I'm currently working on a site that has a log-in (username and password) - The password protection is done by the operating system within the web server at folder level called a Realm within the OS. For now this will have to do, until we figure out a proper PHP log in system.
The code below, is based on a previous question on the stack overflow.
I'm using 3 files (See code snippets at the bottom).
The process is: - Click Log In button on index.php - Enter username and password to access authenticate index file. - Click log out button, which references the logout.php file - it SHOULD clear the cache and return the user to the top level index.
It doesn't 'destroy the session' in the sense that you're not asked to re-enter the password when prompted to, which is essentially what I want to happen.
My minimal knowledge of php leaves me a little bit stumped here.
index.php (top level file with log in button)
<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Test</title>
</head>
<body>
<a href="authenticate/index.php">Log In Btn</a>
</body>
</html>
authenticate/index.php (This folder is password protected - contains the index file with the log out button which links to the logout.php file)
<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Log out</title>
</head>
<body>
<a href="logout.php">Log Out Btn</a>
</body>
</html>
authenticate/logout.php
<?php
session_start(); //to ensure you are using same session
session_destroy(); //destroy the session
header("location:/index.php"); //to redirect back to "index.php" after logging out
exit();
?>
It can be done by clicking on the logout button or by destroying that session after a fixed time. By default the expiry time of any particular session that is created is 1440 secs i.e. (24*60) i.e. 24 minutes. But in some cases, we need to change the default time accordingly.
The process is: - Click Log In button on index. php - Enter username and password to access authenticate index file. - Click log out button, which references the logout. php file - it SHOULD clear the cache and return the user to the top level index.
Destroying a PHP Session A PHP session can be destroyed by session_destroy() function. This function does not need any argument and a single call can destroy all the session variables. If you want to destroy a single session variable then you can use unset() function to unset a session variable.
session_destroy() function: It destroys the whole session rather destroying the variables. When session_start() is called, PHP sets the session cookie in browser. We need to delete the cookies also to completely destroy the session. Example: This example is used to destroying the session.
if(isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['username']);
header('location:login.php');
}
The if block of the Global array $_GET
check if the logout var is set in the url
Then, the session destroy function is called And then, the global session array value username is removed/deleted the header function will redirect you back to login page
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With