-1

I have php scripts that confirm the password and username of a customer matches those that are stored in a database (username and password are stored in a users database). Once they login they will be redirected to their own page, but after a period of minutes inactivity I want them to be logged out, or redirected to the login.php. Can anyone help with a tried and tested method? Thank you in advance.

<?php
session_start();

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);

mysql_connect("localhost", "root","root") or die(mysql_error()); //Connect to server
mysql_select_db("first_db") or die("Cannot connect to database"); //Connect to database
$query = mysql_query("SELECT * from users WHERE username='$username'"); //Query the users table if there are matching rows equal to $username
$exists = mysql_num_rows($query); //Checks if username exists
$table_users = "";
$table_password = "";
if($exists > 0) //IF there are no returning rows or no existing username
{

    while($row = mysql_fetch_assoc($query)) //display all rows from query
{
    $table_users = $row['username']; // the first username row is passed on to $table_users, and so on until the query is finished
    $table_password = $row['password']; // the first password row is passed on to $table_users, and so on until the query is finished
    $table_id = $row['id'];
    $page_id = $row['page'];
}
if(($username == $table_users) && ($password == $table_password)) // checks if there are any matching fields
{
        if($password == $table_password)
        {
            $_SESSION['user'] = $username; //set the username in a session. This serves as a global variable
            //echo $table_id;
            //echo $page_id;

            redirect ($page_id); //take the user to the page specified in the users table

        }
    else
    {
        echo "Login Failed";
    }

}
    else
    {
        Print '<script>alert("1. Incorrect Password!");</script>'; //Prompts the user
        Print '<script>window.location.assign("login.php");</script>'; // redirects to login.php
    }
}
else
{
    Print '<script>alert("Incorrect Username!");</script>'; //Prompts the user
    Print '<script>window.location.assign("login.php");</script>'; // redirects to login.php
}
function redirect($page_id)
{
/* Redirect browser */
header('Location: home.php');
/* Make sure that code below does not get executed when we redirect. */
exit;
}
?>
Rus84
  • 33
  • 2
  • 11
  • possible duplicate of [Automatic Logout after 15 minutes of inactive in php](http://stackoverflow.com/questions/20516969/automatic-logout-after-15-minutes-of-inactive-in-php) – Realitätsverlust Apr 21 '15 at 11:49
  • possible duplicate of [how to logout session if user idle in php](http://stackoverflow.com/questions/3453831/how-to-logout-session-if-user-idle-in-php) – moonwalker Apr 21 '15 at 11:55
  • If you want a user to be seamlessly redirected to another page - such as a user sits idle in front of a computer and then gets automatically redirected to another page after n minutes without any user input - you will need to add some JavaScript code. You will not be able to do this with PHP only. – Tomasz Cz. Apr 21 '15 at 12:18
  • @YUNOWORK I did see your answer to that post and I have tried it a few times, and have tried to adjust the variables but to no luck. – Rus84 Apr 21 '15 at 12:26
  • @Rus84 If you post your code - at least the login - maybe I can help you out – Realitätsverlust Apr 21 '15 at 12:30
  • @YUNOWORK This is my checklogin.php, this all work and reads username and password from a database called users. Thanks in advance for any help – Rus84 Apr 22 '15 at 09:00
  • @YUNOWORK i was wondering whether you could point me in the right direction about how to incorporate your code into my script, thanks. – Rus84 Apr 24 '15 at 10:14

2 Answers2

0

Add this to your pages :

setcookie(session_name(), $_COOKIE[session_name()], time() + 15 * 60); // 15 is the number of minutes of inactivity before the session gets destroyed

This tells the session that it has still X minutes left before dying.

FrancoisBaveye
  • 1,902
  • 1
  • 18
  • 25
0

In your page heading, add a meta that will redirect the user after a giving time

<meta http-equiv="refresh" content="900;url=logout.php" />
rootleet
  • 135
  • 8