How to log out

[gilgalbiblewheel]

I'm trying to figure out how to Log out. I got the example from http://ca3.php.net/manual/en/function.session_destroy:

PHP Code:

<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();
/*
session_start();
include("dbconnection.php");
$past = time() - 100;
//this makes the time in the past to destroy the cookie
setcookie("ID_my_site", "gone", $past);
setcookie("Key_my_site", "gone", $past);
setcookie("Admin_my_site", "gone", $past);
*/
header("Location: ../index.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Logout</title>
</head>

<body>
<?php

?> 
</body>
</html>

It's not logging out.

[crmalibu]

Check your cookies. Does the name/value of the cookie look the same before, and after the logout page?

[gilgalbiblewheel]

Check your cookies. Does the name/value of the cookie look the same before, and after the logout page?

How do I check my cookies? I'm new in this.

Thats looks alright; how are you determining that the session is being retained?

This is my login script before the html tags in the twotext/index.php:

PHP Code:

session_start();
include("dbconnection.php");
//say goodbye to magic_quotes_gpc! no false security.
/*
$errors = array();

if($_SERVER['REQUEST_METHOD'] == "POST"){
    if(empty($_POST['username'])){
        $errors[] = "username was empty";
    }
    if(empty($_POST['password'])){
        $errors[] = "password was empty";
    }
    if(empty($_POST['email'])){
        $errors[] = "e-mail was empty";
    }
    if(count($errors) == 0){*/
        //fix magic_quotes_gpc() being on
        if(get_magic_quotes_gpc()){
            foreach($_GET as $k => $v){
                $_GET[$k] = stripslashes($v);
            }
            foreach($_POST as $k => $v){
                $_POST[$k] = stripslashes($v);
            }
            foreach($_COOKIE as $k => $v){
                $_COOKIE[$k] = stripslashes($v);
            }
        }
    //Checks if there is a login cookie
    if(isset($_COOKIE['ID_my_site'])){ //if there is, it logs you in and directs you to the members page
        $myusername = $_COOKIE['ID_my_site'];
        $pass = $_COOKIE['Key_my_site'];
        $admin = $_COOKIE['Admin_my_site'];
        $user = $_COOKIE['User_my_site'];    
        $sql = "SELECT * FROM ";
        if($admin=="yes"){
            $sql .= $dbTable2;
        }else{
            $sql .= $dbTable;
        }
        $sql .= " WHERE username = '".mysql_real_escape_string($myusername)."'";
        $check = mysql_query($sql)or die(mysql_error());
        while($info = mysql_fetch_array( $check )){
            if($pass == $info['password']){
                $writeusername = "Welcome ".$myusername."! <br />Visit your <a href=\"login/member.php\">member's stat</a> <br /><a href=\"login/logout.php\">Logout</a>";
            }
        }
    }
    //variable to keep track of whether to show the user the login form or not
    $showlogin = true; //we show the form by default, -unless- we know they have logged in
      
    //if the login form is submitted
    if (isset($_POST['submit'])){ // if form has been submitted
        if(!$_POST['username'] || !$_POST['pass']) {// makes sure they filled it in
            $writeemptyfield = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">You did not fill in a required field.</td></tr>";
        }// checks it against the database
        $_POST['email'] = mysql_real_escape_string($_POST['email']);
        $db['username'] = mysql_real_escape_string($_POST['username']);
        $sql = "SELECT * FROM ";
        if($admin=="yes"){
            $sql .= $dbTable2;
        }else{
            $sql .= $dbTable;
        }
        $sql .= " WHERE username = '".$db['username']."'";
        $check = mysql_query($sql) or die(mysql_error());
        //Gives error if user dosen't exist
        $check2 = mysql_num_rows($check);
        if ($check2 == 0) {
            $writeusernoexist = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">That user does not exist in our database.</td></tr>";
        }
        while($info = mysql_fetch_array( $check )){
            $_POST['pass'] = md5($_POST['pass']);
            //gives error if the password is wrong
            if ($_POST['pass'] != $info['password']){
                $writewrongpassword = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">Incorrect password, please try again.</td></tr>";
            }else{
                // if login is ok then we add a cookie
                $hour = time() + 3600;
                setcookie("ID_my_site", $_POST['username'], $hour);
                setcookie("Key_my_site", $_POST['pass'], $hour);
    
            //they are logged in. no need to show the login form
            $showlogin = false;
              
              if($_POST["admin"]=="yes"){
                  setcookie("Admin_my_site", $_POST['admin'], $hour);
              }else{
                  setcookie("User_my_site", $_POST['admin'], $hour);
              }
              header("Location: ../index.php");
          }
      }
    }
/*  }
}*/

$_SESSION['logged_in'] = 1; 


The login form is as an include file within the html tags:

PHP Code:

<?php include("dbconnection.php"); ?>
<div style="float: left; width: 100%; margin: 0px 0px 0px 0px; background-color: #7C7C7C; border: 1px solid #A5A498; border-width: 1px 1px 0px 1px;">
    <span style="float: left; padding: 2px 10px 0px 12px; color: #FFFFFF; font-family: arial; font-weight:bold; font-size: 13px;">Login</span>
</div>
<div style="float: left; width: 100%; height: 150px; background-color: #B4B3A9; border: 1px solid #A5A498; margin: 0px 0px 0px 0px; overflow-x: hidden; overflow-y: auto;">

<?php if(isset($_COOKIE['ID_my_site'])){ ?>
<span style="float: left; text-align: left; padding: 5px 5px 5px 5px;">
  Welcome <span id="myusername"><?php echo $myusername; ?> </span>!<br />
  Visit your <a style="text-decoration: none;" href="login/member.php" onmouseover="this.style.textDecoration='underline';" onmouseout="this.style.textDecoration='none';" >member's stat</a><br />
  <a style="text-decoration: none;" href="login/logout.php" onmouseover="this.style.textDecoration='underline';" onmouseout="this.style.textDecoration='none';" >Logout</a>
</span>
<?php }else { ?>
<table border="0">
        <tr>
            <td>Administrator:</td><td><input type="checkbox" id="adminid" name="admin" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C;" value="no" onClick="if(this.value=='no'){this.value='yes'; document.getElementById('register').style.display = 'none';} else{this.value='no';document.getElementById('register').style.display = 'block';};" /></td>
       </tr>
<?php echo $writeemptyfield; ?>
<?php echo $writeusernoexist; ?>
        <tr>
            <td>Username:</td>
            <td><input type="text" name="username" id="username" style="float: left; border: 1px solid #7C7C7C; font: 9px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" value="User Name" onBlur="if (this.value == '') this.value = 'User Name';" onFocus="if (this.value == 'User Name') this.value = '';" /></td>
       </tr>
<?php echo $writewrongpassword; ?>        
        <tr>
            <td>Password:</td><td><input type="password" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" name="pass" id="pass" /></td></tr>
        <tr>
            <td><a id="register" href="login/register.php" style="float: left; display: block; background-color: #7C7C7C; text-align: left; padding: 0px 0px 0px 5px; width: 80px; height: 20px; text-decoration: none; color: #ffffff; border: 1px solid #7C7C7C; font-weight: bold;" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'">Register</a></td><td align="right"><input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Login" /></td>
        </tr>
    </table> 
<?php
}
?>
</div>

And the logout is a completely different page but redirects to the twotexts/index.php page. But it's not logging out.

[crmalibu]

Depends on the browser. You can use google to find out. For example, "view cookies firefox".

Anyway, your problem looks like you have other cookies you need to clear. It don't know how you decide whether or not someone is logged in across the different scripts you have(looks like you use some combination of individual cookies and a session), but whatever criteria you use, you need to work on it. Maybe that means unsetting all cookies. I see you use $_COOKIE['ID_my_site'] in one place, so that's definitely a cookie that needs to be removed.

Consider finding some tutorials for this. It looks like what you've built so far is getting very unorganized and complicated.

[gilgalbiblewheel]

Depends on the browser. You can use google to find out. For example, "view cookies firefox".

Anyway, your problem looks like you have other cookies you need to clear. It don't know how you decide whether or not someone is logged in across the different scripts you have(looks like you use some combination of individual cookies and a session), but whatever criteria you use, you need to work on it. Maybe that means unsetting all cookies. I see you use $_COOKIE['ID_my_site'] in one place, so that's definitely a cookie that needs to be removed.

Consider finding some tutorials for this. It looks like what you've built so far is getting very unorganized and complicated.

I used 3 php files: login.php, logout.php and index.php.

I think the checking the $_POST[] should be in the login.php. But then I'm guessing that the index.php page needs to read cookies which the login.php has set right?

PHP Code:

<?php
# index.php
session_start();
$logged_in = isset($_SESSION['logged_in']);
include("../dbconnection.php");
//say goodbye to magic_quotes_gpc! no false security.

$errors = array();

if($_SERVER['REQUEST_METHOD'] == "POST"){
    if(empty($_POST['username'])){
        $errors[] = "username was empty";
    }
    if(empty($_POST['password'])){
        $errors[] = "password was empty";
    }
    if(empty($_POST['email'])){
        $errors[] = "e-mail was empty";
    }
    if(count($errors) == 0){
        //fix magic_quotes_gpc() being on
        if(get_magic_quotes_gpc()){
            foreach($_GET as $k => $v){
                $_GET[$k] = stripslashes($v);
            }
            foreach($_POST as $k => $v){
                $_POST[$k] = stripslashes($v);
            }
            foreach($_COOKIE as $k => $v){
                $_COOKIE[$k] = stripslashes($v);
            }
        }
        //Checks if there is a login cookie
        if(isset($_COOKIE['ID_my_site'])){ //if there is, it logs you in and directs you to the members page
        $myusername = $_COOKIE['ID_my_site'];
        $pass = $_COOKIE['Key_my_site'];
        $admin = $_COOKIE['Admin_my_site'];
        $user = $_COOKIE['User_my_site'];    
        $sql = "SELECT * FROM ";
        if($admin=="yes"){
            $sql .= $dbTable2;
        }else{
            $sql .= $dbTable;
        }
        $sql .= " WHERE username = '".mysql_real_escape_string($myusername)."'";
        $check = mysql_query($sql)or die(mysql_error());
        while($info = mysql_fetch_array( $check )){
            if($pass == $info['password']){
                $writeusername = "Welcome ".$myusername."! <br />Visit your <a href=\"member.php\">member's stat</a> <br /><a href=\"login/logout.php\">Logout</a>";
            }
        }
    }
    //variable to keep track of whether to show the user the login form or not
    $showlogin = true; //we show the form by default, -unless- we know they have logged in

    //if the login form is submitted
    if (isset($_POST['submit'])){ // if form has been submitted
        if(!$_POST['username'] || !$_POST['pass']) {// makes sure they filled it in
            $writeemptyfield = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">You did not fill in a required field.</td></tr>";
        }// checks it against the database
        $_POST['email'] = mysql_real_escape_string($_POST['email']);
        $db['username'] = mysql_real_escape_string($_POST['username']);
        $sql = "SELECT * FROM ";
        if($admin=="yes"){
            $sql .= $dbTable2;
        }else{
            $sql .= $dbTable;
        }
        $sql .= " WHERE username = '".$db['username']."'";
        $check = mysql_query($sql) or die(mysql_error());
        //Gives error if user dosen't exist
        $check2 = mysql_num_rows($check);
        if ($check2 == 0) {
            $writeusernoexist = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">That user does not exist in our database.</td></tr>";
        }
        while($info = mysql_fetch_array( $check )){
            $_POST['pass'] = md5($_POST['pass']);
                //gives error if the password is wrong
                if ($_POST['pass'] != $info['password']){
                    $writewrongpassword = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">Incorrect password, please try again.</td></tr>";
                }else{
                    // if login is ok then we add a cookie
                    $hour = time() + 3600;
                    setcookie("ID_my_site", $_POST['username'], $hour);
                    setcookie("Key_my_site", $_POST['pass'], $hour);
                    
                    //they are logged in. no need to show the login form
                    $showlogin = false;
                    if($_POST["admin"]=="yes"){
                        setcookie("Admin_my_site", $_POST['admin'], $hour);
                    }else{
                        setcookie("User_my_site", $_POST['admin'], $hour);
                    }
                    header("Location: login.php");
                }
            }
        }
    }
}

//$_SESSION['logged_in'] = 1;    
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>

<body>
<?php if ($logged_in): ?>
<form action="<?php echo "logout.php";//$_SERVER['PHP_SELF'];?>" method="POST">
<span style="float: left; text-align: left; padding: 5px 5px 5px 5px;">
  Welcome <span id="myusername"><?php echo $myusername; ?> </span>!<br />
  Visit your <a style="text-decoration: none;" href="member.php" onmouseover="this.style.textDecoration='underline';" onmouseout="this.style.textDecoration='none';" >member's stat</a><br />
  <input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Logout" />
</span>
</form>

<?php else: ?>

<form action="<?php echo "login.php";//$_SERVER['PHP_SELF'];?>" method="POST">
<table border="0">
        <tr>
            <td>Administrator:</td><td><input type="checkbox" id="adminid" name="admin" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C;" value="no" onClick="if(this.value=='no'){this.value='yes'; document.getElementById('register').style.display = 'none';} else{this.value='no';document.getElementById('register').style.display = 'block';};" /></td>
       </tr>
<?php echo $writeemptyfield; ?>
<?php echo $writeusernoexist; ?>
        <tr>
            <td>Username:</td>
            <td><input type="text" name="username" id="username" style="float: left; border: 1px solid #7C7C7C; font: 9px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" value="User Name" onBlur="if (this.value == '') this.value = 'User Name';" onFocus="if (this.value == 'User Name') this.value = '';" /></td>
       </tr>
<?php echo $writewrongpassword; ?>        
        <tr>
            <td>Password:</td><td><input type="password" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" name="pass" id="pass" /></td></tr>
        <tr>
            <td><a id="register" href="login/register.php" style="float: left; display: block; background-color: #7C7C7C; text-align: left; padding: 0px 0px 0px 5px; width: 80px; height: 20px; text-decoration: none; color: #ffffff; border: 1px solid #7C7C7C; font-weight: bold;" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'">Register</a></td><td align="right"><input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Login" /></td>
        </tr>
    </table>
</form>
<?php endif; ?> 
</body>
</html>

PHP Code:

<?php
    # login.php
    
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
    session_start();
    $_SESSION['logged_in'] = true;
    header('HTTP/1.1 303 See Other');
}
header('Location: index.php');
?>

PHP Code:

<?php
    # logout.php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
    session_start();
    session_destroy();
    header('HTTP/1.1 303 See Other');
}
header('Location: index.php');
?>