I have created Signup and Login systems for my gallery website. When a user tries to login into system, their user and password and admin privilege is checked. If it was successful, the username is appeared on top left corner of the home page and Login turns to Logout. The problem is that when I refresh the page, the user is logged out.
login.php code:
<?php
session_start();
class User
{
public function CheckUser()
{
require "../app/core/database.php";
if (isset($_POST['username']) && isset($_POST['pass'])) {
$username = $_POST['username'];
$password = $_POST['pass'];
//to prevent sql injection
$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysqli_real_escape_string($connection, $username);
$password = mysqli_real_escape_string($connection, $password);
$sql = "SELECT * FROM signup WHERE username = '$username' and password = '$password'";
$sql2 = "SELECT 'admin' FROM signup";
$log_result = mysqli_query($connection, $sql);
$count = mysqli_num_rows($log_result);
if ($count == 1) {
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
$_SESSION['is_admin'] = mysqli_query($connection, $sql2);
header("Location: ../home/index");
} else {
echo "<script>Invalid()</script>";
}
}
}
}
?>
<script>
function Invalid() {
alert("Invalid user/password");
}
</script>
a part of home page code (index.php):
<?php
error_reporting(E_ALL);
ini_set('display_errors', TRUE);
include "../app/model/loadImages.php";
include "../app/core/config.php";
include "../app/model/login.php";
?>
<body>
<nav>
<?php while ($row = $result2->fetch_assoc()) {
$rows[] = $row ?>
<div class="logo">
<a href="index.php"><?php echo $row['header_1'] ?> <em><?php echo $row['header_2'] ?></em></a>
<span style="font-weight: normal; color:white;">
<label>
<?php
if (isset($_SESSION['loggedin']) && isset($_SESSION['username'])) {
echo $_SESSION['username'];
} ?>
</label>
</span>
</div>
<div class="menu-icon">
<span></span>
</div>
</nav>
<section class="overlay-menu">
<div class="container">
<div class="row">
<div class="main-menu">
<ul>
<li>
<?php
if (!isset($_SESSION['loggedin']) && !isset($_SESSION['username'])) {
echo "<a href='/MyProject/public/login/index.php'>LogIn</a>";
} else {
echo "<a href='' action='EndSession();'>Logout</a>";
echo "<li>";
echo "<a href='/MyProject/public/admin/index'>Admin Area</a>";
echo "</li>";
} ?>
</li>
<li>
<a href="about.html">About Us</a>
</li>
<li>
<a href="blog.html">Blog Entries</a>
</li>
<li>
<a href="single-post.html">Single Post</a>
</li>
</ul>
<?php foreach ($rows as $row) { ?>
<p><?php echo $row['message_1'] ?></p>
<?php } ?>
</div>
</div>
</div>
</section>
<script>
function EndSession() {
<?php session_unset(); ?>
}
</script>
index.php for login page:
<?php
include "../app/core/config.php";
include "../app/model/login.php";
$login = new User();
$login->CheckUser();
?>
<body>
<div class="limiter">
<div class="container-login100" style="background-image: url('../../app/views/login/images/bg-01.jpg');">
<div class="wrap-login100 p-l-55 p-r-55 p-t-65 p-b-54">
<form class="login100-form validate-form" method="POST">
<span class="login100-form-title p-b-49">
Login
</span>
<div class="wrap-input100 validate-input m-b-23" data-validate = "Username is reauired">
<span class="label-input100">Username</span>
<input class="input100" type="text" name="username" placeholder="Type your username">
<span class="focus-input100" data-symbol=""></span>
</div>
<div class="wrap-input100 validate-input" data-validate="Password is required">
<span class="label-input100">Password</span>
<input class="input100" type="password" name="pass" placeholder="Type your password">
<span class="focus-input100" data-symbol=""></span>
</div>
<div class="text-right p-t-8 p-b-31">
<a href="#">
Forgot password?
</a>
</div>
<div class="container-login100-form-btn">
<div class="wrap-login100-form-btn">
<div class="login100-form-bgbtn"></div>
<button class="login100-form-btn">
Login
</button>
</div>
</div>
<div class="txt1 text-center p-t-54 p-b-20">
<span>
Or Sign Up Using
</span>
</div>
<div class="flex-c-m">
<a href="#" class="login100-social-item bg3">
<i class="fa fa-google"></i>
</a>
</div>
<div class="flex-col-c p-t-155">
<span class="txt1 p-b-17">
Or Sign Up Using
</span>
<a href="<?php echo $root ?>/public/signup/index.php" class="txt2">
Sign Up
</a>
</div>
</form>
</div>
</div>
</div>
How can I fix this problem?
Advertisement
Answer
I replicated the problem. The session_unset inside the js function is called when you refresh the page, besides it is inside a JS function.
Remove that funciton, than create a new file called logout.php:
<?php
session_unset();
header("Location: ../home/index.php");
?>
Modify the a tag inside home/index.php:
<a href='logout.php'>Logout</a>
Side note: consider using session_destroy() instead of session_unset() for the logout