PHP Login system isn't working
When you click 'logout' you stay logged in. The php is displayed below.
// logout.php
<?php
$_SESSION = array();
session_destroy();
unset($_SESSION);
header("Location: index.php");
exit;
?>
// login.php
<?php
require("connect.php");
session_start();
?>
<html>
<head>
<title>Blanco [Martijn]</title>
<link rel="stylesheet" style="text/css" href="css/style.css" />
</head>
<body>
<div class="login" align="left">
<p class="login">
<h3>Login</h3>
<?php
if(!isset($_SESSION)){
unset($_SESSION);
session_destroy();
if(!isset($_SESSION) || $_SESSION['lastActive'] <time()-60*15){
if(empty($_POST['loginNaam'])){
echo"<font color='red'>You didn't fill in a name!</font>";
}
elseif (empty($_POST['loginPass'])){
echo"<font color='red'>You didn't开发者_开发问答 fill in a password!</font>";
} else {
$sLid = mysql_query("SELECT id,naam FROM members
WHERE naam='".$_POST['loginNaam']."' AND wachtwoord='".md5($_POST['loginPass'])."'
LIMIT 1") or die(mysql_error());
if(mysql_num_rows($sLid)==0){
echo"<font color='red'>The entered data is incorrect!</font>";
} else {
$fLid = mysql_fetch_assoc($sLid);
$_SESSION['user_id'] = $fLid['id'];
$_SESSION['user_naam'] = $fLid['naam'];
$_SESSION['lastActive'] = time();
header("Location: index.php");
exit;
}
}
}
?>
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
username<br /> <input type="text" name="loginNaam" /><br>
password<br /> <input type="password" name="loginPass" /><br>
<input type="submit" name="loginSubmit" value="login" />
</form>
<span class="aright"><a href="reg.php">register</a></span></p>
</p>
<?php
} else {
$_SESSION['lastActive'] = time();
$sInfo = mysql_query("SELECT id,naam,mail FROM members
WHERE id=".$_SESSION['user_id']." LIMIT 1") or die(mysql_error());
$fInfo = mysql_fetch_assoc($sInfo);
?>
Welcome,
<?php
if ($fInfo['naam'] == "admin") {
?>
<font color="red"><?php echo $fInfo['naam'];?>!</font>
<?php
} else {
echo $fInfo['naam'];
}
?>
</p>
<span class="logout"><a href="logout.php">< logout</a> | <a href="#">control panel ></a></span></p>
<?php
}
?>
</div>
</body>
Any help?
You still need to call session_start() in your logout.php before you can perform any session related activities.
It may be that you are calling session_destroy() without having started the session.
From the docs:
session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.
So, until you start the session, there is no "current session"
Take a look at their example logout script:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
加载中,请稍侯......
精彩评论