how to create an automatic logout script in php

Question

im trying to create an auto logout system that will automatically log out of the system when the page is inactive,i am a newbie and when i added code to my login page im getting these warnings

Warning: mysql_query() expects parameter 1 to be string, resource given in C:\xampp\htdocs\how are things\admin panel\login.php on line 80
Warning: mysql_num_rows() expects parameter 1 to be resource, null given in C:\xampp\htdocs\how are things\admin panel\login.php on line 81

the code on line 80 and 81 are these below respectively

  if($no_rows > 0){
                         while($resGetAdmin = mysql_fetch_assoc($rs_user))

this my code i added

    $rs_user= mysql_query($check_login);
                 $no_rows   = mysql_num_rows($rs_user);
                 if($no_rows > 0){
                         while($resGetAdmin = mysql_fetch_assoc($rs_user)){
                          $selQuery="select * from  login where  user_id=".$resGetAdmin['user_id'] ." AND loginDate ='$current_date'";
                          $rgetData= mysql_query($selQuery);
                          $num_login   = getSqlNumber($selQuery);
                          if($num_login==0) {
                          $insQuery= "insert into login (user_id,loginTime,loginDate,count)   values (".$resGetAdmin['user_id'].",'$current_time','$current_date',1)";
                          $login_user= mysql_query($insQuery);
                          $insert_id=mysql_insert_id();
                          $_SESSION['loginTime']=$current_time;
                           }else{
                               $count = mysql_result($rgetData,0,’count’);
                               $count = $count+1;
                               $updateQuery= "update login set loginTime='$current_time' ,loginDate='$current_date' , count ='$count' where user_id=".$resGetAdmin['user_id'] ." AND loginDate='$current_date'";
                               $login_user= mysql_query($updateQuery) or mysql_error();
                               $_SESSION['loginTime']=$current_time;
                                }

                              $_SESSION['user_id']=$resGetAdmin['user_id'];
                              header("Location: index.php");
                                   exit;
                                  }
                            }

this was my original login page before i added the code above

<?php
if(isset($_POST['submit'])){
     $username = $_POST['username'];
     $password =($_POST['password']);
     $hash_password = md5($password);
     $hash_password1 = sha1($hash_password);
     $hash_password2 = crypt($hash_password1,"st");
     $hash_password3 = hash("sha512",$hash_password2);

     $guess = $_POST['captcha'];
     $real = (isset($_SESSION['real'])) ? $_SESSION['real'] : "";
    if (empty($guess))
     { 
         die("Please enter the correct CAPTCHA.<br>");
     } 
if (!empty($guess) && $guess !== $real)
{
    die("Please enter the correct CAPTCHA.<br>");
}
     if(empty($username) or empty($password)){
         echo "<p>fields empty !</p>";
     }
     else {
          $check_login = mysql_query("SELECT id, type FROM users WHERE username='$username' AND password='$hash_password3'");
          if(mysql_num_rows($check_login) == 1) {
             $run = mysql_fetch_array($check_login);
             $user_id = $run['id'];
             $type = $run['type'];
             if($type == 'd'){
                  echo "<p> Your Account is deactivated byt the site admin!</p>";
             } else {
                  $_SESSION['user_id'] = $user_id;
                  header('location: index.php');
             }
          } else {
                  echo "<p> User Name or Password incorrect!</p>";

              }  }
}

?>

i pasted the whole code on the login page but i left the timeout.php page,thanks in advance guys

Please check if you are including your database resources/ connection details in the page where you are running your mysql queries. Plus, you should add `or die(mysql_error())` function at the end of your `mysql_query()` query, so you can get a clearer output of your errors — samayo, May 02 '13 at 18:53
I'm 99,99999% sure that there are problems with the actual queries. When they fail you get this kind of error. — bestprogrammerintheworld, May 02 '13 at 18:53
See http://stackoverflow.com/questions/12769982/reference-what-does-this-error-mean-in-php — Barmar, May 02 '13 at 18:56
@bestprogrammerintheworld it checks if the registered users in the database exists — cleo, May 02 '13 at 18:57
@cleo Don't describe it, show it. The error means you have a syntax error in your SQL, telling us what the query is supposed to do doesn't help us find that error. — Barmar, May 02 '13 at 18:59

score 3 · Accepted Answer · answered May 02 '13 at 18:57

3

There is no need to do this logout by writing your own code. Each session can be configured to last only a certain time. You can set a maximum lifetime.

answered May 02 '13 at 18:57

martinstoeckli

23,430
6
56
87

It's not actually so easy doing this. It is many things to consider. Take a good look at this post: http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes – bestprogrammerintheworld May 02 '13 at 19:13
1

@bestprogrammerintheworld - Thanks for the information, actually i never had to do it myself, but it seemed to answer exactly the question. In every case i would first try to use this configuration, and if necessary write a timestamp into the session, i can't see an advantage in writing to the database. – martinstoeckli May 02 '13 at 19:32
sure, no problem! :-) I haven't hade the problem myself either, but it was something i stumbled upon a few days ago. – bestprogrammerintheworld May 02 '13 at 19:39

bestprogrammerintheworld · Answer 2 · 2013-05-02T19:10:23.153

My bet is:

Line 80:

$rs_user= mysql_query($check_login);

$check_login is NOT a string that contains a query
$rs_user returns false because query fails.

(My guess is that $check_login is a resultset from another query)

*Warning: mysql_query() expects parameter 1 to be string, resource given in C:\xampp\htdocs\how are things\admin panel\login.php on line 80*

Line 81:

$no_rows   = mysql_num_rows($rs_user);

Warning: mysql_num_rows() expects parameter 1 to be resource, null given in C:\xampp\htdocs\how are things\admin panel\login.php on line 81

(mysql is saying that NULL is given and this is because $rs_user returns false (see explanation above for line 80)

how to create an automatic logout script in php

2 Answers2