[EmiT FliX]

Hey Again,

So, Logging in works perfectly fine, but, I put in a logout link (for obvious reasons to logout), and now when I click the logout link it doesn't do anything but stay on main.php

Here's my code

<body>
<a href="logout.php">Logout</a>

</body>

And now the logout.php script

<?php
    session_start();
 
    unset($_SESSION['userid']);
    unset($_SESSION['username']);
    header("location: login.php");
?>

Thanks been trying for an hour, so all help appreciated

[modi123_1]

Try throwing an exit right after the header line..

exit();

[EmiT FliX]

Should have said, tried that earlier, doesn't work, tried again making sure I didn't screw up, and no luck loops back to the main.php

[modi123_1]

I typically start the session.. destroy the session.. and then hit back to the home page. Try removing that space after the colon. You don't have any other text echoing out or anything like that before or after?

<?php 
 		session_start();
  		session_destroy(); 
 header("location:default.php");
?>

[EmiT FliX]

Nope nothing, and still no luck.

[modi123_1]

.. and your logout.php is just those seven lines of code? Nothing else?

[EmiT FliX]

Yep because the link links to that...
I'll show you everything...

<?php
        session_start();

        session_destroy();

 header("location:login.php");
exit();
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<link href="style.css" rel="stylesheet" type="text/css" />
</head>

<body>

<a href="logout.php">Logout</a>

</body>
</html>

[modi123_1]

Odd.. well I recommend shutting down any browser you are using.. or if you are using say eclipse environment to run it try running it from your browser on your local machine.. That code works.. I am using that in about three or four different sites.

[EmiT FliX]

I'm running my code through chrome/firefox/IE all sites don't do anything...What have I broke

[EmiT FliX]

I have a theory...this could be a longshot but here we go

The website log's in from the login.php which takes you to main.php what if it can't end the session because once it goes back to login.php it automatically logs you back in taking you to main.php

Yes this may seem crazy because I haven't added anything to rememeber username/password except for the cookie's but even then what's clicking the login button on login.php?

[EmiT FliX]

anyone have any ideas? It's still troubling me...

[smohd]

Here may be we may need to see your login.php, how you check for session there? Do you have something like this may be:

<?php
if (loggedIn()){
  header("Location: main.php");
  exit;
}
//.....

Then how your loggedIn() function is checking for session and if user is loggedin or not? Or may be something similar?
Simply how do you check if user is loggedin or not in a login page so logged in users cant be in a login form?

[EmiT FliX]

<?php

    //login.php

    session_start(); //Start the session

    if(isset($_SESSION['ERRMSG']) && is_array($_SESSION['ERRMSG']) && count($_SESSION['ERRMSG']) >0 ) { //If the error session exists

        $err = "<table>"; //Start a table

        foreach($_SESSION['ERRMSG'] as $msg) { //Get each error

            $err .= "<tr><td>" . $msg . "</td></tr>"; //Write them to a variable
        }
        
       $err .= "</table>"; //Close the table
        unset($_SESSION['ERRMSG']); //Delete the session
    }
?>

<!DOCTYPE html>
<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body text="#999999">
<img src="images/images/login_03_03.gif" alt="no image" class="center" />
<?php 

 include ("config.php");

 //Checks if there is a login cookie

 if(isset($_COOKIE['ID_my_site']))


 //if there is, it logs you in and directes you to the members page

 { 
 	$username = $_COOKIE['ID_my_site']; 

 	$pass = $_COOKIE['Key_my_site'];

 	 	$check = mysql_query("SELECT * FROM userdatabase WHERE username = '$username'")or die(mysql_error());

 	while($info = mysql_fetch_array( $check )) 	

 		{

 		if ($pass != $info['password']) 

 			{

 			 			}

 		else

 			{

 			header("Location: main.php");



 			}

 		}

 }


 //if the login form is submitted 

 if (isset($_POST['submit'])) { // if form has been submitted



 // makes sure they filled it in

 	if(!$_POST['username'] | !$_POST['pass']) {

 		die('You did not fill in a required field.');

 	}

 	// checks it against the database



 	if (!get_magic_quotes_gpc()) {

 		$_POST['email'] = addslashes($_POST['email']);

 	}

 	$check = mysql_query("SELECT * FROM userdatabase WHERE username = '".$_POST['username']."'")or die(mysql_error());



 //Gives error if user dosen't exist

 $check2 = mysql_num_rows($check);

 if ($check2 == 0) {

 		die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');

 				}

 while($info = mysql_fetch_array( $check )) 	

 {

 $_POST['pass'] = stripslashes($_POST['pass']);

 	$info['password'] = stripslashes($info['password']);

 	$_POST['pass'] = md5($_POST['pass']);



 //gives error if the password is wrong

 	if ($_POST['pass'] != $info['password']) {

 		die('Incorrect password, please try again.');

 	}
	
	 else 

 { 

 
 // if login is ok then we add a cookie 

 	 $_POST['username'] = stripslashes($_POST['username']); 

 	 $hour = time() + 3600; 

 setcookie(ID_my_site, $_POST['username'], $hour); 

 setcookie(Key_my_site, $_POST['pass'], $hour);	 

 

 //then redirect them to the members area 

 header("Location: main.php"); 

 } 

 } 

 } 

 else 

{	 

 

 // if they are not logged in 

 ?> 

 <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> 

 <table border="0" id="tb1"> 

 <tr><td colspan=2><h1>Login</h1></td></tr> 

 <tr><td>Username:</td><td> 

 <input type="text" id="username" name="username" maxlength="40"> 

 </td></tr> 

 <tr><td>Password:</td><td> 

 <input type="password" id="pass" name="pass" maxlength="50"> 

 </td></tr> 

 <tr>
   <td colspan="2" align="right"> 

 <input name="submit" type="submit" class="submit" value="&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"> 

 </td></tr> 

 </table> 

</form> 

 <?php 

 } 

 

 ?> 
	


</div>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p><a href="register.php">Register</a></p>
</body>

</html>

THE WHOLE LOGIN.PHP

[smohd]

Thats it, in your logout, you are unsetting all SESSIONS but you didnt timeout cookies. Look at your own comment:

// if login is ok then we add a cookie

Your login form checks the cookies and not sessions to login:

if(isset($_COOKIE['ID_my_site']))


 //if there is, it logs you in and directes you to the members page

 { 
 	$username = $_COOKIE['ID_my_site']; 

 	$pass = $_COOKIE['Key_my_site'];
//............

You will need to reset those cookies when logout.

Another hint, dont check for the submit button, check for the data itself, some browser dont send submit button with the form data:

 if (isset($_POST['submit'])) { // if form has been submitted

[EmiT FliX]

So how can I go about timing out cookies? and changing it up with the submit button?