <td width="79%" height="19" align="left">
        <INPUT TYPE="submit" VALUE="Login" NAME="Submit" align="left"></td>
    </tr>
    <tr>
        <td width="100%" height="19" valign="top" colspan="3">
    </td>
    </tr>
    </table>
    </FORM>
    <?
    // ends if ($format == BAD || !$logfailed) {
    // ends login_form()
     
    function do_Logout() {
    // Initialize the session. 
    // If you are using session_name("something"), don't forget it now! 
    session_start(); 
    session_unset();
    // Initialize the session. 
    // If you are using session_name("something"), don't forget it now! 
    //session_start(); 
    //unset($uid);
    //unset($pwd);
    // Unset all of the session variables. 
    //$_SESSION = array(); 
    // Finally, destroy the session. 
    //session_destroy(); 
    //unset($_SESSION['uid']);
    //unset($_SESSION['pwd']);
    }
     
    ?>
    I use the above script to protect several scripts:

    PHP Code:
    <?php // protectedpage2.php
     
    include 'accesscontrol.php'
    switch(
    $a) {
    case 
    "logout":do_logout();break;
    default:
    message();
    break;
    }
    function 
    message(){
    ?>
    <html xmlns="[url="http://www.w3.org/1999/xhtml"]http://www.w3.org/1999/xhtml[/url]">
    <head>
    <title> Members-Only Page </title>
    <meta http-equiv="Content-Type"
        content="text/html; charset=iso-8859-1
    </head>
    <body>
    <p>Welcome, <?=$username?>! You have entered a members-only area
    of the site. Don't you feel special?</p>
    <p><a href="[url="http://localhost/accesscontrol/index.php?a=logout"]http://localhost/accesscontrol/index.php?a=logout[/url]">
    [url="http://localhost/accesscontrol/index.php?a=logout</a></p"]http://localhost/accesscontrol/index.php?a=logout</a></p[/url]>
    <p><a href="[url="http://localhost/accesscontrol/protectedpage3.php?a=logout"]http://localhost/accesscontrol/protectedpage3.php?a=logout[/url]">
    [url="http://localhost/accesscontrol/protectedpage3.php?a=logout</a></p"]http://localhost/accesscontrol/protectedpage3.php?a=logout</a></p[/url]>
    </body>
    </html>
    <? ?>
    PHP Code:
    <?php 
    // protectedpage3.php
    include 'accesscontrol.php'
    switch(
    $a) {
    case 
    "logout":do_logout();break;
    default:
    message();
    break;
    }
    function 
    message(){
    ?>
    <html xmlns="[url="http://www.w3.org/1999/xhtml"]http://www.w3.org/1999/xhtml[/url]">
    <head>
    <title> Members-Only Page </title>
    <meta http-equiv="Content-Type"
        content="text/html; charset=iso-8859-1
    </head>
    <body>
    <p>Welcome, <?=$username?>! You have entered a members-only area
    of the site. Don't you feel special?</p>
    <p><a href="[url="http://localhost/accesscontrol/protectedpage2.php?a=logout"]http://localhost/accesscontrol/protectedpage2.php?a=logout[/url]">
    [url="http://localhost/accesscontrol/protectedpage2.php?a=logout</a></p"]http://localhost/accesscontrol/protectedpage2.php?a=logout</a></p[/url]>
    <p><a href="[url="http://localhost/accesscontrol/protectedpage3.php?a=logout"]http://localhost/accesscontrol/protectedpage3.php?a=logout[/url]">
    [url="http://localhost/accesscontrol/protectedpage3.php?a=logout</a></p"]http://localhost/accesscontrol/protectedpage3.php?a=logout</a></p[/url]>
    </body>
    </html>
    <? ?>
    Tried many of them but no working ... .
    Help needed. Thanks in advance.
    Last edited by ckchin; Nov 10, 2003 at 11:07.

  5. #5
    PHP manual bot bronze trophy Gaheris's Avatar
    Join Date
    Oct 2003
    Location
    Germany
    Posts
    2,195
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So you want to know how to log off/end a session?
    PHP Code:
    session_start();
    $_SESSION = array();
    session_destroy(); 
    One thing I noticed in your code, you're mixing code depending on register_globals on and some newer code. Why don't you always use the superglobal arrays? So instead of having to global the variables in a function you just use $_SERVER['HTTP_HOST'].
    Read this about predefined variables.

  6. #6
    SitePoint Evangelist ckchin's Avatar
    Join Date
    Mar 2002
    Location
    msia
    Posts
    487
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Gaheris
    So you want to know how to log off/end a session?
    PHP Code:
    session_start();
    $_SESSION = array();
    session_destroy(); 
    I did try many of these combinations in my do_Logout function, and I have no idea why non of them work.

    For example your suggestion in function do_Logout
    PHP Code:
    function do_Logout() {

    session_start();
    $_SESSION = array();
    session_destroy();

    Not working

    Any thing wrong with my switch?
    PHP Code:
    switch($a) {
      case 
    "logout":do_logout();break;
      default:
      
    message();
      break;


  7. #7
    PHP manual bot bronze trophy Gaheris's Avatar
    Join Date
    Oct 2003
    Location
    Germany
    Posts
    2,195
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What exactly doesn't work? Is the session still available?

  8. #8
    SitePoint Evangelist ckchin's Avatar
    Join Date
    Mar 2002
    Location
    msia
    Posts
    487
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, session is still available.

  9. #9
    SitePoint Zealot rae's Avatar
    Join Date
    Apr 2003
    Location
    bedroom :P
    Posts
    157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi!

    Hm... First... if you debug a script, don't forget to set
    error_reporting(E_ALL);
    This will save you a _lot_ of time when you develop/debug scripts.
    Notice, that in your script it's:
    error_reporting (E_ALL ^ E_NOTICE);

    First change that... maybe that will show you some "invisible" bad stuff...

    PHP Code:
    >"Any thing wrong with my switch?"

    switch($a) {
      case 
    "logout":do_logout();break;
      default:
      
    message();
      break;

    Ok... and then check your php settings with phpinfo() function. I'm not sure, because I don't know your webserver settings, but if "register_globals" is "Off" then... I think maybe your function logout() won't be called.

    Because if $a is an HTTP GET variable like in this script,
    and register globals is off, you'll get an error (I think just notice). And if it's a notice and _not_ error, then because of error_reporting (E_ALL ^ E_NOTICE); you won't see the problem itself.

    If register globals is "Off":
    You can reach your $a variable with $_GET['a'] or if you can't use $_GET because of older php version, then use $HTTP_GET_VARS['a']

    If register globals is "On":
    then... I think I was wrong =)

    Sorry, I haven't tried the code, it's just my oppinion at the first sight.
    But anyway... use of: error_reporting(E_ALL) is a good thing for debugging... don't forget! =)

    PS: session stuff seems ok for me and I checked my php.ini settings about sessions... and I didn't found anything that could cause this persistent behaviour. Give it a try! =)
    d(o.O)b -- Notice: undefined variable: /me

  10. #10
    SitePoint Evangelist ckchin's Avatar
    Join Date
    Mar 2002
    Location
    msia
    Posts
    487
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks rae!!!
    My register globals is "Off".

    Problem solved! HAVING ADDITIONAL PROBELM AGAIN!!!
    PHP Code:
    switch($_GET["a"]) {
    case 
    "logout":do_logout();break;
    default:
    message();
    break;

    After use the switch($_GET["a"]) .

    Just asking, I try $HTTP_GET_VARS['a']
    This one works as well!
    Why? My PHP version is php-4.3.3

    The $HTTP_GET_VARS was introduced in PHP version earlier than 4.1.0.
    Does this mean that we can use $HTTP_GET_VARS as long as our PHP is 4.1.0 above or even future version of it, like PHP5.0, etc?

    Thanks.
    Last edited by ckchin; Nov 11, 2003 at 14:25.

  11. #11
    SitePoint Zealot rae's Avatar
    Join Date
    Apr 2003
    Location
    bedroom :P
    Posts
    157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ckchin
    Thanks rae!!!
    My register globals is "Off".

    Problem solved!
    ...

    Just asking, I try $HTTP_GET_VARS['a']
    This one works as well!
    Why? My PHP version is php-4.3.3

    The $HTTP_GET_VARS was introduced in PHP version earlier than 4.1.0.
    Does this mean that we can use $HTTP_GET_VARS as long as our PHP is 4.1.0 above or even future version of it, like PHP5.0, etc?

    Thanks.
    Hm... So my eyes aren't bad. =) Good to hear that!

    (From php manual)
    Predefined variables

    $_GET Variables provided to the script via HTTP GET. Analogous to the old $HTTP_GET_VARS array (which is still available, but deprecated).
    So...$HTTP_GET_VARS and others works for me on PHP Version 4.3.3RC1. But as in the manual, it's deprecated. Maybe they will remove it. I don't know...sorry. I'd like to know that too. And I can't say anything about php 5, because I use an older one. But I think it will contain these variables.

    And read the manual, you can learn other things about these variables...example:
    these superglobals cannot be used as variable variables. And there are some words about scope of variables... It's good to know...

    Cheers! =)
    d(o.O)b -- Notice: undefined variable: /me

  12. #12
    SitePoint Evangelist ckchin's Avatar
    Join Date
    Mar 2002
    Location
    msia
    Posts
    487
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    After trying many of these, sessions still available!
    Please refer to picture for better understanding my problem.
    Thanks in advance.

    Additional Question:
    Just asked my web hoster, they have global setting is enabled. Question, any potential security problem when having the global setting enable?
    PHP Code:
    function do_Logout() {
    session_start();
    /*
    if (isset($_POST['uid']) { 
    unset($_POST['uid']); 
    } else { 
    unset($_SESSION['uid']); 

    if (isset($_POST['pwd']) { 
    unset($_POST['pwd']); 
    } else { 
    unset($_SESSION['pwd']); 
    }
    */
    session_unset();
    unset(
    $_SESSION);
    //unset($uid);unset($pwd);
    //unset($_POST['uid']);unset($_POST['uid']);
    //$_SESSION['uid'] = '';
    //$_SESSION['pwd'] = '';
    $_SESSION = array(); 
    session_destroy(); 
    login_form();
    exit;

    Picture url:
    http://www.geocities.com/mrckchin/error.htm

  13. #13
    SitePoint Zealot rae's Avatar
    Join Date
    Apr 2003
    Location
    bedroom :P
    Posts
    157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hm... weird...
    Can you attach all of the codes you've used?
    I can test it on my machine... and maybe that will help.

    And about the red text on the picture...
    1- After clicking on the logout link, the login form processed... it's ok
    2- If you click back, and you get "page expired" that's about the header things in html... it's ok
    3- If you refresh with resending the data and you get a logged in status... that's bad. :P that's indicating the logout wasn't ok.
    so I need the code to help more. =)
    d(o.O)b -- Notice: undefined variable: /me

  14. #14
    SitePoint Evangelist ckchin's Avatar
    Join Date
    Mar 2002
    Location
    msia
    Posts
    487
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks rae,

    My attachment of the said files is at the below url:

    http://www.geocities.com/mrckchin/ck...pointforum.zip

    Thanks in advance first.

    ckchin

  15. #15
    SitePoint Evangelist ckchin's Avatar
    Join Date
    Mar 2002
    Location
    msia
    Posts
    487
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    up for attention.

  16. #16
    SitePoint Zealot rae's Avatar
    Join Date
    Apr 2003
    Location
    bedroom :P
    Posts
    157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi!

    Sadly, but same problem here... I made some correction in the code, but the browser back button thing is the same...
    I think it's not your "mistake"... it's about the ~concept.

    So now, I'm making a completely new login mechanism! Maybe today, I'm gonna finish it. If I'm ready with it, I'm gonna attach the sources here... ok?

    I'm thinking about to write an article about that to sitepoint... but I'm not registered as a contributor...

    So please be patient a bit, while I'm finishing it... I need to hurry, because I need these scripts in my work too. )
    d(o.O)b -- Notice: undefined variable: /me

  17. #17
    SitePoint Evangelist ckchin's Avatar
    Join Date
    Mar 2002
    Location
    msia
    Posts
    487
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks. Waiting to your solution.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •