#22861 [Opn->Bgs]: sessions don't destroy

rioter Mon, 24 Mar 2003 14:43:00 -0800

 ID:               22861
 Updated by:       [EMAIL PROTECTED]
 Reported By:      notepad at codewalkers dot com
-Status:           Open
+Status:           Bogus
 Bug Type:         Session related
 Operating System: winxp pro IIS
 PHP Version:      4.3.1
 New Comment:


this is not a bug in php 
marking as bogus


Previous Comments:
------------------------------------------------------------------------

[2003-03-24 16:32:02] notepad at codewalkers dot com

i'm so sorry.. my login function is the problem - as it's last return
value is false (blank line) i'd delete this if i knew how.. sorry

------------------------------------------------------------------------

[2003-03-24 16:26:09] notepad at codewalkers dot com

i couldn't get sessions to destroy in PHP v4.3.1. - it seemed to set
the variable $_SESSION['valid_user'] even when the login form is left
blank (allowing you to login as anyone). so i made login a seperate
function, and now the login function won't return true even if it's a
valid attempt.. craziness

i was thinkin that maybe my approach is wrong, but, then nobody else
seems to be able to tell me why it doesn't work. my apologies if i'm
just blind

testdb.txt example:
myuserid|mypass

sessiontest.php example:
<?php

session_start();

if(isset($_POST['userid']) && isset($_POST['password']))
{
    // if user has just tried to login
    $userid = trim($_POST['userid']);
    $password = trim($_POST['password']);
}

// retrieve info from database, register id if they're in the database
$data = file('testdb.txt');
function login($db, $id, $pass)
{
    foreach($db as $key=>$value)
    {
        $divide = explode('|', $value);
        if(($divide[0] == "$id") && ($divide[1] == "$pass"))
            return true;
        else
            return false;
    }
}

if(@login($data, $userid, $password))
{
    $_SESSION['valid_user'] = $userid;

    $olduser = $_SESSION['valid_user'];
    $oldid = session_id();
    $_COOKIE = array();
    $_SESSION = array();
    $_REQUEST = array();
    session_destroy();
    echo '<html><body>';
    echo 'you are logged in as '.$olduser.' : '.$oldid.'<br>';
    echo '<br><a href="'.$_SERVER['PHP_SELF'].'">logout</a>';
}
elseif(isset($userid))
    echo 'could not log you in';
else
    echo 'you are not logged in';

?>
<html><body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table><tr><td>
userid:
</td><td>
<input type="text" name="userid">
</td></tr><tr><td>
password:
</td><td>
<input type="password" name="password">
</td></tr><tr><td colspan="2" align="center">
<input type="submit" value="login">
</td></tr></table></form>
</body></html>

------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=22861&edit=1

#22861 [Opn->Bgs]: sessions don't destroy

Reply via email to