p2p.wrox.com Forums

Need to download code?

View our list of code downloads.


  Return to Index  

beginning_php thread: i need simple logout [was RE: variable doesn't show up in $_COOKIE or $HTTP_COOKIE_VARS or $_POST


Message #1 by spam@k... on Sat, 22 Feb 2003 14:54:07 -0600

Maybe I'm making the simple complicated. 

How do people log out? I'm asking all of you, assuming you've all written logout functions. Right now I'm doing this:

if ($logged == "logout") {
$jess = "logout";
setcookie ("jess", $jess);
header ("Location: http://www.krubner.com/");
}

It's not working. It's supposed to overwrite the cookie called Jess, but it isn't working. Even after I click on the link which
attaches logged=logout to the end of the url, I can still go back to the page without having to log in. Why?

I know $logged does in fact equal "logout"  because the header() function works. But I can still get back to that page, so $jess
clearly doesn't equal "logout" .

This is how I handle the login:


if ($jess != "xxx") {

setcookie ("jess", "");

   echo "<form method=\"post\" action=\"index.php?articleId=42\">

    Please type your password:<br>

    <input type='text' name='jess'><br>

    <input type='submit' name='submit' value='submit'>

     </form></body></html>";

   exit();

} 

if ($jess == "xxx") {

setcookie ("jess", $jess);

[lots more stuff]
}














------------------------------------------------
On Fri, 21 Feb 2003 13:58:12 -0600, spam@k... wrote:

> 
> > > I'm sure I'm overlooking the most obvious thing in the world, but why is 
> > > it that, on this page http://www.krubner.com/index.htm?articleId=42, when 
> > > I hit submit , the variable $jess never shows up? 
> > 
> > Are you still running PHP with register_globals = off?
> > 
> > What exactly (in english, not php) are you trying to do with this code?
> 
> register_globals is on. The code is simply supposed to keep people from seeing a page unless they've typed in the right
password ($jess). All the print_r() stuff is just there for debugging. After a few hours tinkering I realized the problem was with
retrieving this code from a database and then hitting it with eval(). That works for echo statements and some variables, but for
whatever reason it didn't work for $jess. 
> 
> So then I took the code out of the database and got around the whole issue with eval. I hard coded the code into the main page,
which has code for rendering the template. Clunky, but whatever, I was tight on time this morning. 
> 
> Then I ran into what seems like an even more obvious problem. The variable $jess was now, finally, visible, it showed up as
part of the global variables, but now I couldn't destroy it. Still working on that one. Trying to do some kind of logout thing but
can't overwrite the cookie $jess. Don't know why. 
> 
> 
> 
Message #2 by "Nikolai Devereaux" <yomama@u...> on Mon, 24 Feb 2003 12:04:20 -0800
> Maybe I'm making the simple complicated.
>
> How do people log out? I'm asking all of you, assuming you've all
> written logout functions. Right now I'm doing this:
>
> if ($logged == "logout") {
>   $jess = "logout";
>   setcookie ("jess", $jess);
>   header ("Location: http://www.krubner.com/");
> }


Usually, you delete or invalidate a cookie by setting it's expiration time
to a negative number, which means it's already expired.


On a side note, I think that you should code this new site using the
superglobals instead of assuming register_globals will be on.

Not only will you protect yourself from false logins, your code will make
much more sense.

Compare the readability of your code:


if ($jess != "xxx")
{
   setcookie ("jess", "");
   echo "<form method=\"post\" action=\"index.php?articleId=42\">
     Please type your password:<br>
     <input type='text' name='jess'><br>
     <input type='submit' name='submit' value='submit'>
     </form></body></html>";
   exit();
}
if ($jess == "xxx")
{
  setcookie ("jess", $jess);
  [lots more stuff]
}



To this rewritten version:

if(! isset($_GET['jess']) || ($_GET['jess'] != 'xxx'))
{
   setcookie('jess', '');
   echo '<form method="post" action="index.php?articleId=42">
           Please type your password:<br />
           <input type="text"   name="jess" /><br />
           <input type="submit" name="submit" value="submit" />
         </form></body></html>';
   exit();
}

// no need to test $jess == "xxx" --
// it must be since we didn't exit the script above.

setcookie("jess", $_GET['jess']);
//lots more stuff



IMHO, it makes much more sense to see explicitly where you're expecting to
get your values from.


Take care,

Nik

Message #3 by spam@k... on Mon, 24 Feb 2003 15:43:15 -0600
Two things:

1.) I do understand that the way to kill a cookie is to set the timestamp in the past, or give it a value that would test false,
what I don't understand is why my code for that purpose wasn't working.

2.) I agree with you that using the superglobals would add a great deal to clarity, and it is true that in this one case I could use
them, but in general I write code to be used on any machine. I've had bad experiences with hosts that still run PHP 4.01 or even PHP
3.x. If you want (as I want) to write code that runs anywhere, then you have to avoid all the 4.1+ stuff. Too many hosting companies
haven't upgraded yet. And it is too much of a headache for me to try and keep two versions of my software, one that would work on
newer versions of PHP, and one that would only work on old. 

thanks,

lawrence 






------------------------------------------------
On Mon, 24 Feb 2003 12:04:20 -0800, "Nikolai Devereaux" <yomama@u...> wrote:

> 
> > Maybe I'm making the simple complicated.
> >
> > How do people log out? I'm asking all of you, assuming you've all
> > written logout functions. Right now I'm doing this:
> >
> > if ($logged == "logout") {
> >   $jess = "logout";
> >   setcookie ("jess", $jess);
> >   header ("Location: http://www.krubner.com/");
> > }
> 
> 
> Usually, you delete or invalidate a cookie by setting it's expiration time
> to a negative number, which means it's already expired.
> 
> 
> On a side note, I think that you should code this new site using the
> superglobals instead of assuming register_globals will be on.
> 
> Not only will you protect yourself from false logins, your code will make
> much more sense.
> 
> Compare the readability of your code:
> 
> 
> if ($jess != "xxx")
> {
>    setcookie ("jess", "");
>    echo "<form method=\"post\" action=\"index.php?articleId=42\">
>      Please type your password:<br>
>      <input type='text' name='jess'><br>
>      <input type='submit' name='submit' value='submit'>
>      </form></body></html>";
>    exit();
> }
> if ($jess == "xxx")
> {
>   setcookie ("jess", $jess);
>   [lots more stuff]
> }
> 
> 
> 
> To this rewritten version:
> 
> if(! isset($_GET['jess']) || ($_GET['jess'] != 'xxx'))
> {
>    setcookie('jess', '');
>    echo '<form method="post" action="index.php?articleId=42">
>            Please type your password:<br />
>            <input type="text"   name="jess" /><br />
>            <input type="submit" name="submit" value="submit" />
>          </form></body></html>';
>    exit();
> }
> 
> // no need to test $jess == "xxx" --
> // it must be since we didn't exit the script above.
> 
> setcookie("jess", $_GET['jess']);
> //lots more stuff
> 
> 
> 
> IMHO, it makes much more sense to see explicitly where you're expecting to
> get your values from.
> 
> 
> Take care,
> 
> Nik
> 
> 
> 

  Return to Index