#22861 [Opn]: sessions don't destroy

Mon, 24 Mar 2003 14:30:32 -0800 

 ID:               22861
 User updated by:  notepad at codewalkers dot com
 Reported By:      notepad at codewalkers dot com
 Status:           Open
 Bug Type:         Session related
 Operating System: winxp pro IIS
 PHP Version:      4.3.1
 New Comment:

i'm so sorry.. my login function is the problem - as it's last return
value is false (blank line) i'd delete this if i knew how.. sorry


Previous Comments:
------------------------------------------------------------------------

[2003-03-24 16:26:09] notepad at codewalkers dot com

i couldn't get sessions to destroy in PHP v4.3.1. - it seemed to set
the variable $_SESSION['valid_user'] even when the login form is left
blank (allowing you to login as anyone). so i made login a seperate
function, and now the login function won't return true even if it's a
valid attempt.. craziness

i was thinkin that maybe my approach is wrong, but, then nobody else
seems to be able to tell me why it doesn't work. my apologies if i'm
just blind

testdb.txt example:
myuserid|mypass

sessiontest.php example:
<?php

session_start();

if(isset($_POST['userid']) && isset($_POST['password']))
{
    // if user has just tried to login
    $userid = trim($_POST['userid']);
    $password = trim($_POST['password']);
}

// retrieve info from database, register id if they're in the database
$data = file('testdb.txt');
function login($db, $id, $pass)
{
    foreach($db as $key=>$value)
    {
        $divide = explode('|', $value);
        if(($divide[0] == "$id") && ($divide[1] == "$pass"))
            return true;
        else
            return false;
    }
}

if(@login($data, $userid, $password))
{
    $_SESSION['valid_user'] = $userid;

    $olduser = $_SESSION['valid_user'];
    $oldid = session_id();
    $_COOKIE = array();
    $_SESSION = array();
    $_REQUEST = array();
    session_destroy();
    echo '<html><body>';
    echo 'you are logged in as '.$olduser.' : '.$oldid.'<br>';
    echo '<br><a href="'.$_SERVER['PHP_SELF'].'">logout</a>';
}
elseif(isset($userid))
    echo 'could not log you in';
else
    echo 'you are not logged in';

?>
<html><body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table><tr><td>
userid:
</td><td>
<input type="text" name="userid">
</td></tr><tr><td>
password:
</td><td>
<input type="password" name="password">
</td></tr><tr><td colspan="2" align="center">
<input type="submit" value="login">
</td></tr></table></form>
</body></html>

------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=22861&edit=1

Reply via email to