0

I am trying to create a logout page using session_destroy() but all i get is a blank page.

This is my code about logging in(I assume the problem has to be somewhere here but i am a beginner at this).

What i thought it will work is creating a session for the username since it is used at isset() but apparently its not working.

 <?php
 session_start();
 $dbhost = "";
 $dbuser = "";
 $dbpassword = '';
 $db= 'system_dev';

 mysql_connect($dbhost,$dbuser,$dbpassword);
 mysql_select_db($db);



include 'test.php';
if (isset($_POST['username'] )) {
$username=$_POST['username'];
$password=$_POST['password'];

$_SESSION['username']=$username;

$sql ="Select * FROM Company WHERE username='".$username."'AND password = '".$password."'LIMIT 1";
$sqlid = "Select CompanyId FROM Company WHERE username='".$username."'";




$result = mysql_query($sql);
$resultid= mysql_query($sqlid) or die('Query failed: '. mysql_error());
while ($row =mysql_fetch_array($resultid,MYSQL_ASSOC) ) {
    echo "<tr>\n";
    foreach ($row as $col_value){
        echo  "$col_value\n";
    }
}
$company = mysql_free_result($resultid);
$_SESSION['CompanyId'] = $col_value;
}


if ( mysql_num_rows ($result)==1){

header ("Location: webdesign.php");

exit(); 

}
else {

echo "Invalid input";
exit(); 

}

?>

On the code of "logout.php" I have only written this:

 <?php
 session_start();
 session_destroy();
 header ("website.php");
 ?>

Thanks in advance and sorry if the answer is not how it should be. I have read the rules but this is the 2nd post so far. I believe i will get better someday :)

Fisnik Hajredini
  • 111
  • 5
  • 13
  • This: `if ( mysql_num_rows ($result)==1){ header ("Location: webdesign.php"); exit(); }` won't work - you're echoing data to the screen above it - `header()` must be called before any output is sent to the browser. – scrowler Apr 23 '15 at 22:08
  • why do you have 2 `session_start();`? – Sean Apr 23 '15 at 22:09
  • i just merged two different files so the code can be easily understood and i forgot one of the session start. editing it now! – Fisnik Hajredini Apr 23 '15 at 22:11
  • both query's query the same table, so why not use just 1 query? – Sean Apr 23 '15 at 22:14
  • if you are getting a blank page, it means you have errors in your code. Turn php error reporting on - place `error_reporting(E_ALL); ini_set('display_errors', '1');` at the top of your code. – Sean Apr 23 '15 at 22:18
  • Didnt notice that i am missing `Location:` Thanks a lot. Problem solved – Fisnik Hajredini Apr 23 '15 at 22:26
  • Although it is not directly related to your answer, I feel it is important to mention that `mysql_query` should not be used (at least not the way you use it). See [another question](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) and consider using PDO (it is quite easy though). – Jan Legner Apr 23 '15 at 23:02

2 Answers2

0

You should use Location in your header argument like header("Location: page.php"); you can place this header after you destroyed the session, that should not give any problems.

Dorco
  • 16
  • 1
0

As Dorco said:

You should use Location in your header

So the logout function should looks like this:

session_destroy();
session_regenerate_id(TRUE);
header("Location: login.php");
die();

And I strongly suggest you, so not simply insert the post value into the SQL query. That will cause a SQL injection. Use prepare statement instead. PHP: Prepared Statement

Shiji.J
  • 1,561
  • 2
  • 17
  • 31