Page 1 of 1

Adding a "LogOut" to User Authentication

Posted: Wed Jul 30, 2008 6:22 am
by Sindarin
I am trying to learn how an authentication script can be made so I am using a sample script for it,

Code: Select all

<?php
/*************************************************
 * Max's Site Protector
 *
 * Version: 1.0
 * Date: 2007-11-27
 *
 ****************************************************/
class maxProtector{
    var $password = 'test';
    
    function showLoginForm(){
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
   <title>Max's File Uploader</title>
   <link href="style/style.css" rel="stylesheet" type="text/css" />
</head>
<body>
       <div id="container">
            <div id="header"><div id="header_left"></div>
            <div id="header_main">Max's Site Protector</div><div id="header_right"></div></div>
            <div id="content">
                <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
                     <center>
                         <label>Password:
                             <input name="passwd" type="password" size="20" />
                         </label><br/>
                         <label>
                             <input type="submit" name="submitBtn" class="sbtn" value="Login" />
                         </label>
                     </center>
                 </form>
             </div>
             <div id="footer"><a href="http://www.phpf1.com" target="_blank">Powered by PHP F1</a></div>
         </div>
</body>      
<?php
    }
 
    function login(){
        $loggedin = isset($_SESSION['loggedin']) ? $_SESSION['loggedin'] : false;
        if ( (!isset($_POST['submitBtn'])) && (!($loggedin))){
            $_SESSION['loggedin'] = false;
               $this->showLoginForm();
               exit();
        } else if (isset($_POST['submitBtn'])) {
               $pass = isset($_POST['passwd']) ? $_POST['passwd'] : '';
      
               if ($pass != $this->password) {
                   $_SESSION['loggedin'] = false;
                   $this->showLoginForm();
                   exit();     
               } else {
                   $_SESSION['loggedin'] = true;
               }
        }
 
    }
}
 
// Auto create
session_start();
$protector = new maxProtector();
$protector->login();
?>
The problem is that this script does not have any logout sample code, so the user cannot log out.

I tried this code:

Code: Select all

<?PHP
session_start();
session_destroy();
echo "you are now logged out";
?>
the user logs out but it gives me this warning:
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\sites\login3\logout.php:1) in C:\xampp\htdocs\sites\login3\logout.php on line 2
you are now logged out

Re: Adding a "LogOut" to User Authentication

Posted: Wed Jul 30, 2008 7:19 am
by stakes
Make sure you dont have any whitespace or html / text output before your script, it is usually what causes this kind of error.

Re: Adding a "LogOut" to User Authentication

Posted: Wed Jul 30, 2008 8:37 am
by Sindarin
There's nothing before that, it is alone in a .php script (logout.php)

Re: Adding a "LogOut" to User Authentication

Posted: Wed Jul 30, 2008 10:48 am
by psurrena
Checkout this thread about separating your display and logic code:
viewtopic.php?f=1&t=83951