0

I am trying with a website where there is a login/register wizerd. I want that when a user is logged in the login and register link will be replace by a logout link.how can I do this? my codes are here...

header.php

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">


<link rel="stylesheet" type="text/css" href="style.css"/>

</head>

<body class="body">
<div id="inbody">

<div class="main_header">
    <div class="site_name">

    </div>
    <div class="add">
        <p><a class="link" href="add.php" style="text-decoration:none">Adds</a>&nbsp &nbsp
            <a class="link" href="login.php" style="text-decoration:none">login</a>&nbsp &nbsp
        <a class="link" href="register.php" style="text-decoration:none">Register</a></p>



    </div>
</div>



        <div class="main_body_part">

home.php

<?php
include ("include/header.php");
?>

login_success.php

<?php

include 'database.php';
session_start();
$u_name=$_POST['u_name'];
$password=$_POST['password'];

login($u_name, $password);
function login($name,$pass)
{
    $sql = "SELECT * FROM registration WHERE user_name='$name'";
    $result = mysql_query($sql);
    while($row =  mysql_fetch_array($result))
{
    if($row['password']==$pass)
    {
       $_SESSION['id']=$row['user_id'];
       header('Location:home.php');
    }
    else 
    {
        echo 'not log in';
    }
}
}



?>

database.php

<?php

$con = mysql_connect("localhost", "root" ,"");
if($con)
{
mysql_select_db("finalproject", $con);
}

Now how can I do this????

Sawpno
  • 85
  • 1
  • 2
  • 10
  • 2
    Put the button in a conditional if the `session` value is set. Your code also is open to SQL injections. You also should check the password and username in the same pass, no need to have PHP check it. Also don't store your passwords in plain text. Final note switch to `mysqli` or `pdo` so you can use parameterized queries. http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – chris85 Aug 04 '15 at 02:50
  • 1
    You should definitely sanitise that input. – blasko Aug 04 '15 at 02:51

2 Answers2

6

You can use a php if else to conditionally show the correct html.

<?php if(isset($_SESSION['id'])): ?>
  <a class="link" href="logout.php" style="text-decoration:none">logout</a>
<?php else: ?>
  <a class="link" href="login.php" style="text-decoration:none">login</a>
<?php endif; ?>

There's another notation that you may be more familiar with, it does the same exact thing as the above.

<?php if(isset($_SESSION['id'])){ ?>
  <a class="link" href="logout.php" style="text-decoration:none">logout</a>
<?php }else{ ?>
  <a class="link" href="login.php" style="text-decoration:none">login</a>
<?php } ?>

Take a look at bcrypt which will help you to store your passwords in hashes instead of plain text. It is more secure. How do you use bcrypt for hashing passwords in PHP?

Using prepared statements will also remove the SQL injection vulnerability in your code. How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
CleoR
  • 806
  • 6
  • 18
  • Final note on it, don't use `isset` and `empty`. One or the other, if it isn't `empty` than it `isset`. http://stackoverflow.com/questions/4559925/why-check-both-isset-and-empty – chris85 Aug 04 '15 at 03:09
0

Place this code where you want to print Logout.

if(isset($_SESSION['id'])){
echo '<a class="link" href="login.php?action=logout" style="text-decoration:none">logout</a>';
}else{
echo '<a class="link" href="login.php" style="text-decoration:none">logout</a>';
}

You need to place some code in login.php to logout also:

if (isset($_GET['action']) and $_GET['action']=='logout'){
if(!isset($_SESSION)){session_start();};
unset($_SESSION['id']);
header('Location:home.php');
exit();
}
Crunch Much
  • 1,537
  • 1
  • 11
  • 14