4

In the login.php i check if everething is ok and if its i creat the session and redirect the user

 $success = $dbh->prepare("SELECT UserId FROM users WHERE username =:username 
AND password=:password");
    $success->bindParam(':username', $username);
    $success->bindParam(':password', $password);
    $success->execute();
    $rowSuccess = $success->fetch();
    $user_id = $rowSuccess['userid'];

    $_SESSION['user_id'] = $user_id;
    $_SESSION['loggedIn'] = 1;

So how to destroy the user session when i delete him if he is still logged in

Ben
  • 1,906
  • 10
  • 31
  • 47

3 Answers3

3

As soon as you call on session_destroy() your $_SESSION['user_id'] and $_SESSION['loggedIn'] will cease to exist. So when the user refreshes the page, have an if condition to check for the userId and call

 if(!isset($_SESSION['userId'])) { //if the session variable for this doesn't userId exist

   print "Sorry, no recognized account";   
 }

EDIT:

This sounds more like an AJAX solution since you wanna do some action immediately when the user is deleted. In your JavaScript set up an ajax request that calls the PHP script performing this delete action. Then, when the action is completed, alert the user and take him/her to a different page using window.location. To summarize

  $.ajax({
 url:"deleteUser.php",
 cache:false,
 success:function(data){
       alert("Sorry you have been deleted. Re-routing to home page");
               window.location="homepage.php";
       }       
});
jmishra
  • 2,086
  • 2
  • 24
  • 38
  • I think Marian was asking what to do, when user is logged in, and he delete that user from database ;) – Slawek Mar 04 '12 at 23:54
  • Then this is more of a asynchronous process. Have an AJAX request that checks for the deleted action and alerts the user that he/she was just deleted. – jmishra Mar 04 '12 at 23:56
  • The ajax wont work because if i redirect him with window.location to the home page still session is not delete. In the login.php i check if the session exit because i dont want already logged in user to log in again. – Ben Mar 05 '12 at 00:08
  • I see. Leave out the AJAX request then but `session_destroy()` should help you anyway – jmishra Mar 05 '12 at 00:09
  • I dont get it.. i mean let say i'm user with id=55 and i delete users with id = 76,95,443 ... and if i use session_destroy() it will destroy my session not theres,right ? – Ben Mar 05 '12 at 00:12
  • no, session_destroy() kills all the data associated with current user session on a different machine. It wouldn't kill yours at any chance. – jmishra Mar 05 '12 at 00:17
1

You can fetch user data from database on every request, if user doesn't exist or is inactive you can destroy session.

Slawek
  • 583
  • 3
  • 9
0

It sounds like session_destroy() is what you may want.

Note this from the session_destroy() docs, though:

In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

Trott
  • 66,479
  • 23
  • 173
  • 212