Hi I have the mayor part of these scripts from an article on login scripts. I can register a new user and log in but when I try to log out then I always get the message that I wasn't log out and I don't know where the problem is:
can anybody take a look and give me some comments?
Thanks,
Jonathan
This is the script to connect to the database:
users_db.php
<?php
// checks if a session already exits
session_start();
//connection to the database users
$db = mysql_connect("localhost","root","root")
or die("Could not connect : ". mysql_error());
echo '<b>connection succesful!</b><br />';
mysql_select_db("Users", $db);
echo 'this is the username: '.$SESSION['username'].'<br />';
echo 'and this is the password:'.$SESSION['password'].'<br />';
// if the session doesn't exist then logged_in = false
if(!isset($SESSION['username']) || !isset($SESSION['password'])) {
$logged_in = 0;
return;
}//if
else {
if(!get_magic_quotes_gpc()) {
$SESSION['username'] = addslashes($SESSION['username']);
echo 'Username: '.$_SESSION['username'];
}//if
// addslashes to session username before using in a query.
$pass = mysql_query("select password from users where username = '".$_SESSION['username']."'")
or die ('Query failed: '.mysql_error().'<br />');
if(mysql_error()) {
$logged_in = 0;
// kill incorrect session variables.
unset($_SESSION['username']);
unset($_SESSION['password']);
}//if
$db_pass = mysql_fetch_array($pass, MYSQL_ASSOC);
// now we have encrypted pass from DB in $db_pass['password'], stripslashes() just incase:
$db_pass['password'] = stripslashes($db_pass['password']);
$SESSION['password'] = stripslashes($SESSION['password']);
//compare if the given password is correct:
if($SESSION['password'] == $db_pass['password']) { // valid password for username
$logged_in = 1; // they have correct info in session variables.
}//if
else {
// kill incorrect session variables.
$logged_in = 0;
unset($SESSION['username']);
unset($_SESSION['password']);
}//else
}//else
unset($db_pass['password']);// clean up the session for comparison
$SESSION['username'] = stripslashes($SESSION['username']);
echo 'this is the username: '.$_SESSION['username'].'<br />';
?>
this is the login script:
login.php
<?php
session_start();
// database connect script.
require("users_db.php");
//checks if logged in
if($logged_in == 1) {
die('You are already logged in, '.$_SESSION['username'].'<br />');
echo '<a href="logout.php">click here to logout!!!</a>';
}//if
?>
<html>
<head>
<title>Login</title>
</head>
<body bgcolor="lightblue">
<span style="position: absolute; top:180px; left:350px;">
<?php
// if form has been submitted
if(isset($_POST['submit'])) {
/* check they filled in what they were supposed to and authenticate */
if(!$_POST['uname'] | !$_POST['passwd']) {
die('<font color="red">You didn\'t fill in a required field.</font>');
}//if
// authenticate.
if(!get_magic_quotes_gpc()) {
$_POST['uname'] = addslashes($_POST['uname']);
}//if
//queries the db for username and password
$check = mysql_query("select username, password from users where username = '".$_POST['uname']."'",$db);
//query is executed
$info = mysql_fetch_array($check, MYSQL_ASSOC); //mysql_fetch_row($check);
if ($info == 0){
die('<font color="red">That username: '.$_POST['uname'].' doesn\'t exist in our database.</font>');
}//if
// check passwords match
$_POST['passwd'] = stripslashes($_POST['passwd']);
$info['password'] = stripslashes($info['password']);
$_POST['passwd'] = md5($_POST['passwd']); // password is encrypted
//show some statistics
/*echo 'This is the password on the db: '.$info['password']."<br />";
echo 'and this the username: '.$info['username']."<br />";
echo 'This is the given password: '.$_POST['passwd']."<br />";*/
if($_POST['passwd'] != $info['password']) { //password match
die('<font color="red">Incorrect password, please try again.</font>');
}//if
// if we get here username and password are correct, register session variables and set
// last login time.
$date = date('m, d, Y');
//query for the update of the date
$update_login = mysql_query("update users set last_login = '$date' where username = '".$_POST['uname']."'",$db);
$_POST['uname'] = stripslashes($_POST['uname']);
session_start(); //starts the session
$_SESSION['username'] = $_POST['uname'];
$_SESSION['password'] = $_POST['passwd'];
mysql_free_result($update_login);
mysql_close($db);
?>
<h1>Logged in</h1>
<p>Welcome back <?=$_SESSION['username']?>, you are logged in.</p>
<a href="logout.php">click here to logout!!!</a><br />
<?php
}//if submitted form
else { // if form hasn't been submitted
?>
<h1>Login</h1>
<form action="<?=$HTTP_SERVER_VARS['PHP_SELF']?>" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="uname" maxlength="40"></td></tr>
<tr><td>Password:</td><td><input type="password" name="passwd" maxlength="50"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="submit" value="Login"></td></tr>
</table>
</form>
<a href="register.php">register</a> || <a href="logout.php">logout</a>
<?php
}//else
?>
</span>
</body>
</html>
this is the logout script:
logout.php
<html>
<head><title>log out</title>
</head>
<body bgcolor="lightblue">
<span style="position:absolute; top:288px; left:300px;">
<?php
// database connect script.
require("users_db.php");
//als niet ingelogd
if($logged_in == 0) {
die('<font color="red">You are not logged in so you cannot log out !!!</font>');
}//if
// kill session variables
unset($SESSION['username']);
unset($SESSION['password']);
// reset session array
$_SESSION = array();
// destroy session.
session_destroy();
echo 'click <a href="login.php">here</a> to go back to the page<br />';
//redirect to user to a specific location
header("Location: login.php");
?>
</span>
</body>
</html>
