Displaying logout notice

Hi,

I am working on a login script and I want to display a message on the login.php page once the user is logged out.

I have something like the following:

<?php

$logged_out = FALSE;

if (isset($_GET['action']) AND $_GET['action'] == 'logout') {
	$logged_out = TRUE;
	session_destroy();
}

if ($logged_out === TRUE) echo 'You are successfully logged out.'

?>

I use “login.php?action=logout” as the logout link.

Although the logout action is done, the message is not displayed and I guess the reason is that when I destroy the session, the variable $logged_out becomes FALSE again so that the notice is not displayed. Do you have any idea how I could display such a message? WordPress does something like this (it displays a message on login page when you log out) but I couldn’t figure it out.

Thanks.

I have something like the following:

No, $logged_out will not be destroyed with the session.

So, perhaps you have some other flaw in you logic which you have not showed us.

Else, make sure that code is reached by putting an else statement:


if ($logged_out === TRUE){

 echo 'You are successfully logged out.' 

}else{

 echo 'OOPs, no you are still logged in.' 

}

var_dump( $logged_out);

I’d advise against using ‘AND’ as opposed to ‘&&’, for starters, but that’s irrelevant to the problem.

Secondly, why seperate the two?


if (isset($_GET['action']) && $_GET['action'] == 'logout') {
    session_destroy();
   echo 'You are successfully logged out.' 
}

May I ask the reason why you’d advise against ‘AND’?

I need to separate the two because I am displaying the message on another page (login.php) which includes this login script (login-script.php). Anyway, perhaps it will be clearer with my actual setup:

login.php

<?php
session_start();
require 'login-script.php'
?>
<!doctype html>
<html>
<head>
	<meta charset="utf-8" />
	<title>Login</title>
</head>
<body>
	<?php if ($missing_info) echo 'Please enter a username and password.' ?>
	<?php if ($invalid_login) echo 'Invalid login details.' ?>
	<?php if ($logged_out) echo 'You are successfully logged out.' ?>
	<form action="" method="post">
		<p>Username<br /><input type="text" name="username" value="<?php if (isset($_POST['username'])) echo $_POST['username'] ?>" /></p>
		<p>Password<br /><input type="password" name="password" /></p>
		<p><input type="submit" name="login" value="Log In" /></p>
	</form>
</body>
</html>

login-script.php

<?php

$logged_out = FALSE;

// Check if Logout button is clicked.
if (isset($_GET['action']) AND $_GET['action'] == 'logout') {
	$logged_out = TRUE;
	session_destroy();
}

// Check if the user is already logged in.
if (isset($_SESSION['username'])) {
	header('Location: index.php');
} else {

	$missing_info = FALSE;
	$invalid_login = FALSE;

	// Check if submit button is clicked.
	if (isset($_POST['login'])) {

		// Check if username and/or password fields are empty.
		if (empty($_POST['username']) OR empty($_POST['password'])) {
			$missing_info = TRUE;
		} else {
			
			// Check if the username and password are correct.
			if (($_POST['username'] != 'nayen') OR $_POST['password'] != 'xyz123') {
				$invalid_login = TRUE;
			} else {
				$_SESSION['username'] = $_POST['username'];
				header('Location: index.php');
			}
		}
	}
}
?>

index.php

<?php
	// Content...
	
	<a href="login.php?action=logout">Log Out</a>
?>

Apart from displaying that “logged out” message, I would be happy if you have any suggestions about my logic or code or any points that I might have missed. Thank you both.

Instead of session_destroy(), why not unset($_SESSION[‘username’]);? That will effectively log a user out since you’re using $_SESSION[‘username’] to check if they’re logged in. It will also allow you to continue using the $_SESSION array for other things that don’t require a user to be logged in.

I used session_destroy() because every login script tutorial I have went through up to now uses it. I will keep your suggestion in mind. Can you please give me an example for using $_SESSION array after the user is logged out?

non-login information may be retained beyond logout, such as… visitor’s country. Preferred UI style/color, etc.

As for “why && instead of AND”… && has higher precedence than AND.

$f = true AND false;

What should the value of $f be? Would you be surprised if it was true?

= has higher precedence than AND, so the line above is evaluated as ($f = true) and false, instead of $f = (true and false).

Parenthesis can be used to ensure precedence (and readability), but I find it simpler just to stick to && and ||.

Thanks for clarification. I always use parenthesis to ensure precedence because I find it a lot easier to read the code. In fact I had been using && and || until I started working on this login script. By the way, I still couldn’t figure out why I can’t display the logged out message.

The code in your OP works fine for me. You sure you copy and pasted it exactly?

I posted my actual setup on this post. The code in the OP was just a sample.

UDDATE: I found the solution. On login-script.php, I changed second “if” statement to “elseif” and the “logged out” message now displays exactly where and when I want it to display. Thank you all for your input.

I’d suggest getting more syntactically-accurate with your IF’s in general…at the very least, put semicolons on the ends of the statements.