-4

what i really want is when the user hit logout, it should log the user out. how do get to create that? The ones have tried is really logging the user out, when you hit logout it still display the user account, that's not what i want. What i want is how do i create logout that will really logout the user completely. Here is my login page.

 <?php
define('DB_HOST', 'localhost');
define('DB_NAME', 'university portal');
define('DB_USER','root');
define('DB_PASSWORD','password007');

$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
/*
$ID = $_POST['user'];
$Password = $_POST['pass'];
*/
function SignIn()
{
session_start();   //starting the session for user profile page
if(!empty($_POST['UserName']))   //checking the 'user' name which is from Sign-In.html, is it empty or have some text
{
    $query = mysql_query("SELECT Username, Password, voting_status FROM voters where Username = '$_POST[UserName]' AND Password = '$_POST[password]'") or die(mysql_error());
    $row = mysql_fetch_array($query) or die(mysql_error());
    if(!empty($row['Username']) AND !empty($row['Password']))
    {

        $_SESSION['Username'] = $row['Username'];
        $_SESSION['Voting Status'] = $row['voting_status'];
        header("location:Home.php");

    }else{
        echo "username or password is incorrect";
    }
}
}
if(isset($_POST['submit']))
{
    SignIn();
}
          ?>
      </form>
    </div>
    </div>
    <div id="Footer"></div>
</div>
<p>&nbsp;</p>
</body>
</html>
<?php
mysql_free_result($Login2_form);
?>
Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
Daniel Chuks
  • 1
  • 1
  • clue: destroy the session completely – Funk Forty Niner Feb 13 '17 at 18:49
  • 1
    btw; I hope you're not live or intending to go live with this, because you **will** get hacked. – Funk Forty Niner Feb 13 '17 at 18:50
  • 1
    ***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Feb 13 '17 at 18:50
  • yeah. destroy session and redirect to somewhere. – Lwin Htoo Ko Feb 13 '17 at 18:50
  • 1
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Feb 13 '17 at 18:50
  • **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Feb 13 '17 at 18:50
  • and this question shows *zero effort*. C'mon, you could have Google'd this. – Funk Forty Niner Feb 13 '17 at 18:53

2 Answers2

0

It depends on how you save your user information through your application. If you are using a $_SESSION variable, you can just destroy it using the session_destroy() function or by unset $_SESSION (which is not recommended) and then redirect to your login page.
If you are using HTML5 localStorage, you can simply echo <script>window.localStorage.clear()</script> and then redirect to your login page.

Nicolas
  • 8,077
  • 4
  • 21
  • 51
0

try using $_SESSION variables. You can set two of them, for eg, $_SESSION["username"] ,which may contain username, and $_SESSION["fingerprint"] which can contain a hash of user's password so that whenever the user navigates without logging out, on each page you can compare the $_SESSION["hash"] with the value of hash which is generated and stored in DB.

And when the user logs out, you can simply destroy $_SESSION variables

Lincoln
  • 165
  • 1
  • 12