I have a website where you can log in with a session or with cookies (remember me) and I can't seem to get the logout to work. I have a code that goes on top of most pages (all pages that require one to be logged in) and it goes like this:

<?php

//session
session_start();

//login check function
function loggedin()
{
  if (isset($_SESSION['username'])||isset($_COOKIE['username']))
  {
	$loggedin = TRUE;
	return $loggedin;
  } 

if (!loggedin())
{
	header("Location: index.php");
	exit();
}

}

if (isset($_SESSION['username']))
{
$loginusername = $_SESSION['username'];
} else if (isset($_COOKIE['username']))
{
$loginusername = $_COOKIE['username'];
}

?>

And my logout code goes like this:

<?php

session_start();

session_destroy();

setcookie("username","",time()-32000);

  include($_SERVER['DOCUMENT_ROOT'].'/header.html');

echo "You've been logged out. Click <a href='/'>here</a> to return.";

  include($_SERVER['DOCUMENT_ROOT'].'/footer.html');


?>

And whenever I log out, if I go to a page that SHOULD kick me back to home if I am not logged in (in the first code), it doesn't. Also, it shows me as not having a username (which makes sense because I am logged out). So if I don't have a username (I echo $loginusername and it shows up as nothing), how come it's not kicking me back to index.php?

Look what happens if I fix the indentation of your code:

<?php

//session
session_start();

//login check function
function loggedin() 
{
	if (isset($_SESSION['username']) || isset($_COOKIE['username'])) {
		$loggedin = TRUE;
		return $loggedin;
	}

	if (!loggedin()) {
		header("Location: index.php");
		exit();
	}
}

if (isset($_SESSION['username'])) {
	$loginusername = $_SESSION['username'];
} 
else if (isset($_COOKIE['username'])) {
	$loginusername = $_COOKIE['username'];
}
?>

Can you see the problem now?

The if statement that uses your loggedin function to check if you are logged in is inside that same function, which means it never gets called.

And worse, if you did call it somewhere else without being logged in, you would find yourself in an endless loop. (The if statement inside the function would keep calling the function, and thus itself.)


It's important to write properly formatted code. Prevents a lot of these types of situations.

wow wow WOW

I cannot believe I didn't see that! Like, I don't have a lot of knowledge of this stuff, but I'm baffled as to how I let that get through. Even when I was writing it, it shouldn't have made sense. Well, it's working now, thank you!

EDIT:

Just kidding!

Now it won't let me log in! And by that, I mean if I log in, it doesn't seem to recognize and every page bumps be back to the index page.

What does your $_SESSION and $_COOKIE look like when that happens?

var_dump($_SESSION);
var_dump($_COOKIE);
exit;

And what does your new code look like?

I think I may be starting to figure out. Currently, my functions.php page (the one that is on top of every page except the main/login one -- it's placed there to redirect anyone who is not logged in) looks like this:

<?php


//ob
ob_start();

//session
session_start();

//login check function
function loggedin()
{
  if (isset($_SESSION['username'])||isset($_COOKIE['username']))
  {
     $loggedin = TRUE;
     return $loggedin;
  }
}
if (!loggedin())
{
	echo "you are not logged in";
}


if (isset($_SESSION['username']))
{
$loginusername = $_SESSION['username'];
} else if (isset($_COOKIE['username']))
{
$loginusername = $_COOKIE['username'];
}

?>

Where it echos "You are not logged in", I seem to be getting that right, but when I try putting a redirect there (so people who are not logged in cannot view the page, but instead get sent to the main page), it doesn't let me log in. If I leave it as an echo, it seems to function properly, except that's not doing what I want it to do. Does this mean there is a better way of doing this?

Okay, I think I figured it out. When a person logs in, it takes them to login.php where the form is submitted. Since the functions.php was at the very top, it never got to actually submit the information, because users weren't actually logged in when they got to the login.php page, so the code died at the very top (or it did when I had a die() or header() thing where the echo() was). So what I did was took the functions.php off of the login page and everything seemed to work. After that, I just put some session stuff at the top of the login page so when a user who was already logged in went to login.php (which is a rare occurrence) it just echos "you are logged in".

Does that sound right? Did I figure it out? And is there anything else I should change? If not, I'll mark this as solved.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.