FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


PHP login/logout problem





ammonkc
I'm trying to make a login and logout script for a page but for some reason its not working very well for me. it seems to work fine until I try to logout. it seems to destroy the session variables, but it still lets me view the page.
heres my login code:

Code:
<?php
session_start();
/**
this is the login script.  it checks the database to see if the use has permission
to access admin areas
**/
if (isset($_POST['loginBtn'])) {
   
   require("config.php");
   require("opendb.php");
   
   if (!get_magic_quotes_gpc()) {
      $_POST['username'] = addslashes($_POST['username']);
   }//end magic quotes if statement
   
   /** here i set some variables up **/
   $loginError = "";
   $username = $_POST['username'];
   $password = stripslashes($_POST['password']);
   
   /** here I query the db with the username and password entered**/
   $sql = "SELECT * FROM login WHERE username = '$username'";
   $result = mysql_query($sql) or die('SELECT error while loggin you in: '.mysql_error());
   $loginInfo = mysql_fetch_array($result, MYSQL_ASSOC);
   /** authenticate login information **/
   if (mysql_num_rows($result)==0) {
      $loginError .= "That username does not exist in our database.\n";
      die('That username does not exist in our database.');
   }//end if statement
   /** check that passwords match **/
   $loginInfo['password'] = stripslashes($loginInfo['password']);
   
   if ($password != $loginInfo['password']) {
      $loginError .= "Invalid password, please try again.";
      die('Invalid password, please try again.');
   }else{
      $_SESSION['loggedIn'] = true;
      $_SESSION['access'] = $loginInfo['access'];
      $_SESSION['username'] = $username;
      if ($_POST['loc']==1) {
         header("location:index.php");
      }elseif ($_POST['loc']==2) {
         header("location:admin/index.php");
      }
   }//end if else statement

}else{
?>


here is the script at the top of the page that checks if logged in:

Code:
<?php
session_start();
if (empty($_SESSION['loggedIn'])) {
   header("location:../login.php?loc=2");
}   
?>


and here is my logout script:

Code:
<?php
/** log the user out**/
if (empty($_SESSION['loggedIn'])) {
   //die('You are not logged in so you cannot log out.');
}
/**the unset() isn't working keeps giving me errors
unset($_SESSION['username']);
unset($_SESSION['access']);
unset($_SESSION['loggedIn'];**/
// kill session variables
$_SESSION = array(); // reset session array
session_destroy();   // destroy session.
header("location:index.php");// redirect them to anywhere you like.

?>


for some reason the unset() isn't working for me. this is the exact same script that I've used on many other sites, but for some reason its giving me errors now. so I commented out the unset() and it doesn't give me errors. but the page will still get past the login check after I logout.
thnn
Firstly are the password's encrypted in the database?

Now to the problem with unset. Strange.

Perhaps comment out the $_SESSION = array(); and try it. I cant see why you would need that. I have a logout script almost identical you yours and I have not trouble with it but it doesnt have the $_SESSION = array();.
ammonkc
Quote:
Perhaps comment out the $_SESSION = array(); and try it.

I tried it with that commented out. but still no luck.

Code:
unset($_SESSION['username']);
unset($_SESSION['access'];
unset($_SESSION['loggedIn']);//this seems to be where it has problems


after doing somemore debugging, I found that its not all of the unset()s that are causing the problem. its just unset($_SESSION['loggedIn']); that is causing the error. it doesn't get passed that point. I don't know why unset() doesn't like the $_SESSION['loggedIn']. could it be because its a boolean?
thnn
Chuck in session_start(); at the top of the logout page and try it.
ammonkc
yeah, I put that session_start() in there. I actually had that in there earlier but I took it out to see if that was causing it.
but it still seems to be the unset($_SESSION['loggedIn']);

if I comment out //unset($_SESSION['loggedIn']);
and use if (empty($_SESSION['username'])) instead it seems to work. it just kind of wierd that it wont take that loggedIn session var.
thnn
Yes it is very strange.
I use auth as the variable that tells if the user is logged in and I have had no trouble with it.

Try renaming the variable to something else and try.
ammonkc
ok I changed I got it to work. all I did is change:
Code:

unset($_SESSION['username']);
unset($_SESSION['access']);
unset($_SESSION['loggedIn']);

to this
Code:

unset($_SESSION['loggedIn']);
unset($_SESSION['access']);
unset($_SESSION['username']);


I really don't understand it at all. but for some reason it wont work if the $_SESSION['loggedIn'] is on after the other two. by putting it on the top of the other two unset()s it fixed it. that is really wierd. have any idea why it would do that
thnn
I remember now.
A while ago I read that you have to destroy them in the order you set them.
ammonkc
Quote:
Try renaming the variable to something else and try.

I did but it still gave me the error no matter what it was named as long as it came after the other two. but putting it on the top worked.
ammonkc
oh, that makes sense. I never knew that. but it would make sense since its a n array. thanks for the help
Related topics
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.