-1

I'm currently doing a simple project to make login and logout page in navbar but i can't change login link to logout in my homepage after logging in. Also I wrote these codes by youtube tutorials since i haven't learned php much. Here's my login.php file:

<?php
require('db.php');
// If form submitted, insert values into the database.
if (isset($_POST['username'])){
    // removes backslashes
    $username = stripslashes($_REQUEST['username']);
    //escapes special characters in a string
    $username = mysqli_real_escape_string($con,$username);
    $password = stripslashes($_REQUEST['password']);
    $password = mysqli_real_escape_string($con,$password);
    //Checking is user existing in the database or not
    $query = "SELECT * FROM `users` 
                WHERE username='$username'
                and password='".md5($password)."'";
    $result = mysqli_query($con,$query) or die(mysql_error());
    $rows = mysqli_num_rows($result);
        if($rows==1){
            $_SESSION['username'] = $username;
            // Redirect user to home page
            header("Location: finalproject.php");
            exit();
        }else{
            echo "<div class='form'>
                    <h3>Username/password is incorrect.</h3>
                    <br/>Click here to <a href='login.php'>Login</a></div>";
        }
}else{
?>
<div class="form">
<h1>Log In</h1>
<form action="" method="post" name="login">
<input type="text" name="username" placeholder="Username" required />
<input type="password" name="password" placeholder="Password" required />
<input name="submit" type="submit" value="Login" />
</form>
<p>Not registered yet? <a href='registration.php'>Register Here</a></p>
</div>

<?php 
} 
?>

Here's my logout.php file:

<?php
session_start();
// Destroying All Sessions
if(session_destroy())
{
// Redirecting To Home Page
header("Location: finalproject.php");
exit();
 }
?>

finalproject.php is my homepage where i want to change navlink from login to logout. Here's the nav link tags:

    <li class="nav-item">
       <a class="nav-link" href="login.php">Login</a></li>

I tried changing this line to:

<li class="nav-item">
<?php 
if(!isset($_SESSION['logged_in'])){?>
    <a class="nav-link"><a href="login.php">Login</a></p> 
<?php 
} else {
?> 
    <a class="nav-link"><a href="logout.php">Logout</a></p> 
<?php 
} 
?>
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Fatima
  • 49
  • 5
  • Your script is open to [SQL Injection Attack](http://stackoverflow.com/questions/60174). Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187) You should always use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's instead of concatenating user provided values into the query. Never trust ANY user input! This will also remove the unescaped character issue like a `'` in a text string like `O'Neal'. – RiggsFolly Apr 25 '23 at 16:38
  • Please dont __roll your own__ password hashing, specially not using `MD5()` or `SHA1()`. PHP provides [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) please use them for the safety of your users. – RiggsFolly Apr 25 '23 at 16:38
  • See the [accepted answer here](https://stackoverflow.com/a/36628423/2310830) and dont fiddle with the users password – RiggsFolly Apr 25 '23 at 16:39
  • Good code indentation and layout ___is for life, not just for Christmas___ and would help us read the code and more importantly it will help **you debug your code** [Take a quick look at a coding standard](https://www.php-fig.org/psr/psr-12/) for your own benefit. You may be asked to amend this code in a few weeks/months and you will thank me in the end. – RiggsFolly Apr 25 '23 at 16:41
  • I dont see you doing a `start_session()` anywhere in this code. You have to do that in EVERY script that want access to the $_SESSION array. Best to do it in EVERY script regardless of whether you will use it or not – RiggsFolly Apr 25 '23 at 16:44
  • Oh thanks i didn't knew any of this as i'm basically a newbie in php. But could you point out in my code where should i replace password_hash() with, that would be really helpful. Also i did start_session() in every php file, i just didn't mention here. Thanks a lot again. – Fatima Apr 25 '23 at 23:15
  • 1
    SImply `Login` should be ONE anchor tag with multiple attributes `Login` So this is really a TYPO – RiggsFolly Apr 26 '23 at 11:02

1 Answers1

1
<li class="nav-item">
    <li>
       <?php if (isset($_SESSION["username"])): ?>
         <a href="logout.php">Logout</a>
       <?php else: ?>
         <a href="login.php">Login</a>
       <?php endif; ?>
    </li>
</li>
Coreus
  • 5,360
  • 3
  • 35
  • 50
Jess163
  • 38
  • 4
  • **Good answers** will always have an explanation of what was done and why it was done that way, not only for the OP but for future visitors to SO that may find this question and be reading your answer. If it is well answered maybe they will UpVote it. – RiggsFolly Apr 26 '23 at 10:59