Help with authentication!

ExuLt4Nt

I am trying to create a logout button to a login page that I have.
wonder if anyone can explain to me how it works (not asking
anyone to give me their codes)

I have been playing with php for not too long. (newbie)
First I have a table that store the value of username and
password.

Second - I created a login page requiring user to login to access certain page.

Third - So far it works fine but I am not sure how I can create a logout button so I can click on it whenever I want to exit,
I was thinking that maybe I can use session_unregister and
session_destroy to do so but so far no result.
maybe I dunno how to use it or just not the right way to do a
logout.

Fourth - manage to create a login page but what if I want to jump to another page that requires authentication.
I think I have to use session_register?

can anyone explain to me what I should do? or even direct me to
tutorials or anything that can help!
thanks!!

database: MSSQL
connecting using: ODBC function
PHP: 4.12

tasistro

Try this example:

The idea is to have a UID variable which is the unique user ID on the dbase. Once you submit your login parameters (password, username) it runs checkLogin. If the pair matches it returs the UID and sets in in a cookie plus a TH (hash value which is unique in time) so you cant steal a session through cookies robbing. Once the UID is set it is recovered on every post and checked with the TH throuh validateLogin(). If the system smells something funny it resets UID (sets it to 0) and that automatically logs you out since there is no user with UID ==0. Check out the if statements you see that once the Logout button is pressed UID is set to 0 thus killing the session.

Saludos
Gerardo

PS a the code is based on class programing that is why you'll see a lot of $this->blablablas

    if (1==1) {
        // success binding to dbase

        // load session if possible else load default login values
        session_start();

// echo "AFTER SESSION START USER STATUS IS ".$GLOBALS["UID"].":".$GLOBALS["TH"].": ";
$this->user["logged"]["UID"]=$GLOBALS["UID"];
$this->user["logged"]["TH"]=$GLOBALS["TH"];

        $this->_loadSession();

        // continue configuring
        $this->user["logged"]["login"]=1;
        while ($this->user["logged"]["login"]==1) {
            switch ($this->user["logged"]["status"]) {
            // if not logged
                case 0:
                            if (isset($this->form_input["page"]["button"]["logout"])) { // logout
                                $this->user["logged"]["login"]=0;
                            }
                            if (isset($this->form_input["page"]["button"]["doregistration"])) {
                                $this->user["logged"]["status"]=10;
                            }
                            if (isset($this->form_input["page"]["button"]["dologin"])) {
                                if ($this->_checkLogin()) {
                                //      if log valid
                                    $this->user["logged"]["status"]=1;
                                } else {
                                //      if log invalid
                                    $this->user["logged"]["status"]=0;
                                }
                                $this->user["logged"]["login"]=0;
                            }
                            $this->user["logged"]["login"]=0;
                            break;
            // if logged
                case 1:

                            if ($this->_validateLogin()) {
                            //      if log valid
                                if (isset($this->form_input["page"]["button"]["logout"])) { // logout
                                    //remove the local session
                                    session_destroy();
                                    //remove the client session
                                    setcookie("SES_NAME","","","/");

// echo "loging out ";
$this->user["logged"]["status"]=0;
$this->user["logged"]["login"]=1;
$this->user["logged"]["UID"]=-1;
$this->user["logged"]["TH"]="";
//echo "CLOSING LOGIN ";
} else {
// echo "keeping login ";
$this->user["logged"]["login"]=0;
}
} else {
// if log invalid
//remove the local session
session_destroy();
//remove the client session
setcookie("SES_NAME","","","/");
// echo "loging out ";
$this->user["logged"]["login"]=1;
$this->user["logged"]["status"]=0;
}
break;
// if registration
case 10:
$this->user["logged"]["login"]=0;
break;
} // switch user logged status
} // while user login in process status>10
if ($this->user["logged"]["status"]==1) {
$GLOBALS["UID"]=$this->user["logged"]["UID"];
$GLOBALS["TH"]=$this->user["logged"]["TH"];
} else {
$GLOBALS["UID"]=-1;
$GLOBALS["TH"]="";
}
session_register("UID");
session_register("TH");
//echo "BEFORE REGISTER GLOBALS[UID]=".$GLOBALS["UID"]." GLOBALS[TH]=".$GLOBALS["TH"]." ";
} else {
// try restart mysqld
// terminate email admin
}

plaztic

Howdy,

I found a good tutorial on devshed.com

http://www.devshed.com/Server_Side/PHP/UserAuth/print_html

Towards the end of the article is the info you'd be interested in.

I used and adpated it in many of my own programs...good primer to help you understand step by step how to do it and what's happening.

It also has the info you're looking for on logging out a user...

Good Luck...

ExuLt4Nt

Many thanks tasistro for explaining how it works!!
I am going to try it now.
Thanks a million!!

Thanks plaztic for redirecting me!!

might have futher question after I try it

thanks thanks thanks