3

Hey Stackoverflow users,

Since I was able to get some amazing help before with a problem I was stuck on for longer than I could remember I thought I would come at you with this.

Working with a login system that authenticates the user and kills the session off but currently it's not recognizing the variables assigned to the session. After clicking the logout button everything seems like it's working but when doing a direct connect to the Members Page by typing it into the address bar it loads the page instead of redirecting to the login page.

Members.php

<?PHP
session_start();
if (!isset($_SESSION['username'])) {
header('location:login.php');
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>The Animator BETA</title>
<style>
//CSS Has been removed as it's lengthy and unrelated to the issue.
</style>
<!--[if lt IE 9]>

        <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>

    <![endif]-->        

    <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"></script>

<script>

          $(document).ready(function(){

                $('#login-trigger').click(function(){

                    $(this).next('#login-content').slideToggle();

                    $(this).toggleClass('active');                  



                    if ($(this).hasClass('active')) $(this).find('span').html('&#x25B2;')

                        else $(this).find('span').html('&#x25BC;')

                    })

          });

    </script>
</head>
<body>
<header class="cf">

<nav style="text-align:center"><a href="logout.php">Logout</a></nav>

</header>

<h1 style="text-align:center"> The Animator - BETA</h1>
<hr />
<div id="nav" style="text-align:center">
<ul style="text-align:center">

<li><a href= "#" ><strong>Home</strong></a></li>
<strong><li><a href= "industrial.html" >Industrial</a></li>
<li><a href= "educational.html" >Education</a></li>
<li><a href= "independent.html"  >Independent</a></li>
<li><a href= "emergent.html"  >Emergent</a></li>
<li><a href= "team.html" >Team</a></li>
<li><a href= "project.html"  >Project</a></li>
<li><a href= "budget.html" >Budget</a></li>
<li><a href= "profile.html" >Profile</a></li></strong>

</ul>
</div>
<hr />
<div style="padding-left:19%"><input type="text" value="search" />
<input type="button" value="Search!" name="search"/>
</div>
<div>&nbsp;</div>
<div align="center">
<div><img src="logo.png" width="407" height="345" alt="Logo" usemap="sectors" /></div>

</div>
</div>
<map name="sectors">
  <area shape="rect" coords="72,40,194,165" alt="Industrial" href="industrial.html">
  <area shape="rect" coords="210,38,328,162" alt="Emergent" href="emergent.html">
  <area shape="rect" coords="208,178,331,296" alt="Independent" href="independent.html">
    <area shape="rect" coords="71,177,194,295" alt="Educational" href="educational.html">

</map>
<div>&nbsp;</div>
<div style="text-align:right"></div>
<div>&nbsp;</div>   
<div id="footer"> <hr />
  <p><strong><u><a href="about.html">About The Animator</a> | <a href="contact.html">Contact</a> | <a href="privacy.html">Privacy Policy</a> | <a href="faq.html">FAQ</a></u></strong><u></u></p>
</div>
</body>
</html>

LOGIN PAGE

<?php

error_reporting(E_ALL);
ini_set('display_errors',"On");

include ('database_connection.php');
if (isset($_POST['formsubmitted'])) {
    // Initialize a session:
session_start();
    $error = array();//this aaray will store all error messages


    if (empty($_POST['e-mail'])) {//if the email supplied is empty 
        $error[] = 'You forgot to enter  your Email ';
    } else {


        if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['e-mail'])) {

            $Email = $_POST['e-mail'];
        } else {
             $error[] = 'Your Email Address is invalid  ';
        }


    }


    if (empty($_POST['Password'])) {
        $error[] = 'Please Enter Your Password ';
    } else {
        $Password = $_POST['Password'];
    }


       if (empty($error))//if the array is empty , it means no error found
    { 



        $query_check_credentials = "SELECT * FROM account WHERE (email='$Email' AND passwords='$Password')";



        $result_check_credentials = mysqli_query($dbc, $query_check_credentials);
        if(!$result_check_credentials){//If the QUery Failed 
            echo 'Query Failed ';
        }

        if (@mysqli_num_rows($result_check_credentials) == 1)//if Query is successfull 
        { // A match was made.





            $_SESSION = mysqli_fetch_array($result_check_credentials, MYSQLI_ASSOC);//Assign the result of this query to SESSION Global Variable

            $_SESSION['email'] = $Email; 

           session_start("username");

            header("Location: members.php");



        }else
        { 

            $msg_error= 'Either Your Account is inactive or Email address /Password is Incorrect';
        }

    }  else {



echo '<div class="errormsgbox"> <ol>';
        foreach ($error as $key => $values) {

            echo '  <li>'.$values.'</li>';



        }
        echo '</ol></div>';

    }


    if(isset($msg_error)){

        echo '<div class="warning">'.$msg_error.' </div>';
    }
    /// var_dump($error);
    mysqli_close($dbc);

} // End of the main Submit conditional.



?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Form</title>





<style type="text/css">
body {
    font-family:"Lucida Grande", "Lucida Sans Unicode", Verdana, Arial, Helvetica, sans-serif;
    font-size:12px;
}
.registration_form {
    margin:0 auto;
    width:500px;
    padding:14px;
}
label {
    width: 10em;
    float: left;
    margin-right: 0.5em;
    display: block
}
.submit {
    float:right;
}
fieldset {
    background:#EBF4FB none repeat scroll 0 0;
    border:2px solid #B7DDF2;
    width: 500px;
}
legend {
    color: #fff;
    background: #80D3E2;
    border: 1px solid #781351;
    padding: 2px 6px
}
.elements {
    padding:10px;
}
p {
    border-bottom:1px solid #B7DDF2;
    color:#666666;
    font-size:11px;
    margin-bottom:20px;
    padding-bottom:10px;
}
a{
    color:#0099FF;
font-weight:bold;
}

/* Box Style */


 .success, .warning, .errormsgbox, .validation {
    border: 1px solid;
    margin: 0 auto;
    padding:10px 5px 10px 60px;
    background-repeat: no-repeat;
    background-position: 10px center;
     font-weight:bold;
     width:450px;

}

.success {

    color: #4F8A10;
    background-color: #DFF2BF;
    background-image:url('images/success.png');
}
.warning {

    color: #9F6000;
    background-color: #FEEFB3;
    background-image: url('images/warning.png');
}
.errormsgbox {

    color: #D8000C;
    background-color: #FFBABA;
    background-image: url('images/error.png');

}
.validation {

    color: #D63301;
    background-color: #FFCCBA;
    background-image: url('images/error.png');
}



</style>

</head>
<body>


<form action="login.php" method="post" class="registration_form">
  <fieldset>
    <legend>Login Form  </legend>

    <p>Enter Your username and Password Below  </p>

    <div class="elements">
      <label for="name">Email :</label>
      <input type="text" id="e-mail" name="e-mail" size="25" />
    </div>

    <div class="elements">
      <label for="Password">Password:</label>
      <input type="password" id="Password" name="Password" size="25" />
    </div>
    <div class="submit">
     <input type="hidden" name="formsubmitted" value="TRUE" />
      <input type="submit" value="Login" />
    </div>
  </fieldset>
</form>
<button onclick="window.location='theanimator.html';">Go Back!</button>
</body>
</html>

LOGOUT

<?php
unset($_SESSION['email']);
header('Location: login.php');
exit;
?>
Zach Harvey
  • 71
  • 1
  • 10

1 Answers1

3

your logout page has to be this:

<?php

//start the session
session_start();
//this will destroy the session that is started
session_destroy();
header('Location: login.php');
exit;
?>

The problem was, you didn't destroy the session so the session exist when you go back to page.

Also you where looking checking on $_SESSION['username'] but you unset $_SESSION['email'] that is never going to work.

Perry
  • 11,172
  • 2
  • 27
  • 37
  • Unfortunately this doesn't work. The members page shouldn't load after clicking the logout button if directly loaded to it. – Zach Harvey Jun 08 '13 at 13:44
  • Still no. Even using unset $_SESSSION['username'] is not working for the members page – Zach Harvey Jun 08 '13 at 13:50
  • What happens if you delete this: `session_start("username");` You don't need that because the session is already started – Perry Jun 08 '13 at 13:52
  • I was thinking that but that session is going to be needed later on the profile page where that is used to compare results from a sql database to match a username with an email + name + password, etc. – Zach Harvey Jun 08 '13 at 13:55
  • you can use the session you started at the begin of you script on every page you like just by using `session_start();` You don't need to start a new session. You can compare the values with the database just by calling `$_SESSION['youParamterName']` – Perry Jun 08 '13 at 14:00
  • Thank you so much for the quick responses! But when comparing on the members pages how would that be done now? Just compare for the blank session? ` ` – Zach Harvey Jun 08 '13 at 14:04
  • You have to check against `$_SESSION['email']` that should work. – Perry Jun 08 '13 at 14:06
  • Once again this didn't work. I don't understand why it's not recognizing the session being destroyed. I really do appreciate the help so far Perry! – Zach Harvey Jun 08 '13 at 14:11
  • 1
    I see now that we didn't start the session lols. Add `session_start();` before `session_destroy` see also the edit in the answer. Now it should work :) – Perry Jun 08 '13 at 14:15
  • I can't believe I spent over 8 hours on such a little issue. Damn you Sessions Damn you. I can't begin to thank you for your help Perry! Marked as the answer I can't believe how simple! Thank you so much once again! – Zach Harvey Jun 08 '13 at 14:35
  • Hehe no problem! It took me also about 30 minutes to see it :) BTW thanks for accepting the answer – Perry Jun 08 '13 at 14:38
  • Also Perry I wish I could upvote this one as well. Thanks to you explaining the $_SESSION['anything I want'] I can't believe how easy the profile page is going to be to gather together. I can't begin to thank you! Thank you for taking time out on a Saturday to help a fellow programmer! – Zach Harvey Jun 08 '13 at 14:42
  • Helped me capture my problem with my logout script. I spent a day debugging my sessions. – Matt Dathew Jul 17 '15 at 17:24