Page 1 of 1

Login Logout script (fixed for the moment)

Posted: Mon May 24, 2010 8:20 pm
by Imosa
I'm working on, probably the simplest account system possible and I am having some trouble with the loggin log out.
I started with this tutorial and modified it to suit my needs. I think I may have messed something up in the process but I couldn't have broken it that badly. All you need is a password to login with. Once logged in you get a link to the logout page.

main.php, just calls the display method of login.php. Not sure why I need it but the tutorial had it.

Code: Select all

<?php
/* Include Files *********************/
session_start();
//include("database.php");
include("login.php");
/*************************************/
?>

<html>
<title>Alexander's Login Script</title>
<body>

<?php
displayLogin();
?>

</body>
</html>
login.php, where the logging in happens (and probably the problems)

Code: Select all

<?php

/**
 * Checks whether or not the given username is in the
 * database, if so it checks if the given password is
 * the same password in the database for that user.
 * If the user doesn't exist or if the passwords don't
 * match up, it returns an error code (1 or 2).
 * On success it returns 0.
 */
function confirmUser($password) {

   /* Opens the file containing the password */
    $file=fopen("password.txt","r") or exit("Unable to open file!");

   /* Validate that password is correct */
    if($password == fgets($file)) {
        fclose($file);
        return 0;
    } else {
        fclose($file);
        return 2;
    }
}

/**
 * checkLogin - Checks if the user has already previously
 * logged in, and a session with the user has already been
 * established. Also checks to see if user has been remembered.
 * If so, the database is queried to make sure of the user's
 * authenticity. Returns true if the user has logged in.
 */
function checkLogin() {
   /* Username and password have been set */
    if(isset($_SESSION['password'])) {
      /* Confirm that username and password are valid */
        if(confirmUser($_SESSION['password']) != 0) {
         /* Variables are incorrect, user not logged in */
            unset($_SESSION['password']);
            return false;
        }
        return true;
    }
   /* User not logged in */
    else {
        return false;
    }
}

/**
 * Determines whether or not to display the login
 * form or to show the user that he is logged in
 * based on if the session variables are set.
 */
/**
 * Determines whether or not to display the login
 * form or to show the user that he is logged in
 * based on if the session variables are set.
 */
function displayLogin() {
    $a = checkLogin();
    if($a) {
        ?>
<h1>Logged In!</h1>
Welcome, you are now logged in. <a href="logout.php">Logout</a>
    <?php
    }
    else {
        ?>
<h1>Login</h1>
<form action="" method="post">
    <table align="left" border="0" cellspacing="0" cellpadding="3">
        <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>
        <tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr>
    </table>
</form>
    <?php
    }
}


/**
 * Checks to see if the user has submitted his
 * username and password through the login form,
 * if so, checks authenticity in database and
 * creates session.
 */
if(isset($_POST['sublogin'])) {
   /* Check that all fields were typed in */
    if(!$_POST['pass']) {
        die('You didn\'t enter a password.');
    }

   /* Checks that password is correct */
    $result = confirmUser($_POST['pass']);

   /* Check error codes */
    if($result == 2) {
        die('Incorrect password, please try again.');
    } else if($result == 0) {
        //die("Password matches");
        }

   /* Username and password correct, register session variables */
    $_SESSION['password'] = $_POST['pass'];

   /* Quick self-redirect to avoid resending data on refresh */
    echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
    return;
}

/* Sets the value of the logged_in variable, which can be used in your code */
//$logged_in = checkLogin();
?>
Logout.php, where the loging out happens.

Code: Select all

<?php
//die("Hello");
session_start();
include("login.php");
$a = checkLogin();
?>

<html>
    <title>Logging Out</title>
    <body>

        <?php
        if($a) {
            echo "<h1>Error!</h1>\n";
            echo "You are not currently logged in, logout failed. Back to <a href=\"main.php\">main</a>";
        } else {
   /* Kill session variables */
            unset($_SESSION['password']);
            $_SESSION = array(); // reset session array
            session_destroy();   // destroy session.

            echo "<h1>Logged Out</h1>\n";
            echo "You have successfully <b>logged out</b>. Back to <a href=\"main.php\">main</a>";
        }

        ?>

    </body>
</html>
You will also need a file called password.txt, where the actual password of your choice is held.

Now the problem is that after I login I can go to the logout page where I am told that I am not logged in, there I am directed back to the login page where I am told that I am logged in. Now because I can't log out I cant test if the login script works anymore. However, after shutting down xampp it still says I am logged in, leading me to believe that the account may be logged in from the start.

If someone could give me any guidance I would much appreciate it.


Edit, Wow you guys are great. Fixed in 0 replies. Funny how things work themselves out like this. Someone should make a website, where people can post their problems but nobody actually replies. Then just see how many problems are fixed by the perception that help will come. Hmmm, well, I'll have another problem later.
In case you were wondering, the logout script was backwards. If you were logged in it said you were logged out, and vice versa. It seems to be working for the time being.

If I have another problem should I just reuse this thread or start a new one?

Re: Login Logout script (fixed for the moment)

Posted: Mon May 24, 2010 9:35 pm
by Jonah Bron
Glad you got it working. As to your question, starting a new topic is standard practice. That way the subject line is relevant.

Re: Login Logout script (fixed for the moment)

Posted: Mon May 24, 2010 9:59 pm
by Imosa
Jonah Bron wrote:Glad you got it working. As to your question, starting a new topic is standard practice. That way the subject line is relevant.
Well the Subject Line can be changed but I suppose it could get really messy if you have problems coming and going in a thread.