Displaying logout notice

**nayen** · Oct 23, 2012 05:08

Hi,

I am working on a login script and I want to display a message on the login.php page once the user is logged out.

I have something like the following:

PHP Code:


<?php



$logged_out = FALSE;



if (isset($_GET['action']) AND $_GET['action'] == 'logout') {

    $logged_out = TRUE;

    session_destroy();

}



if ($logged_out === TRUE) echo 'You are successfully logged out.'



?>

I use "login.php?action=logout" as the logout link.

Although the logout action is done, the message is not displayed and I guess the reason is that when I destroy the session, the variable $logged_out becomes FALSE again so that the notice is not displayed. Do you have any idea how I could display such a message? WordPress does something like this (it displays a message on login page when you log out) but I couldn't figure it out.

Thanks.

**Cups** · Oct 23, 2012 05:19

I have something like the following:

No, $logged_out will not be destroyed with the session.

So, perhaps you have some other flaw in you logic which you have not showed us.

Else, make sure that code is reached by putting an else statement:

PHP Code:


if ($logged_out === TRUE){

 echo 'You are successfully logged out.' 

}else{

 echo 'OOPs, no you are still logged in.' 

}

var_dump( $logged_out);

**StarLion** · Oct 23, 2012 06:55

I'd advise against using 'AND' as opposed to '&&', for starters, but that's irrelevant to the problem.

Secondly, why seperate the two?

PHP Code:


if (isset($_GET['action']) && $_GET['action'] == 'logout') {
    session_destroy();
   echo 'You are successfully logged out.' 
}

**nayen** · Oct 23, 2012 10:03

Originally Posted by StarLion

I'd advise against using 'AND' as opposed to '&&', for starters, but that's irrelevant to the problem.

Secondly, why seperate the two?

PHP Code:


if (isset($_GET['action']) && $_GET['action'] == 'logout') {

    session_destroy();

   echo 'You are successfully logged out.' 

}

May I ask the reason why you'd advise against 'AND'?

I need to separate the two because I am displaying the message on another page (login.php) which includes this login script (login-script.php). Anyway, perhaps it will be clearer with my actual setup:

login.php

PHP Code:


<?php

session_start();

require 'login-script.php'

?>

<!doctype html>

<html>

<head>

    <meta charset="utf-8" />

    <title>Login</title>

</head>

<body>

    <?php if ($missing_info) echo 'Please enter a username and password.' ?>

    <?php if ($invalid_login) echo 'Invalid login details.' ?>

    <?php if ($logged_out) echo 'You are successfully logged out.' ?>

    <form action="" method="post">

        <p>Username<br /><input type="text" name="username" value="<?php if (isset($_POST['username'])) echo $_POST['username'] ?>" /></p>

        <p>Password<br /><input type="password" name="password" /></p>

        <p><input type="submit" name="login" value="Log In" /></p>

    </form>

</body>

</html>

login-script.php

PHP Code:


<?php



$logged_out = FALSE;



// Check if Logout button is clicked.

if (isset($_GET['action']) AND $_GET['action'] == 'logout') {

    $logged_out = TRUE;

    session_destroy();

}



// Check if the user is already logged in.

if (isset($_SESSION['username'])) {

    header('Location: index.php');

} else {



    $missing_info = FALSE;

    $invalid_login = FALSE;



    // Check if submit button is clicked.

    if (isset($_POST['login'])) {



        // Check if username and/or password fields are empty.

        if (empty($_POST['username']) OR empty($_POST['password'])) {

            $missing_info = TRUE;

        } else {

            

            // Check if the username and password are correct.

            if (($_POST['username'] != 'nayen') OR $_POST['password'] != 'xyz123') {

                $invalid_login = TRUE;

            } else {

                $_SESSION['username'] = $_POST['username'];

                header('Location: index.php');

            }

        }

    }

}

?>

index.php

PHP Code:


<?php

    // Content...

    

    <a href="login.php?action=logout">Log Out</a>

?>

Apart from displaying that "logged out" message, I would be happy if you have any suggestions about my logic or code or any points that I might have missed. Thank you both.

**kduv** · Oct 23, 2012 14:18

Instead of session_destroy(), why not unset($_SESSION['username']);? That will effectively log a user out since you're using $_SESSION['username'] to check if they're logged in. It will also allow you to continue using the $_SESSION array for other things that don't require a user to be logged in.

**nayen** · Oct 23, 2012 22:29

Originally Posted by kduv

Instead of session_destroy(), why not unset($_SESSION['username']);? That will effectively log a user out since you're using $_SESSION['username'] to check if they're logged in. It will also allow you to continue using the $_SESSION array for other things that don't require a user to be logged in.

I used session_destroy() because every login script tutorial I have went through up to now uses it. I will keep your suggestion in mind. Can you please give me an example for using $_SESSION array after the user is logged out?

**StarLion** · Oct 24, 2012 06:42

non-login information may be retained beyond logout, such as... visitor's country. Preferred UI style/color, etc.

As for "why && instead of AND"... && has higher precedence than AND.

$f = true AND false;

What should the value of $f be? Would you be surprised if it was true?

= has higher precedence than AND, so the line above is evaluated as ($f = true) and false, instead of $f = (true and false).

Parenthesis can be used to ensure precedence (and readability), but I find it simpler just to stick to && and ||.

**nayen** · Oct 24, 2012 07:09

Originally Posted by StarLion

non-login information may be retained beyond logout, such as... visitor's country. Preferred UI style/color, etc.

As for "why && instead of AND"... && has higher precedence than AND.

$f = true AND false;

What should the value of $f be? Would you be surprised if it was true?

= has higher precedence than AND, so the line above is evaluated as ($f = true) and false, instead of $f = (true and false).

Parenthesis can be used to ensure precedence (and readability), but I find it simpler just to stick to && and ||.

Thanks for clarification. I always use parenthesis to ensure precedence because I find it a lot easier to read the code. In fact I had been using && and || until I started working on this login script. By the way, I still couldn't figure out why I can't display the logged out message.

**StarLion** · Oct 24, 2012 08:02

The code in your OP works fine for me. You sure you copy and pasted it exactly?

**nayen** · Oct 24, 2012 08:17

Originally Posted by StarLion

The code in your OP works fine for me. You sure you copy and pasted it exactly?

I posted my actual setup on this post. The code in the OP was just a sample.

**nayen** · Oct 24, 2012 09:04

UDDATE: I found the solution. On login-script.php, I changed second "if" statement to "elseif" and the "logged out" message now displays exactly where and when I want it to display. Thank you all for your input.

**StarLion** · Oct 24, 2012 13:13

I'd suggest getting more syntactically-accurate with your IF's in general...at the very least, put semicolons on the ends of the statements.

User Tag List

Thread: Displaying logout notice

Thread Tools

Display

Displaying logout notice

Bookmarks

Bookmarks

Posting Permissions