I have a form which allows users to enter their data. It then checks these data against a database to see if the user exists. If so, it logs them into a certain page.
I would then like to allow them to log out (such that they no longer have access to that certain page). To this end, I created a "logout.php" document in which I try to clear the login details.
However, having done this, if I try load the login page, it takes me back to the logged in page.
Here is my code (login.php - creating the form and logging the user in):
<?php //Start the Session
session_start();
require('connect.php');
if (isset($_POST['username']) and isset($_POST['password']))
{
//3.1.1 Assigning posted values to variables.
$username = $_POST['username'];
$password = $_POST['password'];
//3.1.2 Checking if the values exist in the database
$checkLogin = $connection->query("SELECT * FROM users
where (username='$username' && password='$password')");
$numRows = $checkLogin->fetchColumn();
//3.1.2 If the posted values are equal to the database values, then session will be created for the user.
if ($numRows >= 1){
$_SESSION['username'] = $username;
}else{
//3.1.3 If the login credentials doesn't match, he will be shown with an error message.
echo '<script>window.alert("Invalid Login Credentials")</script>';
}
}
//3.1.4 if the user is logged in Greets the user with message
if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
echo "Hi " . $username . "
";
echo "This is the Members Area";
echo "<a href='logout.php'>Logout</a>";
echo $username;
}else{
//3.2 When the user visits the page first time, simple login form will be displayed.
?>
<!DOCTYPE html>
<head>
<title>CodingCyber - Simple Login Script</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<!-- Form for logging in the users -->
<div class="register-form">
<?php
if(isset($msg) & !empty($msg)){
echo $msg;
}
?>
<h1>Login</h1>
<form action="login.php" method="POST">
<p><label>User Name : </label>
<input id="username" type="text" name="username" placeholder="username" /></p>
<p><label>Password : </label>
<input id="password" type="password" name="password" placeholder="password" /></p>
<a class="btn" href="register.php">Signup</a>
<input class="btn register" type="submit" name="submit" value="Login" />
</form>
</div>
<?php } ?>
</body>
</html>
The "require('connect.php')"; just connects to my MySQL database. This code all seems to run fine, in that it does log users in, once validated. I've just included it for completeness w.r.t. the problem.
As you can see, once logged in it displays text saying "Member's area", with a logout hyperlink.
Here is my logout.php code (which I would like to remove access to the member's area, and take user back to the login page):
<?php
session_start();
$username = '';
$password = '';
$confirmPassword = '';
$email = '';
echo $username;
unset($_POST['username']);
unset($password);
?>
This second bit of code is where, to be honest, I'm really not sure what I'm meant to do to remove the access privileges.
I've looked at a few other questions, but can't seem to find the solution.
Any help would be awesome! Please let me know if there is a similar thread or if you need more information.
Thanks!
