i have written a php login script which uses both session and cookies. i know that sessions expire after closing the browser,but cookies exist till their expiration time is reached. in my script i created a COOKIE to store "username" of the logged in user. After logging in , if i close the browser and re-open it..i must still remain logged in because of the cookie.And when i click log out i must be logged out. But my script is not working properly because,after clicking the "logout" button link my script is not logging me out.
Here's the php code that i wrote:
<?php
session_start();
require_once('login/connectvars.php');
if(!isset($_SESSION['username']) && isset($_COOKIE['username']))
{
$_SESSION['username'] = $_COOKIE['username'];
}
if(isset($_POST['submit']))
{
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);
$username = mysqli_real_escape_string($dbc,trim($_POST['username']));
$password = mysqli_real_escape_string($dbc,trim($_POST['password']));
$query = "SELECT user_id,username FROM users_dns WHERE username = '$username' AND password = SHA('$password')";
$data = mysqli_query($dbc,$query) or die(mysqli_error($dbc));
if(mysqli_num_rows($data) == 1)
{
$row = mysqli_fetch_array($data);
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['username'] = $row['username'];
setcookie('username',$row['username'],time() + (60 * 60));
echo 'success';
mysqli_close($dbc);
}
else
{
echo 'enter correct username and password';
}
}
else
{
echo 'no empty fields please..';
}
}
?>
Here's what i used in the html code:
<?php
if(isset($_SESSION['username']))
{
echo 'logged in as'.$_SESSION['username'];
echo '<a href="login/logout.php">log out ('.$_SESSION['username'].')</a><br />';
echo $_SESSION['username'];
}
else
{
?>
<div id="login_form">
<!--<span class="error"><?php echo $error_msg; ?></span>-->
<form id="login" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<table>
<tr>
<th>Username:</th>
<th>Password:</th>
</tr>
<tr>
<td><input type="text" name="username" /></td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td><input type="submit" name="submit" value="Log In" class="submit" /></td>
<td><a href="login/signup.php"><input type="button" class="submit" value="Sign Up" /></a></td>
</tr>
</table>
</form>
</div>
<?php
}
?>
Here is my log out script
<?php
session_start();
if(isset($_SESSION['username']))
{
$_SESSION = array();
if(isset($_COOKIE['session_name()']))
{
setcookie('username','',time() - 3600);
}
session_destroy();
}
setcookie('user_id','',time() - 3600);
setcookie('username','',time() - 3600);
echo 'redirecting you...please wait..';
header("Refresh: 3;url=http://localhost/");
?>
if(isset($_COOKIE['session_name()']))
this should be
if(isset($_COOKIE['username']))
because you have created username
cookie and you are checking for session_name()
cookie.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.