I am working on a login script and I want to display a message on the login.php page once the user is logged out.
I have something like the following:
<?php
$logged_out = FALSE;
if (isset($_GET['action']) AND $_GET['action'] == 'logout') {
$logged_out = TRUE;
session_destroy();
}
if ($logged_out === TRUE) echo 'You are successfully logged out.'
?>
I use “login.php?action=logout” as the logout link.
Although the logout action is done, the message is not displayed and I guess the reason is that when I destroy the session, the variable $logged_out becomes FALSE again so that the notice is not displayed. Do you have any idea how I could display such a message? WordPress does something like this (it displays a message on login page when you log out) but I couldn’t figure it out.
May I ask the reason why you’d advise against ‘AND’?
I need to separate the two because I am displaying the message on another page (login.php) which includes this login script (login-script.php). Anyway, perhaps it will be clearer with my actual setup:
login.php
<?php
session_start();
require 'login-script.php'
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8" />
<title>Login</title>
</head>
<body>
<?php if ($missing_info) echo 'Please enter a username and password.' ?>
<?php if ($invalid_login) echo 'Invalid login details.' ?>
<?php if ($logged_out) echo 'You are successfully logged out.' ?>
<form action="" method="post">
<p>Username<br /><input type="text" name="username" value="<?php if (isset($_POST['username'])) echo $_POST['username'] ?>" /></p>
<p>Password<br /><input type="password" name="password" /></p>
<p><input type="submit" name="login" value="Log In" /></p>
</form>
</body>
</html>
login-script.php
<?php
$logged_out = FALSE;
// Check if Logout button is clicked.
if (isset($_GET['action']) AND $_GET['action'] == 'logout') {
$logged_out = TRUE;
session_destroy();
}
// Check if the user is already logged in.
if (isset($_SESSION['username'])) {
header('Location: index.php');
} else {
$missing_info = FALSE;
$invalid_login = FALSE;
// Check if submit button is clicked.
if (isset($_POST['login'])) {
// Check if username and/or password fields are empty.
if (empty($_POST['username']) OR empty($_POST['password'])) {
$missing_info = TRUE;
} else {
// Check if the username and password are correct.
if (($_POST['username'] != 'nayen') OR $_POST['password'] != 'xyz123') {
$invalid_login = TRUE;
} else {
$_SESSION['username'] = $_POST['username'];
header('Location: index.php');
}
}
}
}
?>
Apart from displaying that “logged out” message, I would be happy if you have any suggestions about my logic or code or any points that I might have missed. Thank you both.
Instead of session_destroy(), why not unset($_SESSION[‘username’]);? That will effectively log a user out since you’re using $_SESSION[‘username’] to check if they’re logged in. It will also allow you to continue using the $_SESSION array for other things that don’t require a user to be logged in.
I used session_destroy() because every login script tutorial I have went through up to now uses it. I will keep your suggestion in mind. Can you please give me an example for using $_SESSION array after the user is logged out?
Thanks for clarification. I always use parenthesis to ensure precedence because I find it a lot easier to read the code. In fact I had been using && and || until I started working on this login script. By the way, I still couldn’t figure out why I can’t display the logged out message.
UDDATE: I found the solution. On login-script.php, I changed second “if” statement to “elseif” and the “logged out” message now displays exactly where and when I want it to display. Thank you all for your input.