-2

After logging in with the correct username and password, I'm not sure how to get it to return back to the form once clicking on the logout button? I have written the following code:

<?php

session_save_path('/home/sarahmanchester/session');
session_start();


if(!isset($_SESSION['activitylog'])){
     $_SESSION['username'] = 'Admin';
     $_SESSION['password'] = 'pass';
}

$DisplayForm = True;
if(isset($_POST['username']) && ($_POST['password'])){
    if(($_SESSION['username'] == $_POST['username']) && 
       ($_SESSION['password'] == $_POST['password'])){
        echo 'Logged in!';
        echo '<BR>';
        echo 'Protected content will be displayed here.';
        echo '<BR>';
        echo '<input type="Submit" name="Submit" value="Logout">';
        $DisplayForm = False;
        echo '<HR>';
    } else{
        echo 'Error: Incorrect password.';
    } 

} 

if ($DisplayForm){
    echo '<form method="POST" action="'.$_SERVER['sample800.php'].'">';
    echo '<h1>Login demo</h1>';
    echo '<BR>';
    echo 'Username: ';
    echo '<input type="username" name="username">';
    echo '<BR>';
    echo 'Password: ';
    echo '<input type="password" name="password">';
    echo '<BR>';

    echo '<input type="Submit" name="Submit" value="Login">';
    echo '</form>';
}
?>
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
susanmanchester
  • 5
  • 4
  • Btw, you know you're asking for trouble in storing passwords with sessions. – Funk Forty Niner Jun 08 '16 at 14:01
  • **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure that you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Jun 08 '16 at 14:01

2 Answers2

0

You can do like below..

<?php
 session_save_path('/home/sarahmanchester/session');
 session_start();
 if(!isset($_SESSION['activitylog'])){
      $_SESSION['username'] = 'Admin';
      $_SESSION['password'] = 'pass'; 
 }

 if(isset($_POST['username']) && ($_POST['password'])){
      if(($_SESSION['username'] == $_POST['username']) &&($_SESSION['password'] == $_POST['password'])){                                               
         echo 'Logged in!';
         echo '<BR>';
         echo 'Protected content will be displayed here.';
         echo '<BR>';
         echo '<a href="logout.php">Logout</a>';
         echo '<HR>';
        }
      else{
          echo 'Error: Incorrect password.';
   }

in Logout.php

<?php
session_start();
// destroy the session.
session_destroy();
header('Location: homepage.php');

in homepage.php

<?php
if(!isset($_SESSION['username'])){
      // redirect to Login page if session Not Available
      header('Location: loginpage.php');
} else { echo "Homepage content goes here..";}
Sarath
  • 2,318
  • 1
  • 12
  • 24
  • 2
    Why should the OP try this? A ***good answer*** will always have an explanation of what was done and why it was done in such a manner, not only for the OP but for future visitors to SO. – Jay Blanchard Jun 08 '16 at 14:02
0

Okay, I know I am not creating a secure login. This is just a simple one I'm creating as practice. I've rewritten my code as the following:

I'm not sure how to redirect the user to the login registration page upon clicking the logout page? Keep in mind I am trying to write this in one file. I am not creating multiple files, so I want to do this without redirecting to a new php file. I also need to be able to see the time stamp in the activitylog array and I'm not sure how to do this in a multi-dimensional array?

 session_save_path('/home/susanmanchester/session');
 session_start();



if(isset($_POST['username']) && isset($_POST['password'])){ 
        $_POST[time] = time();  
        if($_POST['username'] == 'Admin' && $_POST['password'] == 'pass'){
        $_SESSION['activityLog'] = '';
        $_POST[loginStatus] = 'Successfully logged in';         
   }else{
        echo 'Error: Incorrect password.';
        $_POST['loginStatus'] = 'Rejected';
    }
     $_SESSION[]= $_POST;

 }



if(isset($_POST['Logout'])){
     unset($_SESSION['loggedin']);
       $_SESSION[] = $_POST;
}


if(isset($_SESSION['loggedin'])){
     echo 'Logged in!';
     echo '<BR>';
     echo '<input type="Submit" name="Logout" value="Logout">';    
     echo '<HR>';

}else{
     echo '<form method="POST" action="'.$_SERVER['xxx.php'].'">';
     echo '<h1>Login demo</h1>';
     echo '<BR>';
     echo 'Username: ';
     echo '<input type="username" name="username">';
     echo '<BR>';
     echo 'Password: ';
     echo '<input type="password" name="password">';
     echo '<BR>';

     echo '<input type="Submit" name="Login" value="Login">';
     echo '</form>';

 }
susanmanchester
  • 5
  • 4