0

I have a webpage and I have a session_check file that is used to check the session variables. I added require 'session_check.php' at the top of the webpages where it is required. I have also used echo to check that the session_check.php file got called.

I have a function in session_check.php that gets called when it's time to log out, but it never gets called. Could you please help me out? Thanks :)

Code for session_check.php:

<?php
    //Database Connection 
    $db_host = $_SERVER['DB_HOST'];
    $db_uname = $_SERVER['DB_UNAME'];
    $db_pwd = $_SERVER['DB_PWD'];
    $db_name = $_SERVER['DB_DB'];

    $db_link = mysql_connect($db_host,$db_uname,$db_pwd);
    if(!$db_link){
        die("Could Not Connect:".mysql_error($db_link));
    }
    mysql_select_db($db_name, $db_link) or die('Can\'t use db:'. mysql_error($db_link));

    //Logout function
    function user_logout($uname){
        $query = "UPDATE user SET last_used_token='' WHERE username='$uname'";
        mysql_close($db_link);
        session_destroy();
        header('Location:index.php');
        exit(); 
    }

    //Getting session variables
    session_start();
    session_regenerate_id();
    $cur_authkey = $_SESSION['authkey'];
    $uname = $_SESSION['username'];

    //Session data checking 

    $query = "SELECT last_used_token FROM user WHERE username='$uname'";
    $result = mysql_query($query, $db_link) or die('Error while updating auth key <br /> Query:'.$query.'MySQL error no:'.mysql_errno().'<br /> MySQL error:'.mysql_error($db_link));
    $row = mysql_fetch_assoc($result);

    if($cur_authkey != $row['last_used_token']){
        user_logout($uname);
    }   

?>

Partial Code of the calling webpage

<?php
    require 'session_check.php';
    mysql_close($db_link);
?>
<!DOCTYPE html>
<html>.....</html>
Improve this question
10
  • Set the session_start() as the first line in the php code. Commented Feb 3, 2013 at 14:30
  • 2
    unrelated but you are exposed to SQL injection attacks unless you sanitize or parametrize your inputs Commented Feb 3, 2013 at 14:30
  • @OneManCrew That didn't work.. Commented Feb 3, 2013 at 14:44
  • @Ozzy You mean use mysql_escape_string($_SESSION['authkey']); ? Commented Feb 3, 2013 at 14:45
  • 1
    I mean you haven't shown the code you are using to get the $uname from the user, however it is evident from your code that you are not using prepared statements. net.tutsplus.com/tutorials/php/… Commented Feb 3, 2013 at 14:52

2 Answers 2

Reset to default
1

I wrote the below code was working.refer these codes,you will get solution.if u want to call the second page from first page using require() method, just call, require(secondpage url) in first page and remove the line session_start() in the second page.

first page(samplephp.php)

<?php
session_start(); 
$_SESSION['host']="localhost";
$_SESSION['dbusername']="root";
$_SESSION['dbname']="userinfo";
$_SESSION['username']="testuser";
$_SESSION['authkey']="1";
?>

<!DOCTYPE html>
<html><head></head><body>test<form action="session_check.php"><input type="submit" value="click here"></form></body></html>

second page(session_check.php)

 <?php
    session_start(); 
        //Database Connection 
        $db_host = $_SESSION['host'];
        $db_uname =$_SESSION['dbusername'];
        $db_pwd = "";
        $db_name = $_SESSION['dbname'];

        $db_link = mysql_connect($db_host,$db_uname,$db_pwd);
        if(!$db_link){
            die("Could Not Connect:".mysql_error($db_link));
        }
        mysql_select_db($db_name, $db_link) or die('Can\'t use db:'. mysql_error($db_link));

        //Logout function
        function user_logout($uname,$db_link){
            $query = "UPDATE usertable SET flag=1 WHERE username='$uname'";
            mysql_query($query, $db_link);
            mysql_close($db_link);
           session_destroy();
           echo "success";
            //header('Location:index.php');
            exit(); 
        }

        //Getting session variables
        session_regenerate_id();
        $cur_authkey = $_SESSION['authkey'];
        $uname =$_SESSION['username'];
        //Session data checking 

        $query = "SELECT flag FROM usertable WHERE username='$uname'";
        $result = mysql_query($query, $db_link) or die('Error while updating auth key <br /> Query:'.$query.'MySQL error no:'.mysql_errno().'<br /> MySQL error:'.mysql_error($db_link));
        $row = mysql_fetch_assoc($result);
        if($cur_authkey != $row['flag']){
           user_logout($uname,$db_link);
        }    
    ?>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

use session_start() at the start of the code just after first <?php tag

Improve this answer

2 Comments

where did you use it. use this function it the top of the session_check.php file
Yup, I put it on the line right after <?php and still it doesn't work

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.