473,465 Members | 1,904 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

Problem with Sessions when Log in and Log out

25 New Member
Hi friends,
I am having some problem working with my script on session stuffs. Well, i have a login page which authenticates users by using sql script then if login is successful i have [PHP] $_SESSSION['logged in']=true; and $_SESSION[userid]=$userid [/PHP] and when login is true i have included the page based on the access level of users . Like if it is a regular user i have include "user.php" ; exit() and if admin i have included admin page.

Also i have a log out script which unsets the sessions variable and distroy the session at last.
Also when admin loggs in to admin page i have a small php script that checks for those session variables and if the are set and "is true" then the pages are displayed.

My problem is when admin just comes out to the login page again without log out it allows to login to the main page but in main page if any < a href> link is clicked it goes back to login page. So then i will have to go back and log out first and then log in.. I am not sure why this strange things happens.
Also is there any way i can have a feature like when the users click back button it wont allow to go back to that page unless he is using the back button provided by the web interface.

I am new at the session stuffs, so i am not sure what i am doing is really a safe way to code a php page. are there any other things that i need to be aware of while using sessions.

Any suggestions or thoughts would be highly appreciated.
Thanks
Feb 18 '07 #1
3 1865
arizal
25 New Member
My Log Out code is like below

[PHP]

<?php
session_start();
//store to test if they were logged in
$old_user = $_SESSION['userid'];
$_SESSION['loggedIn'] = false;
unset ($_SESSION['userid']);
session_destroy();
?>
<html>
<body>
<h1>Logged out </h1>
<?php
if (!empty($old_user))
{
echo 'Successfully Logged out . <br />';
}
else
{
echo 'You were not logged in , and so have not been loged out . <br />';
}
?>
<a href = "login.php" > Log in </a>
</body>
</html>

[/PHP]

My Admin Login Page starting code is as follows
[PHP]

<?php
session_start();
if ( isset( $_SESSION['loggedIn'] ) && $_SESSION['loggedIn'] ) {
if (($_SESSION["userid"]) || ($_SESSION["userid"] != "")){
require_once 'functions.php';
$mode=$HTTP_GET_VARS['mode'];
$who='admin';
$loggedUserid = $_SESSION["userid"];
?>

[PHP]

And in that admin Logn page I am calling other page by using follwing code
[PHP]

if($_GET['mode'] == "user_mgmt")
{
include "user_mgmt.php";
}

if ($_GET['mode'] == "user_add")
{
include "user_add.php";
}

[/PHP]

So do i need to have session_start() on each of those pages ..i mean user_add.php and other..
Also the session id gets lost on the way which i fould when i echoed sessionid on top of page..

I dont know what is wrong but the session is not destroyed when i closed the browser without log out. I need to log in to the admin page and other link wont work in that page so i need to click Log out and then again log in ..for all other page to work...
I am having a feeling that i am doing something wrong and insecure..

Do you have any idea. I need help friends.
Feb 18 '07 #2
Atli
5,058 Recognized Expert Expert
Hi.

I don't fully understand your problem, but I have a couple of pointers.
HTTP_GET_VARS Is very old, and most likely soon to be removed.
I recommend using $_GET instead.

session_destroy() is a dangerous function. It destroys everything, which also
includes any other session data other parts of your page might be using.
I'd recommend unsetting only those variables you
want to destroy with the unset method.
This here is a code, that creates a simple user login / logout system.
I hope it will shed some light on you problem :)

[PHP]
<?php
// Start session
session_start();

// Check if a user is logged in
if(isset($_SESSION['UserID']))
{
// Check if the user has selected the logout option
// note. @ is to get wride of the undefined index warning
if(@$_GET['action'] == "logout")
{
// Destroy his data
unset($_SESSION['UserID']);
unset($_SESSION['UserName']);
unset($_SESSION['UserStatus']);

// Print Message
echo '<div align="center">You have been logged out<br /><a href="?">Continue</a></div>';
}

// The user doesn't want to logout, load his content!
else
{
// Print the user info
echo '<div align="center">You are logged in as '. $_SESSION['UserName'] .' - <a href="?action=logout">Logout</a></div>';

// Get the users content
if($_SESSION['UserStatus'] == "Admin")
{
// Get the admin content
echo '<p align="center"> You are an admin :O</p>';

@include("admin.php");
}
else
{
// Get the user oontent
echo '<p align="center">Pffft.. only a user >:)</p>';
@include("user.php");
}
}
}

// No user is logged on, Get the load form
else
{
// Check if the form has been submited
// by looking for the submit button
if(isset($_POST['LoginSubmit']))
{
// connect database
$DB = @mysql_connect("localhost", "user", "pass") or die(mysql_error());
@mysql_select_db("database") or die(mysql_error());

// Load the user data
$SQL = "SELECT UserID, UserStatus FROM UserTable
WHERE UserName = '". $_POST['UserName'] ."'
AND Password = '". $_POST['UserPassword'] ."'";

$RESULT = @mysql_query($SQL) or die(mysql_error());
$ROWS = @mysql_num_rows($RESULT) or die(mysql_error());

// Check the password
if($ROWS != 0)
{
// Get user data
$row = @mysql_fetch_assoc($RESULT) or die(mysql_error());

// Set the session values
$_SESSION['UserID'] = $row['UserID'];
$_SESSION['UserName'] = $_POST['UserName'];
$_SESSION['UserStatus'] = $row['UserStatus'];

// print message
echo '<div align="center">You have been logged on! <br /> <a href="?">Continue</a>';
}

// The password is wrong!
else
{
echo '<div align="center">No no no! You\'ve got it all wrong! <br /> <a href="?">Try again</a>';
}
}

// The data has not been submitted, print the form
else
{
echo '
<div align="center">
<form action"?" method="post">
Name: <input type="text" name="UserName" />
<br />Password : <input type="password" name="UserPassword" />
<br /><input type="submit" name = "LoginSubmit" />
</form>
</div>';
}
}
?>

[/PHP]
Feb 18 '07 #3
arizal
25 New Member
Hey thanks Atli,
i figured it out why it was not working fine...and now its working good....
Anyway thank you very much for yout time
Feb 19 '07 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

9
php sessions problem - wrong logic maybe
by: Bartosz Wegrzyn | last post by:
I need help with sessions. I createt set of web site for nav with authorization. first I go into main.php which looks like this: <?php //common functions include_once '../login/common.php';...
PHP
1
Problem with some SQL queries
by: Vince | last post by:
I have several questions about queries I make into my database. I will explain you. Could you please help me? 1)In my people table, persons have a title (Mr, Miss, or whatever). " select...
Oracle Database
6
Sessions Problem
by: Paul | last post by:
Hi all, I seem to been having a problem with sessions. I have a session in the login page Session("UserLevel") = (MM_rsUser.Fields.Item("Accesslevel").Value) which doesn't seem to be visible...
ASP / Active Server Pages
3
Problem with Session State being shared between users!
by: Philip Tepedino | last post by:
I'm having an odd problem. My website's session state is getting shared between users! This problem only happens when a user tries to access the site from inside our corporate LAN. The user,...
ASP.NET
17
Strange session timeout problem(urgent help needed).
by: jensen bredal | last post by:
Hello, i'm struggling with a somehow badly understood session scenario. I provide acces to my pages based on form authentication using Session cookies. Som of my pages are supposed to be...
ASP.NET
1
Help, Strange Session Problem
by: fizbang | last post by:
This should be impossible, but for some reason, people are not getting individual sessions. They start a session. I set the session("application") variable to the unique number generated by an...
ASP.NET
4
Problem resetting sessions with only one button click
by: Ian Davies | last post by:
Hello I am struggling for a solution to clear some fields on my webpage that takes their values from some sessions My solution below works when the button is clicked twice. I sort of know why I...
PHP
3
session hang problem
by: stclaus | last post by:
Hi, I'm currently experiencing a problem using sessions under php 4.4.2. I store variables and objects inside session variables, and all works well under php 5.x, but when I upload those pages to...
PHP
8
Huge problem gettng MySQLdb to work on my mac mini running Macosx10.5 Leopard
by: geert | last post by:
Hi all, I have a mac mini running maocosx 10.5 leopard I want to deploy a django project on. My backend is MySQL, and I have it running as a 64- bit app. Of course, apache2 is also running as...
Python
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us