need help with logout (logout not perfect) — All PHP

You are here: need help with logout (logout not perfect) « All PHP « IT news, forums, messages

Posted by crescent_au on 10/30/06 11:25

Hi all,

I've written a login/logout code. It does what it's supposed to do but
the problem is when I logout and press browser's back button (in
Firefox), I get to the last login page. In IE, when I press back
button, I get to the page that says "Page has Expired" but Firefox does
not do this.

I think it's something to do with sessions not properly unset or
something like that but I haven't been able to figure it out. I am
attaching my codes and database structure below. If you need more info,
please email me. I really want this to be fixed asap. I've played with
this long enough. Thanks!

Login class:
-----------------

class Login {
//var $loginflag;
//var $db_connect;

function Login() {
//$this ->db_connect = $db_connect;

if (!isset($_SESSION['uid']) || $_SESSION['uid'] == 0) {
$this->set_session_defaults();
echo "inside login class ";
}
}

function check_login($username, $password) {
global $db;
$link=$db->connectDB();

if ($_SESSION['logged']) {
$this->check_session();
echo "logged... ";
return true;
} else {
$username = mysql_escape_string($username);
$query = "SELECT * FROM users WHERE username = '$username' AND
AES_DECRYPT(password, 'dreamfilmslogin438ismbtsx') = '$password'";
$result = mysql_query($query, $link) or die("Could not select");

if (mysql_num_rows($result)) {
$this->set_session($username = mysql_fetch_assoc($result), true);
return $username['username'];
} else {
$this->failed = true;
session_destroy();
return false;
}
}
}

function check_session() {
global $db;
$link=$db->connectDB();

$username = mysql_escape_string($_SESSION['username']);
$token = mysql_escape_string($_SESSION['token']);
$session = mysql_escape_string(session_id());
$ip = mysql_escape_string($_SERVER['REMOTE_ADDR']);

$query = "SELECT * FROM users WHERE username='{$username}' AND
token='{$token}' AND session='{$session}' AND ip='{$ip}'";
$result = mysql_query($query, $link) or die("Could not select");
echo "check session: ";
print_r($result);
echo " ";
if ($result != false) {
} else {
$this->logout();
}
}

function set_session_defaults() {
//session_start();
////session_register("logged", "uid", "username");
$_SESSION['logged'] = false;
$_SESSION['uid'] = 0;
$_SESSION['username'] = '';
}

function set_session($result,$init = true) {
global $db;
$link=$db->connectDB();

if ($init) {
//session_start();
$session = mysql_escape_string(session_id());
$ip = mysql_escape_string($_SERVER['REMOTE_ADDR']);
$result['token'] = $this->token(); // generate a new token
$query = "UPDATE users SET session='{$session}',
token='{$result['token']}', ip='{$ip}' WHERE uid='{$result['uid']}'";
mysql_query($query, $link) or die("Could not select");
$_SESSION['logged'] = true;
$_SESSION['uid'] = $result['uid'];
$_SESSION['username'] = $result['username'];
echo "set session: ";
print_r($result);
echo " ";
echo "session: ".$session." ";
echo "ip: ".$ip." ";
}
}

function token() {
// generate a random token
for($i=1;$i<33;$i++) {
$seed .= chr(rand(0,255));
}
return md5($seed);
}

function logout() {
global $db;
$link=$db->connectDB();

$query = "UPDATE users SET session='', token='', ip='' WHERE
uid='{$_SESSION['uid']}'";
mysql_query($query, $link) or die("Could not select");
mysql_close($link);

unset($_SESSION['username']);
unset($_SESSION['logged']);
unset($_SESSION['uid']);
// kill session variables
$_SESSION = array(); // reset session array
session_destroy();

/**$this->set_session_defaults();
session_destroy();*****/

echo "logged out... ";
return true;
}
} // end class Login

DBAccess class
-------------------------
class DBAccess {
var $_login;

// Constructor
function DBAccess() {
$this -> _login = array();
$this -> _login['db_loginid'] = "testuser";
$this -> _login['db_password'] = "";
$this -> _login['hostname'] = "localhost";
$this -> _login['db_name'] = "dblogin";
}

function connectDB() {
if (!($link = @mysql_connect($this->_login['hostname'],
$this->_login['db_loginid'], $this->_login['db_password']))) {
echo "Could not connect: ".mysql_error()." <hr size='1' /> ";
} else if (!@mysql_select_db($this->_login['db_name'],$link)) {
echo "Could not select database";
}
if ($link) {
return $link;
}
} // end connectDB()
} // end class DB_Access

database structure
----------------------------
CREATE TABLE `users` (
`uid` int(11) NOT NULL auto_increment,
`username` varchar(20) NOT NULL default '',
`password` varchar(50) NOT NULL default '',
`token` varchar(100) NOT NULL default '',
`session` varchar(100) NOT NULL default '',
`ip` varchar(20) NOT NULL default '',
PRIMARY KEY (`uid`),
UNIQUE KEY `username` (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;

Navigation:

Next in forum: Re: e-commerce site - need advice
Prev in forum: Re: Tale of woe
Thread view: need help with logout (logout not perfect)

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация