Ok so I'm trying to create a simple login page.
I can do it successfully but it seems I can't get multiple computers to access the page. I've created multiple different users on my mysql database that individually credential their way into it and query it for data, BUT AGAIN only one computer it seems will be let in.
I've set the PHP session variable as well to contain login info.
My simple questions is:
Is there a way to log out of the db and destroy my session to perhaps let other computers access the username after one has finished
Could it be the session or the db login that is still lingering one computer that is causing this?
I know my code is a mess:
<?php session_start();
include("password.php"); ?>
...
<body>
<div class="main_content">
<?php
$submenarray = array(
'Purpose' => 'purpose.php',
'Leading Self' => 'leadingself.php',
'Leading with Strategy' => 'leadingwithstrategy.php',
'Leading People' => 'leadingpeople.php',
'Leading for Results' => 'leadingforresults.php',
);
insert_header_with_params(0,0,$submenarray);
?>
<div class="content_body">
<div class="description">
<h1 style="margin-left:5%;">
User <span style="color:red"> Login</span>
</h1>
<p></p>
</div>
<?
global $USERS;
global $_SESSION;
$USERS= getUsers("member1","password");
$record;
$max_login_attempts = 3;
if(isset($_POST['password'])){$_SESSION["password"] = $_POST["password"];}
if($_GET["logged"] == "false"){
$_SESSION["logged"] = "";
}
if(isset($_POST['Field1'])){
$record = getRecord($_POST["Field1"],removeUnwantedChar($_POST["Field1"]),$_POST["password"]);}
if ($_POST["ac"]=="log") { /// do after login form is submitted
if ($record[19]==$_POST["password"]) {
$_SESSION["logged"]=$_POST["Field1"];
$sql = "UPDATE `leading_initiatives` SET `Login Attempts`='0'
WHERE `Name`='".$_POST['Field1']."'";
sql_command($sql,removeUnwantedChar($_POST["Field1"]),$_POST["password"]);
} else {
if($record[20] < $max_login_attempts){
setRecord('Login Attempts',$record[20]+1,$record[1],removeUnwantedChar($_POST["Field1"]),$_POST["password"]);
echo '<p style="padding-left:20%;">Incorrect username/password. '.($max_login_attempts-$record[20]).' attempts remaining.</p>';
}else{
echo 'max reached';
}
}
}
$attempts = $record[20];
if($attempts > $max_login_attempts)
$_SESSION["locked_out"] = "true";
if (array_key_exists($_SESSION["logged"],$USERS)) { //// check if user is logged or not
echo "<p style='padding-left:20%;'>Logged in: ".$_SESSION["logged"]."</p>"; //// if user is logged show a message
echo "<a href='http://newsite.com' style='padding-left:20%;'>form</a></br></br>";
}elseif($_SESSION["locked_out"] == "true"){
echo "<script>
window.location.replace('site/max_attempts.php');
</script>";
}
else { //// if not logged show login form
echo '<form id="the_form" name="the_form" action="http://site/login.php" method="post" style="padding-left:20%;">
<input type="hidden" name="ac" value="log">';
echo 'Username: <select id="Field1" name="Field1">
<option value=""></option>
<option value="Admin">Admin</option>
<option value="Anton, Manny">Anton, Manny</option>
</select>';
echo 'Password: <input type="password" name="password" id="password" />';
echo '<input type="submit" value="Login" />';
echo '</form>';
}
if($_GET["logged"] == "false"){
echo "<script>document.forms['the_form']['Field1'].value = ".$_GET["Field1"].";</script>";
}
?>
</div> <!--end content body-->
</div> <!--end the main content div-->
</body>
There are many ways to destroy a session. This one is very thorough:
// destroy session the correct way
function destroySession() {
$_SESSION = array();
if (ini_get('session.use_cookies')) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params['path'], $params['domain'], $params['secure'], $params['httponly']
);
}
session_destroy();
}
Be sure to call session_start(); before destroySession(); ... and the session + session cookie goes away.
You can try adding sessions to the php pages like:
session_start();
It must be added at the top of the php page and once the work is done, destroy the session:
session_destroy();
Also, try closing database connections:
$conn = NULL;
The above code for closing database connection is for PHP PDOs. If you are using mysqli, use:
mysqli_close($conn);
By the way, I've never faced or heard such an issue. Perhaps ports or some incorrect parameter is causing the issue?