Cookies not deleting after logout

thegreatdanton

Hi, i have a php script which allows users to register on my site as well as login using their username and password. I'm having a problem with deleting the cookies after the user logs out from the session. For example, Brian logs in using his username and password. Once logged in a screen appears showing "Welcome Brian" on the screen. Brian now logs off and a screen appears saying that the log-off has been successful. Dave then logs in using his own username and password. After logging in a screen appears, however it still says "Welcome Brian" on the screen. Dave refreshes the page and the "Welcome Brian" now changes to "Welcome Dave". So it's obvious that the cookies aren't deleting properly after logging out. I'm just wondering if anyone can help with deleting the cookies after logging out. Here is the code that i am using:

This is the logout.php code

<?
/*
# File: logout.php
# Script Name: vSignup 2.5
# Author: Vincent Ryan Ong
# Email: support@beanbug.net
#
# Description:
# vSignup is a member registration script which utilizes vAuthenticate
# for its security handling. This handy script features email verification,
# sending confirmation email message, restricting email domains that are 
# allowed for membership, and much more.
#
# This script is a freeware but if you want to give donations,
# please send your checks (coz cash will probably be stolen in the
# post office) to:
#
# Vincent Ryan Ong
# Rm. 440 Wellington Bldg.
# 655 Condesa St. Binondo, Manila
# Philippines, 1006
*/
	// Destroy Sessions
	setcookie ("USERNAME", "", time() - 3600);
	setcookie ("PASSWORD", "", time() - 3600);
	include_once ("authconfig.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Welcome to...</title>

<link rel="stylesheet" href="main.css" type="text/css" media="all" />
<link href="validate.css" rel="stylesheet" type="text/css" />
<link href="roundedcorners.css" rel="stylesheet" type="text/css" />

<script type="text/javascript" src="mootools.js"></script>
<script type="text/javascript" src="textResizeDetector.js"></script>
<script type="text/javascript" src="roundedcorners.js"></script>
<script type="text/javascript" src="imageMenu.js"></script>
<script type="text/javascript" src="validate.js"></script>
<script type="text/javascript" src="date-en-GB.js"></script>

</head>

<body>

<div id="container">

<div id="header">
	<img class="head" src="best.png" />
	<img src = "....png" />


	<img class="bar" src = "hrbar.png" /></div>
		<div id="imageMenu">
		<ul>
			<li class="landscapes"><a href="index.htm">Landscapes</a></li>
			<li class="people"><a href="about.html">People</a></li>
			<li class="nature"><a href="makerequest.html">Nature</a></li>
			<li class="urban"><a href="viewreq.html">Urban</a></li>
			<li class="abstract"><a href="viewhotels.html">Abstract</a></li>
		</ul>
	</div>

	<script type="text/javascript">

		window.addEvent('domready', function(){
			var myMenu = new ImageMenu($$('#imageMenu a'),{openWidth:310, border:2});
		});

	</script>
	<div id="maindiv">
	<p class="welcome">You have successfully logged off.
	Click <a href="<? echo $login; ?>">here</a> to log back in.</p>
	</div>		
	<img class="bar2" src = "hrbar2.png" />
	<table id="footer">	
	<tr>
	<p class="footer"> 
	<td class="footer"><a class="footer" href="contact.html">Contact us</a></td>
    <td class="footer"><a class="footer" href="T&C.html">Terms & Conditions</a></td>
    <td class="footer"><a class="footer" href="Privpol.html">Privacy Policy</a></td>
	<td class="footer"><a class="footer" href="Sitemap.html">Site Map</a></td>

    </p>	
	</tr>	

	</table>
</div>
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-3333085-1");
pageTracker._initData();
pageTracker._trackPageview();
</script>
</body>
</html>

This is the Vauthenticate code

<?
/*
# File: vAuthenticate.php
# Script Name: vAuthenticate 3.0.1
# Author: Vincent Ryan Ong
# Email: support@beanbug.net
#
# Description:
# vAuthenticate is a revolutionary authentication script which uses
# PHP and MySQL for lightning fast processing. vAuthenticate comes 
# with an admin interface where webmasters and administrators can
# create new user accounts, new user groups, activate/inactivate 
# groups or individual accounts, set user level, etc. This may be
# used to protect files for member-only areas. vAuthenticate 
# uses a custom class to handle the bulk of insertion, updates, and
# deletion of data. This class can also be used for other applications
# which needs user authentication.
#
# This script is a freeware but if you want to give donations,
# please send your checks (coz cash will probably be stolen in the
# post office) to:
#
# Vincent Ryan Ong
# Rm. 440 Wellington Bldg.
# 655 Condesa St. Binondo, Manila
# Philippines, 1006
*/

// Start Code

// Use Sessions
// NOTE: This will store the username and password entered by the user to the cookie
// variables USERNAME and PASSWORD respectively even if the combination is correct or
// not. Be sure to authenticate every page that you want to be secured and pass as 
// parameters the variables USERNAME and PASSWORD.
setcookie ("USERNAME", $_POST['username'],0,'/');
setcookie ("PASSWORD", $_POST['password'],0,'/');

// Change the path to auth.php and authconfig.php if you moved
// vAuthenticate.php from its original directory.
include_once ("auth.php");
include_once ("authconfig.php");

$username =  $_POST['username'];
$password =  $_POST['password'];

$Auth = new auth();
$detail = $Auth->authenticate($username, $password);

if ($detail==0)
{
?><HEAD>
	<SCRIPT language="JavaScript1.1">
	<!--
		location.replace("<? echo $failure; ?>");
	//-->
	</SCRIPT>
  </HEAD>
<?
}
elseif ($detail['team'] == "Admin") {
?><HEAD>
	<SCRIPT language="JavaScript1.1">
	<!--
		location.replace("<? echo $admin; ?>");
	//-->
	</SCRIPT>
  </HEAD>
<?
}
else 
{
?><HEAD>
	<SCRIPT language="JavaScript1.1">
	<!--
		location.replace("<? echo $success; ?>");
	//-->
	</SCRIPT>
  </HEAD>
<?
  }
?>

CoderDan

I think it'll depend on the auth includes. I suspect they use sessions also, and you'll need to unset the session values to finish logging a user out, but I can't say for sure without seeing the relevant code.

thegreatdanton

Hi Coderdan,

thanks for getting back to me. Here is the auth.php code:

<?php
class auth{
		var $HOST = "...";	// Change this to the proper DB HOST
	var $USERNAME = "...";	// Change this to the proper DB USERNAME
	var $PASSWORD = "...";	// Change this to the proper DB USER PASSWORD
	var $DBNAME = "...";	// Change this to the proper DB NAME

function authenticate($username, $password) {


	// Check for apostrophe in $username to avoid SQL injection
	if (ereg("'", $username)) 
	{
		return "invalid username";
	}

	// Check for apostrophe in $password to avoid SQL injection
	if (ereg("'", $password)) 
	{
		return "invalid password";
	}

	$query = "SELECT * FROM authuser WHERE uname='$username' AND passwd=MD5('$password') AND status <> 'inactive'";

    $UpdateRecords = "UPDATE authuser SET lastlogin = NOW(), logincount = logincount + 1 WHERE uname='$username'";
	$connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD);

	$SelectedDB = mysql_select_db($this->DBNAME);
	$result = mysql_query($query); 

	$numrows = mysql_num_rows($result);
	$row = mysql_fetch_array($result);




	if ($numrows == 0) {
		return 0;
	}
    /*
    elseif ($row["level"]==1) {  // ADMIN LOGIN
		$Update = mysql_query($UpdateRecords);
		return 1;
	}
    */
	else {
		$Update = mysql_query($UpdateRecords);
		return $row;
	}
} 




function page_check($username, $password) {


	// Check for apostrophe in $username to avoid SQL injection
	if (ereg("'", $username)) 
	{
		return "invalid username";
	}

	// Check for apostrophe in $password to avoid SQL injection
	if (ereg("'", $password)) 
	{
		return "invalid password";
	}

	$query = "SELECT * FROM authuser WHERE uname='$username' AND passwd=MD5('$password') AND status <> 'inactive'";

    $connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD);

	$SelectedDB = mysql_select_db($this->DBNAME);
	$result = mysql_query($query); 

	$numrows = mysql_num_rows($result);
	$row = mysql_fetch_array($result);

	// CHECK IF THERE ARE RESULTS
	// Logic: If the number of rows of the resulting recordset is 0, that means that no
	// match was found. Meaning, wrong username-password combination.
	if ($numrows == 0) {
		return false;
	}
	else {
		return $row;
	}
} // End: function page_check


	if (!get_magic_quotes_gpc()) 
	{
		$username = addslashes($username);
		$password = addslashes($password);
		$team = addslashes($team);
		$level = addslashes($level);
		$status = addslashes($status);
	}
	*/

    // If $password is blank, make no changes to the current password
    if (trim($password == ''))
    {
        $qUpdate = "UPDATE authuser SET team='$team', level='$level', status='$status' WHERE uname='$username'";
    }
    else
    {
        $qUpdate = "UPDATE authuser SET passwd=MD5('$password'), team='$team', level='$level', status='$status'
				    WHERE uname='$username'";
    }

	// Check for apostrophe in $password to avoid SQL injection
	if (ereg("'", $password)) 
	{
		return "invalid password";
	}

	if (trim($level)=="") {
		return "blank level";
	}
	elseif (($username=="sa" AND $status=="inactive")) {
		return "sa cannot be inactivated";
	}
	elseif (($username=="admin" AND $status=="inactive")) {
		return "admin cannot be inactivated";
	}
	else {
		$connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD);
		$SelectedDB = mysql_select_db($this->DBNAME);
		$result = mysql_query($qUpdate); 
		return 1;
	}

} // End: function modify_user

// DELETE USERS
function delete_user($username) {

	// Add slashes to prevent SQL Injection
	// However, we trust that we don't need to do this checking for the admin
	// That's why the code snippet below is commented out
	/*   	
	if (!get_magic_quotes_gpc()) 
	{
		$username = addslashes($username);
	}
	*/

	$qDelete = "DELETE FROM  authuser WHERE uname='$username'";	

	if ($username == "sa") {
		return "User sa cannot be deleted.";
	}
	elseif ($username == "admin") {
		return "User admin cannot be deleted.";
	}
	elseif ($username == "test") {
		return "User test cannot be deleted.";
	}

	$connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD);

	$SelectedDB = mysql_select_db($this->DBNAME);
	$result = mysql_query($qDelete); 

	return mysql_error();

} // End: function delete_user

// ADD USERS
function add_user($username, $password, $team, $level, $status) {

	// Add slashes to prevent SQL Injection
	// However, we trust that we don't need to do this checking for the admin
	// That's why the code snippet below is commented out
	/*   	
	if (!get_magic_quotes_gpc()) 
	{
		$username = addslashes($username);
		$password = addslashes($password);
		$team = addslashes($team);
		$level = addslashes($level);
		$status = addslashes($status);
	}
	*/

	$qUserExists = "SELECT * FROM authuser WHERE uname='$username'";
	$qInsertUser = "INSERT INTO authuser(uname, passwd, team, level, status, lastlogin, logincount)
			  			   VALUES ('$username', MD5('$password'), '$team', '$level', '$status', '', 0)";

	$connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD);

	// Check if all fields are filled up
	if (trim($username) == "") { 
		return "blank username";
	}
	// password check added 09-19-2003
	elseif (trim($password) == "") {
		return "blank password";
	}
	elseif (trim($level) == "") {
		return "blank level";
	}

	// Check for apostrophe in $username to avoid SQL injection
	if (ereg("'", $username)) 
	{
		return "invalid username";
	}

	// Check for apostrophe in $password to avoid SQL injection
	if (ereg("'", $password)) 
	{
		return "invalid password";
	}

	// Check if user exists
	$SelectedDB = mysql_select_db($this->DBNAME);
	$user_exists = mysql_query($qUserExists); 

	if (mysql_num_rows($user_exists) > 0) {
		return "username exists";
	}
	else {
		// Add user to DB			
		// OLD CODE - DO NOT REMOVE
		// $result = mysql_db_query($this->DBNAME, $qInsertUser);

		// REVISED CODE
		$SelectedDB = mysql_select_db($this->DBNAME);
		$result = mysql_query($qInsertUser); 
		return mysql_affected_rows();
	}
} // End: function add_user

// ADD TEAM
function add_team($teamname, $teamlead, $status="active") {
	$qGroupExists = "SELECT * FROM authteam WHERE teamname='$teamname'";
	$qInsertGroup = "INSERT INTO authteam(teamname, teamlead, status) 
			  			   VALUES ('$teamname', '$teamlead', '$status')";

	$connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD);

	// Check if all fields are filled up
	if (trim($teamname) == "") { 
		return "blank team name";
	}

	// Check if group exists
	// OLD CODE - DO NOT REMOVE
	// $group_exists = mysql_db_query($this->DBNAME, $qGroupExists);

	// REVISED CODE
	$SelectedDB = mysql_select_db($this->DBNAME);
	$group_exists = mysql_query($qGroupExists); 

	if (mysql_num_rows($group_exists) > 0) {
		return "group exists";
	}
	else {
		// Add user to DB
		// OLD CODE - DO NOT REMOVE
		// $result = mysql_db_query($this->DBNAME, $qInsertGroup);

		// REVISED CODE
		$SelectedDB = mysql_select_db($this->DBNAME);
		$result = mysql_query($qInsertGroup); 

		return mysql_affected_rows();
	}
} // End: function add_group

// MODIFY TEAM
function modify_team($teamname, $teamlead, $status) {
	$qUpdate = "UPDATE authteam SET teamlead='$teamlead', status='$status'
				WHERE teamname='$teamname'";
	$qUserStatus = "UPDATE authuser SET status='$status' WHERE team='$teamname'";

	if ($teamname == "Admin" AND $status=="inactive") {
		return "Admin team cannot be inactivated.";
	}
	elseif ($teamname == "Ungrouped" AND $status=="inactive") {
		return "Ungrouped team cannot be inactivated.";
	}
	else {		
		$connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD);

		// UPDATE STATUS IF STATUS OF TEAM IS INACTIVATED
		// OLD CODE - DO NOT REMOVE
		//$userresult = mysql_db_query($this->DBNAME, $qUserStatus);

		// REVISED CODE
		$SelectedDB = mysql_select_db($this->DBNAME);
		$userresult = mysql_query($qUserStatus); 

		// OLD CODE - DO NOT REMOVE
		// $result = mysql_db_query($this->DBNAME, $qUpdate);

		// REVISED CODE
		$result = mysql_query($qUpdate); 

		return 1;
	}

} // End: function modify_team

// DELETE TEAM
function delete_team($teamname) {
	$qDelete = "DELETE FROM authteam WHERE teamname='$teamname'";
	$qUpdateUser = "UPDATE authuser SET team='Ungrouped' WHERE team='$teamname'";	

	if ($teamname == "Admin") {
		return "Admin team cannot be deleted.";
	}
	elseif ($teamname == "Ungrouped") {
		return "Ungrouped team cannot be deleted.";
	}
	elseif ($teamname == "Temporary") {
		return "Temporary team cannot be deleted.";
	}

	$connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD);
	// OLD CODE - DO NOTE REMOVE
	// $result = mysql_db_query($this->DBNAME, $qUpdateUser);

	// REVISED CODE
	$SelectedDB = mysql_select_db($this->DBNAME);
	$result = mysql_query($qUpdateUser); 

	// OLD CODE - DO NOT REMOVE
	// $result = mysql_db_query($this->DBNAME, $qDelete);

	// REVISED CODE
	$result = mysql_query($qDelete); 

	return mysql_error();

} // End: function delete_team


} // End: class auth
?>

CoderDan

A couple of things:
Firstly: I don't see where the cookie is used to recognize the user, is there more code not shown here? (or am I blind? that's also possible - need more coffee if so.)
Secondly: apostrophes in passwords shouldn't be a problem for you, as you MD5 the password - cant inject there., and if you want to allow apostrophes in usernames, that's also fine, just use mysql_real_escape_string on string arguments to prevent injection - more reliable and more flexible.