I have created a page as index.php and added the code for login. It is working fine for me but when I click on logout button it is refreshing the page and if I am entering URL directly like localhost/sample/testing.php
it's opening if I am not logged as well. User cannot access any page until he is logged in. Here is the code which I have Written. I have used static data to login because there is no database.
Index.php
<?php
session_start();
$userinfo = array(
'user1'=>'password1',
'user2'=>'password2'
);
if(isset($_GET['logout'])) {
$_SESSION['username'] = '';
header('Location: ' . $_SERVER['PHP_SELF']);
}
if(isset($_POST['username'])) {
if($userinfo[$_POST['username']] == $_POST['password']) {
$_SESSION['username'] = $_POST['username'];
header("Location: dashboard.php");
}else {
header("Location: index.php");
}
}
?>
Sidebar.php
<?php if($_SESSION['username']): ?>
<ul>
<li class="dropdown profile_details_drop">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" aria-expanded="false">
<div class="profile_img">
<div class="user-name">
<p><a href="?logout=1">Logout</p>
</div>
<div class="clearfix"></div>
</div>
</a>
</li>
</ul>
<?php endif; ?>
If any user is not logged in then also they are able to see the inner pages. They cannot see the page until they log in.
You have set $_SERVER['PHP_SELF']
. thats why it is redirecting to same page. you need to change that for eg: login.php
if(isset($_GET['logout'])) {
unset($_SESSION['username']);// do not set it as empty, unset it
//header('Location: ' . $_SERVER['PHP_SELF']);//change this line to
header('Location: login.php');
}
and another error is in your else condition you are redirecting it to index.php
which is why the non-logged in user able to see the index page.
else {
//header("Location: index.php");// change this to
header('Location: login.php');
}
NOTE: I have added
login.php
only for eg. redirect the non-logged in user to where you want.
First of all, your code should me beautified.
Second of all, you have forget to close your a href
tag, thus not your $_GET
statement isset is true. Therefore, by clicking the link, the page is checking again for if(isset($_POST['username']))
which is true, and you are redirected cause of your headers.
Consider of making a logout.php
where you use session_destroy
and session_unset
and you redirect your users to login.php
, for example:
logout.php:
<?php
session_start();
session_unset($_SESSION['username']);
session_unset();
session_destroy();
header('Location: login.php');
?>
Finally, consider of not using $_GET
, but prefer $_POST
or $_SESSION
variables, only for the reason that are not visible on the URL.
First of all, destroy the session when you log out. And redirect it to Login Page. Suppose index.php is the login page.
if(isset($_GET['logout'])) {
session_start();
session_destroy();
header('Location: index.php');
}
In the sidebar.php, check the session is set or not. If the session is not set means the user is not login. You can prevent them to access the page by redirecting them to login page
<?php
session_start();
if (!isset($_SESSION["username"]))
{
header("location: index.php");
} ?>
<ul> <li class="dropdown profile_details_drop"> <a href="#" class="dropdown-toggle" data-toggle="dropdown" aria-expanded="false"> <div class="profile_img"> <div class="user-name"> <p> <a href="?logout=1">Logout</p> </div> <div class="clearfix"></div> </div> </a> </li> </ul>
Unset the session variable in logout:
unset($_SESSION['username']);
Instead of assigning to empty string:
$_SESSION['username'] = '';
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.