Session logout without closing the session

0
votes

We have a session logout script like:

<?php
    //24 2 2015
    session_start();
    session_destroy();
    header("location:login.php")
?>

now this script logouts and redirect it to login page where, username and password will be required to login again.

what if i wanted to have a temporary logout where after logging out it will direct us to a login page where it will only require password, cause session hasn't been destroyed and username is been passed to that page...

so, when you enter the password, it will check the input in database table where username = session username.

Hope i was clear.

The update::

templogout.php

<?php
    //24 2 2015
    session_start();
    $_SESSION['temp_logout'] = true;
    header("location:templogin.php")
?>

templogin.php

<?php
    //24 2 2015
    session_start();
?>
<form id="msform" action="templogincheck.php" method="post">
  <fieldset>
      <input type="password" name="password" placeholder="Enter password here" required />
    <button type="submit" name="submit" class="submit action-button"> LogIn </button>
</form>

templogincheck.php

<?php
    //15 2 2015
    session_start();

    $Cser =mysqli_connect("localhost","text","text","text") or die("Server connection failed : ".mysqli_error($Cser));

    $password = md5($_REQUEST["password"]);
    $mobile = $_SESSION['mobile'];

    $s = "select * from users where password = '".$password."' and mobile = '".$mobile."'";
    $result = mysqli_query($Cser,$s);
    $count = mysqli_num_rows($result);
    if($count>0)
    {
        $_SESSION["mobile"] = $mobile;
        $_SESSION["login"]="1";
        header("location:/index.php");
    }
    else
    {
     header("location:/templogin.php");   
  }
?>

index.php

<?php 
    //15 2 2015
    session_start();
        unset($_SESSION["temp_logout"]);
    if(!isset($_SESSION["login"]))
        header("location:login.php");
?>

I hope i did it right, but i have to presume i have something wrong cause it isn't working..

Am i passing the session mobile to the login check page?

user first login page:

<form id="msform" action="ulogincheck.php" method="post">
  <fieldset>
    <h2 class="fs-title">LogIn</h2>
    <h3 class="fs-subtitle">Please Enter your details accordingly<br/><br/> <small>(case sensitive)</small></h3>
      <input type="text" name="email" placeholder="Email" required />
      <input type="text" name="mobile" placeholder="Mobile" required />
      <input type="password" name="password" placeholder="Password" required />
    <button type="submit" name="submit" class="submit action-button"> LogIn </button>
</form>

first logincheck page

session_start();
$email = $_REQUEST["email"];
    $mobile = $_REQUEST["mobile"];
    $password = md5($_REQUEST["password"]);


    $s = "select * from users where email='".$email."' and password = '".$password."' and mobile = '".$mobile."'";

    $result = mysqli_query($Cser,$s);

    $count = mysqli_num_rows($result);

    if($count>0)
    {
        $_SESSION["email"] = $email; 
        $_SESSION["mobile"] = $mobile;
        $_SESSION["login"]="1";
        header("location:/index2.php");
    }
    else
    {
           header("location:/usersignin.php");
2
phpsession

2 Answers

1
votes

You could add a "temp_logout" field to the $_SESSION variable and when you redirect the user to the login page, you can check for it $_SESSION["temp_logout"] and if it is true, add the username in the input field.

logout script:

<?php
    //24 2 2015
    session_start();
    $_SESSION['temp_logout'] = true;
    header("location:login.php")
?>

login page:

session_start()
...
//where the "username" input is
<input name="username" <?php if(isset($_SESSION["temp_logout"]){
    echo 'value="'.$_SESSION["username"] .'" ';
} ?> />
...

after a successfull login:

<?php
    session_start();
    unset($_SESSION["temp_logout"]);
?>

Also, anywhere on the site, don't forget to check if the user is temporarily logged out; then immediatelly redirect him to the login page

0
votes

it is really depend on your platform: You can only unset something like password instead of destroying session,

unset($_SESSION['password']);

or set another key in session: 

$_SESSION['loggedIn'] = false;

and redirect to login page.

also you can put username in cookie and destroy session.

setcookie

If you want to store username in cookie it is better to encrypt it for security reasons.