<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
/*
session_start();
include("dbconnection.php");
$past = time() - 100;
//this makes the time in the past to destroy the cookie
setcookie("ID_my_site", "gone", $past);
setcookie("Key_my_site", "gone", $past);
setcookie("Admin_my_site", "gone", $past);
*/
header("Location: ../index.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Logout</title>
</head>
<body>
<?php
?>
</body>
</html>
This is my login script before the html tags in the twotext/index.php:
session_start();
include("dbconnection.php");
//say goodbye to magic_quotes_gpc! no false security.
/*
$errors = array();
if($_SERVER['REQUEST_METHOD'] == "POST"){
if(empty($_POST['username'])){
$errors[] = "username was empty";
}
if(empty($_POST['password'])){
$errors[] = "password was empty";
}
if(empty($_POST['email'])){
$errors[] = "e-mail was empty";
}
if(count($errors) == 0){*/
//fix magic_quotes_gpc() being on
if(get_magic_quotes_gpc()){
foreach($_GET as $k => $v){
$_GET[$k] = stripslashes($v);
}
foreach($_POST as $k => $v){
$_POST[$k] = stripslashes($v);
}
foreach($_COOKIE as $k => $v){
$_COOKIE[$k] = stripslashes($v);
}
}
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site'])){ //if there is, it logs you in and directs you to the members page
$myusername = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$admin = $_COOKIE['Admin_my_site'];
$user = $_COOKIE['User_my_site'];
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".mysql_real_escape_string($myusername)."'";
$check = mysql_query($sql)or die(mysql_error());
while($info = mysql_fetch_array( $check )){
if($pass == $info['password']){
$writeusername = "Welcome ".$myusername."! <br />Visit your <a href=\\"login/member.php\\">member's stat</a> <br /><a href=\\"login/logout.php\\">Logout</a>";
}
}
}
//variable to keep track of whether to show the user the login form or not
$showlogin = true; //we show the form by default, -unless- we know they have logged in
//if the login form is submitted
if (isset($_POST['submit'])){ // if form has been submitted
if(!$_POST['username'] || !$_POST['pass']) {// makes sure they filled it in
$writeemptyfield = "<tr><td colspan=\\"2\\" style=\\"text-align: left; color: red;\\">You did not fill in a required field.</td></tr>";
}// checks it against the database
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$db['username'] = mysql_real_escape_string($_POST['username']);
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".$db['username']."'";
$check = mysql_query($sql) or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
$writeusernoexist = "<tr><td colspan=\\"2\\" style=\\"text-align: left; color: red;\\">That user does not exist in our database.</td></tr>";
}
while($info = mysql_fetch_array( $check )){
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']){
$writewrongpassword = "<tr><td colspan=\\"2\\" style=\\"text-align: left; color: red;\\">Incorrect password, please try again.</td></tr>";
}else{
// if login is ok then we add a cookie
$hour = time() + 3600;
setcookie("ID_my_site", $_POST['username'], $hour);
setcookie("Key_my_site", $_POST['pass'], $hour);
//they are logged in. no need to show the login form
$showlogin = false;
if($_POST["admin"]=="yes"){
setcookie("Admin_my_site", $_POST['admin'], $hour);
}else{
setcookie("User_my_site", $_POST['admin'], $hour);
}
header("Location: ../index.php");
}
}
}
/* }
}*/
$_SESSION['logged_in'] = 1;
The login form is as an include file within the html tags:
Depends on the browser. You can use google to find out. For example, “view cookies firefox”.
Anyway, your problem looks like you have other cookies you need to clear. It don’t know how you decide whether or not someone is logged in across the different scripts you have(looks like you use some combination of individual cookies and a session), but whatever criteria you use, you need to work on it. Maybe that means unsetting all cookies. I see you use $_COOKIE[‘ID_my_site’] in one place, so that’s definitely a cookie that needs to be removed.
Consider finding some tutorials for this. It looks like what you’ve built so far is getting very unorganized and complicated.
I used 3 php files: login.php, logout.php and index.php.
I think the checking the $_POST should be in the login.php. But then I’m guessing that the index.php page needs to read cookies which the login.php has set right?
<?php
# index.php
session_start();
$logged_in = isset($_SESSION['logged_in']);
include("../dbconnection.php");
//say goodbye to magic_quotes_gpc! no false security.
$errors = array();
if($_SERVER['REQUEST_METHOD'] == "POST"){
if(empty($_POST['username'])){
$errors[] = "username was empty";
}
if(empty($_POST['password'])){
$errors[] = "password was empty";
}
if(empty($_POST['email'])){
$errors[] = "e-mail was empty";
}
if(count($errors) == 0){
//fix magic_quotes_gpc() being on
if(get_magic_quotes_gpc()){
foreach($_GET as $k => $v){
$_GET[$k] = stripslashes($v);
}
foreach($_POST as $k => $v){
$_POST[$k] = stripslashes($v);
}
foreach($_COOKIE as $k => $v){
$_COOKIE[$k] = stripslashes($v);
}
}
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site'])){ //if there is, it logs you in and directs you to the members page
$myusername = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$admin = $_COOKIE['Admin_my_site'];
$user = $_COOKIE['User_my_site'];
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".mysql_real_escape_string($myusername)."'";
$check = mysql_query($sql)or die(mysql_error());
while($info = mysql_fetch_array( $check )){
if($pass == $info['password']){
$writeusername = "Welcome ".$myusername."! <br />Visit your <a href=\\"member.php\\">member's stat</a> <br /><a href=\\"login/logout.php\\">Logout</a>";
}
}
}
//variable to keep track of whether to show the user the login form or not
$showlogin = true; //we show the form by default, -unless- we know they have logged in
//if the login form is submitted
if (isset($_POST['submit'])){ // if form has been submitted
if(!$_POST['username'] || !$_POST['pass']) {// makes sure they filled it in
$writeemptyfield = "<tr><td colspan=\\"2\\" style=\\"text-align: left; color: red;\\">You did not fill in a required field.</td></tr>";
}// checks it against the database
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$db['username'] = mysql_real_escape_string($_POST['username']);
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".$db['username']."'";
$check = mysql_query($sql) or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
$writeusernoexist = "<tr><td colspan=\\"2\\" style=\\"text-align: left; color: red;\\">That user does not exist in our database.</td></tr>";
}
while($info = mysql_fetch_array( $check )){
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']){
$writewrongpassword = "<tr><td colspan=\\"2\\" style=\\"text-align: left; color: red;\\">Incorrect password, please try again.</td></tr>";
}else{
// if login is ok then we add a cookie
$hour = time() + 3600;
setcookie("ID_my_site", $_POST['username'], $hour);
setcookie("Key_my_site", $_POST['pass'], $hour);
//they are logged in. no need to show the login form
$showlogin = false;
if($_POST["admin"]=="yes"){
setcookie("Admin_my_site", $_POST['admin'], $hour);
}else{
setcookie("User_my_site", $_POST['admin'], $hour);
}
header("Location: login.php");
}
}
}
}
}
//$_SESSION['logged_in'] = 1;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>
<body>
<?php if ($logged_in): ?>
<form action="<?php echo "logout.php";//$_SERVER['PHP_SELF'];?>" method="POST">
<span style="float: left; text-align: left; padding: 5px 5px 5px 5px;">
Welcome <span id="myusername"><?php echo $myusername; ?> </span>!<br />
Visit your <a style="text-decoration: none;" href="member.php" onmouseover="this.style.textDecoration='underline';" onmouseout="this.style.textDecoration='none';" >member's stat</a><br />
<input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Logout" />
</span>
</form>
<?php else: ?>
<form action="<?php echo "login.php";//$_SERVER['PHP_SELF'];?>" method="POST">
<table border="0">
<tr>
<td>Administrator:</td><td><input type="checkbox" id="adminid" name="admin" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C;" value="no" onClick="if(this.value=='no'){this.value='yes'; document.getElementById('register').style.display = 'none';} else{this.value='no';document.getElementById('register').style.display = 'block';};" /></td>
</tr>
<?php echo $writeemptyfield; ?>
<?php echo $writeusernoexist; ?>
<tr>
<td>Username:</td>
<td><input type="text" name="username" id="username" style="float: left; border: 1px solid #7C7C7C; font: 9px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" value="User Name" onBlur="if (this.value == '') this.value = 'User Name';" onFocus="if (this.value == 'User Name') this.value = '';" /></td>
</tr>
<?php echo $writewrongpassword; ?>
<tr>
<td>Password:</td><td><input type="password" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" name="pass" id="pass" /></td></tr>
<tr>
<td><a id="register" href="login/register.php" style="float: left; display: block; background-color: #7C7C7C; text-align: left; padding: 0px 0px 0px 5px; width: 80px; height: 20px; text-decoration: none; color: #ffffff; border: 1px solid #7C7C7C; font-weight: bold;" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'">Register</a></td><td align="right"><input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Login" /></td>
</tr>
</table>
</form>
<?php endif; ?>
</body>
</html>
<?php
# login.php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
session_start();
$_SESSION['logged_in'] = true;
header('HTTP/1.1 303 See Other');
}
header('Location: index.php');
?>
<?php
# logout.php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
session_start();
session_destroy();
header('HTTP/1.1 303 See Other');
}
header('Location: index.php');
?>