Management og user as GUEST

@toplisekNov 05.2005

I have the following issue.
I would like that registered user can be also as GUEST or Logged in.
There is possibility to do code with COOIKIES like:

[code=php]$_COOKIE[‘cookname’]=’Guest’;[/code]

or it will registered user remember in db field as Guest

[code=php] $query = “UPDATE users SET guest =TRUE WHERE user = ‘$username'”; $result= mysql_query ($query) or die (‘Can not complete update’); [/code]

Can you help me with this issue what is right procedure?

as I know COOKIES can be changed and managed by client side… :rolleyes:

to post a comment

PHP

24 Comments(s) _↴

@bokehNov 05.2005 — #If someone is a guest that means they don't need to log in, correct? If that is the case the registered user would have the functionality of a guest just by logging out.

@toplisekauthorNov 06.2005 — #Hi Bokeh,

thanks for fast reply,

yes they are not logged in.

So, if user is not registered it will be Guest automatic and if registered user would like to be as Guest and not logged in it will be as Guest (the functionality of a guest just by logging out).

There are also COOKIES. If server now user by cookname, it will be all the time logged in even user clicks on log out (if registered user closed window)

I thought to set cookname as guest if registered user would like to be Guest or TRUe in db field Guest

@bokehNov 06.2005 — #The trouble is you are not logging them out properly. The following will log them out and there is no need to keep a record about this in MySQL.

[code=php]<?php
 session_start();
 
 if(isset($_POST['log_out'])){
 $_SESSION = array();
 session_destroy();
 setcookie ('PHPSESSID', '', time() - 86400);
 //optional delete "remember me" cookie if one exists
 setcookie ('remember_me', '', time() - 86400);
 }
 
 // From here on if the subject pressed log out 
 // they can only see material at guest level
 
 ?>[/code]

@toplisekauthorNov 06.2005 — #thanks Bokeh, I think this should work but

I need help with code that is on each page for cookies:

[code=php]
 <?
 
 /* Connect to MySQL-Server */
 ...
 
 /* Open $db */
 ...
 
 if($_SESSION['logged'] == TRUE OR $_SESSION['logged'] == FALSE )
 
 { //check to see if we are logged in
 
   // check if cookies are not set or can't be found
   if(isset($_COOKIE['cookname']) /*&& isset($_COOKIE['cookpass'])*/)
   {
   $user = $_COOKIE['cookname'];
   /* $password = $_COOKIE['cookpass'];   */
 
 
   $sql = "SELECT * FROM membership WHERE username = '$user'";
   $sql = mysql_query($sql);
   $result = mysql_fetch_assoc($sql);
 
   if($user == $result['username'] /*&&
   $password == $result['password']*/)
   { $_SESSION['logged'] = TRUE;
   $_SESSION['IDuser'] = $result['index'];
   $_SESSION['username'] = $result['username'];
 
   //print 'logged in!!';
   }    //passwords dont mach
   } // else cookies are not set or can't be found
 } //else not logged in
 ?>
 [/code]

this will redirect user always when there is cookie.

Do you think this is problem? Please help with is. I'm working on it two days... ?

@bokehNov 06.2005 — #I suggest a log-out button on all pages:

[code=php]<form action="logout.php" method="post">
 <input type="hidden" name="referrer" value="<?php echo $_SERVER['PHP_SELF']; ?>">
 <input type="submit" name="log_out" value="Log Out">
 </form>[/code]

and a dedicated log-out page named [B]logout.php[/B]:

[code=php]<?php
 if(isset($_POST['log_out'])){
 session_start();
 $_SESSION = array();
 session_destroy();
 setcookie ('PHPSESSID', '', time() - 86400);
 //optional delete "remember me" cookie if one exists
 setcookie ('remember_me', '', time() - 86400);
 header('Refresh: 5; http://'.$_SERVER['HTTP_HOST'].$_POST['referrer']);
 print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">'."n". 
 '<html>'."n".
 '<head>'."n".
 '<title>Untitled</title>'."n".
 '</head>'."n".
 '<p>You have now been logged out. Please wait while you are '."n".
 'transfered back to the page you were originally viewing.</p>'."n".
 '</body>'."n".
 '</html>'."n";
 }
 ?>[/code]

@toplisekauthorNov 06.2005 — #I have put on page and it shows me error:

Warning: session_destroy(): Trying to destroy uninitialized session in ...logout1.php on line 15

[B]Line 15: session_destroy(); [/B]

Warning: Cannot modify header information - headers already sent by (output started at ...logout1.php:11) in ...logout1.php on line 19

[B]Line 19: header('Refresh: 5; http://'.$_SERVER['HTTP_HOST'].$_POST['referrer']); [/B]

You have now been logged out. Please wait while you are transfered back to the page you were originally viewing.

do you think is cookies.php correct for each page?

@bokehNov 06.2005 — #Why did you change the file name? Post the contents of logout1.php because you have made some modification that is causing this. I don't know why you made these changes though as it was a complete self contained file. Why did you modify it?

@toplisekauthorNov 06.2005 — #On each page there is:

[code=php]
 <form action="logout1.php" method="post">
 <input type="hidden" name="referrer" value="<?php echo $_SERVER['PHP_SELF']; ?>">
 <input type="submit" name="log_out" value="Log Out">
 </form>
 
 [/code]

and logout1.php is:

[code=php]
 
 <?php
 if(isset($_POST['log_out'])){
 
  $_SESSION = array();
  session_destroy();
  setcookie ('PHPSESSID', '', time() - 86400);
  //optional delete "remember me" cookie if one exists
   setcookie ('rememberme', '', time() - 86400);
  header('Refresh: 5; http://'.$_SERVER['HTTP_HOST'].$_POST['referrer']);
  print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">'."n".
   '<html>'."n".
   '<head>'."n".
   '<title>Untitled</title>'."n".
   '</head>'."n".
   '<p>You have now been logged out. Please wait while you are '."n".
   'transfered back to the page you were originally viewing.</p>'."n".
   '</body>'."n".
   '</html>'."n";
 }
 ?>
 [/code]

I have just changed name to logout1 because my previous file was logout.php.

@bokehNov 06.2005 — #You're on a wind-up, right? Session_destroy is on line 5 in that code and in your error message it is on line 15. Can you explain?

@toplisekauthorNov 07.2005 — #I had in page Logout1 HTML code and I put it away.

Sorry Bokeh,

I will show you again code and result.

LOGOUT1.PHP:

[code=php]
 <?php
 if(isset($_POST['log_out'])){
 $_SESSION = array();
 session_destroy();
 setcookie ('PHPSESSID', '', time() - 86400);
 //optional delete "remember me" cookie if one exists
 setcookie ('rememberme', '', time() - 86400);
 header('Refresh: 5; http://'.$_SERVER['HTTP_HOST'].$_POST['referrer']);
 print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">'."n".
 '<html>'."n".
 '<head>'."n".
 '<title>Untitled</title>'."n".
 '</head>'."n".
 '<p>You have now been logged out. Please wait while you are '."n".
 'transfered back to the page you were originally viewing.</p>'."n".
 '</body>'."n".
 '</html>'."n";
 }
 ?>
 [/code]

and Error:

Warning: session_destroy(): Trying to destroy uninitialized session in ...logout1.php on line 4

Warning: Cannot modify header information - headers already sent by (output started at ...logout1.php:4) in ...logout1.php on line 5

Warning: Cannot modify header information - headers already sent by (output started at ...logout1.php:4) in ...logout1.php on line 7

Warning: Cannot modify header information - headers already sent by (output started at ...logout1.php:4) in ...logout1.php on line 8

You have now been logged out. Please wait while you are transfered back to the page you were originally viewing.

this is now correct.

Bokeh, when I have my log out it will remove cookies:

$_SESSION = array();

session_destroy();

$_SESSION['logged'] = FALSE;

$_SESSION['IDuser'] = FALSE;

$_SESSION['username'] = FALSE;

$_COOKIE['cookname']=FALSE;

$_COOKIE['rememberme']=FALSE;

But when I go to Home page where there is code cookies.php, it will recognise user all the time and status as logged in as it is SET in COOKIES.

How to fix this problem? ?

Please help.

@bokehNov 07.2005 — #Here is the code I posted. Notice: Line 3 contains session_start:

[code=php]<?php
 if(isset($_POST['log_out'])){
 session_start(); // Line 3
 $_SESSION = array();
 session_destroy();
 setcookie ('PHPSESSID', '', time() - 86400);
 //optional delete "remember me" cookie if one exists
 setcookie ('remember_me', '', time() - 86400);
 header('Refresh: 5; http://'.$_SERVER['HTTP_HOST'].$_POST['referrer']);
 print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">'."n". 

 '<html>'."n".
 '<head>'."n".
 '<title>Untitled</title>'."n".
 '</head>'."n".
 '<p>You have now been logged out. Please wait while you are '."n".
 'transfered back to the page you were originally viewing.</p>'."n".
 '</body>'."n".
 '</html>'."n";
 }
 ?>[/code]

@toplisekauthorNov 07.2005 — #Super Bokeh, you are great. It works log out. Redirection is without error. Super,

Now I have to fix problem with cookies.php. Can you help me with this file?

@toplisekauthorNov 07.2005 — #It is all the time variable $user with value of cookie.

cookies.php is on each page. But it gives me logged variable all the time as TRUE because user is always as COOKIES value ( $_COOKIE['cookname'])

[B]cookies.php[/B]:

[code=php]
 <?
 
 /* Connect to MySQL-Server */
 ...
 
 /* Open $db */
 ...
 
 if($_SESSION['logged'] == TRUE OR $_SESSION['logged'] == FALSE )
 
 { //check to see if we are logged in
 
   // check if cookies are not set or can't be found
   if(isset($_COOKIE['cookname']) /*&& isset($_COOKIE['cookpass'])*/)
   {
   $user = $_COOKIE['cookname'];
   /* $password = $_COOKIE['cookpass'];   */
 
 
   $sql = "SELECT * FROM membership WHERE usernamemem = '$user'";
   $sql = mysql_query($sql);
   $result = mysql_fetch_assoc($sql);
 
   if($user == $result['usernamemem'] /*&&
   $password == $result['password']*/)
   { $_SESSION['logged'] = TRUE;
   $_SESSION['IDuser'] = $result['index'];
   $_SESSION['username'] = $result['usernamemem'];
   //	$_SESSION['perms'] = $result['perms'];
 
   //	$_SESSION['email'] = $result['email'];
   //	$_SESSION['fullname'] = $result['name'];
   //print 'logged in!!';
   }    //passwords dont mach
   } else {$_COOKIE['cookname']='Guest'; }// else cookies are not set or can't be found
 } //else not logged in
 ?>
 [/code]

To be more accurate, there is [B]LOGIN page[/B] as following:

[code=php]
 <?
 
 
 /* Connect to MySQL-Server */
 ...
 
 /* Open $db */
 ...
 
 $username=strtolower($_POST['usernamelogin']);
 $pswr = $_POST['passwordlogin'];
 $crypt_pswr=md5 ($pswr);
 
 $query ="SELECT * FROM membership WHERE
 usernamemem = '$username'
 AND " ."
 cryptpswr = '$crypt_pswr'";
 
 $result = mysql_query($query) or die("ERROR: " . mysql_error());
 if(mysql_num_rows($result) > 0)  # we found a match, so set $_SESSION flag:
 {
 
  $sql = "SELECT * FROM membership WHERE
   usernamemem = '$username'";
  $sql = mysql_query($sql);
  $result1 = mysql_fetch_assoc($sql);
  $_SESSION['logged'] = TRUE;
  $validation=TRUE;
 //  setcookie("PHPsessionID", $_COOKIE['PHPSESSID'], time()+60*60*24*30, "/",'',0); //100 days to remember information.
 //  $_SESSION['username'] = $result1['usernamemem'];
 //  $_SESSION['IDuser'] = $result1['tekocaSt'];
 /*  setcookie ('usernamelogin',$user,(time()+(60*60*24*30)),'/','',0);
 setcookie ('id_hash','1',(time()+(60*60*24*30)),'/','',0);
 */
 
 
  //checks if we are setting cookies
   if(isset($_POST['rememberMe']))
   {
 
   setcookie("cookname", $_SESSION['username'], time()+60*60*24*30, "/",'',0); //100 days to remember information.
   setcookie("rememberme", 'TRUE', time()+60*60*24*30, "/",'',0); //100 days to remember information.
 
  //    setcookie("cookpass", $_SESSION['password'], time()+60*60*24*30, "/",'',0); //username and password
   }
 
 }
 else
 # invalid login, so create error message
 {
 if ($validation==FALSE && (mysql_num_rows($result)==0))
 {
 $errorinput="This <b>Username or Password</b> is not valid!<br />"; }
 else  {}
 }
 ?>
 [/code]

@bokehNov 07.2005 — #Can I see the file?

@bokehNov 07.2005 — #What do you want to happen?

@toplisekauthorNov 07.2005 — #I would like that person which is logged in and clicks on RememberMe button it will be on his computer remembered. So, cookies will be SET:

[code=php]
 
 setcookie("cookname", $_SESSION['username'], time()+60*60*24*30, "/",'',0); //100 days to remember information.
 setcookie("rememberme", 'TRUE', time()+60*60*24*30, "/",'',0); //100 days to remember information.
 [/code]

But when his is logged out, it will destroy his data and user will be as guest. So, if another user is on the same computer, he can be logged in. :rolleyes:

@bokehNov 07.2005 — #So, my log out page works for the logging out part of that request, ¿is that correct?

[code=php]  setcookie("cookname", $_SESSION['username'], time()+60*60*24*30, "/",'',0); //100 days to remember information.
 setcookie("rememberme", 'TRUE', time()+60*60*24*30, "/",'',0); //100 days to remember information.
 [/code]

[/QUOTE]

You don't need two cookies here or a remember me at all. All you need do is in your login have a checkbox for remember me. If that box is check set a timeout for the cookie if not don't bother and the cookie will expire when the browser closes.

@toplisekauthorNov 07.2005 — #Yes,

as you posted I will have logout. It works.

If I'm correct:

I have put on login just :

[code=php]
 setcookie("rememberme", 'TRUE', time()+60*60*24*30, "/",'',0); //100 days to remember information. 

 [/code]

what to put on cookies.php that he will recognise particular user.

I had code to do this

[code=php]
  if(isset($_COOKIE['cookname']) /*&& isset($_COOKIE['cookpass'])*/)
 {
 [B]$user = $_COOKIE['cookname'];[/B]
 /* $password = $_COOKIE['cookpass'];   */
 
 
   $sql = "SELECT * FROM membership WHERE usernamemem = '$user'";
   $sql = mysql_query($sql);
   $result = mysql_fetch_assoc($sql);
 
   if($user == $result['usernamemem'] /*&&
   $password == $result['password']*/)
   { $_SESSION['logged'] = TRUE;
   $_SESSION['IDuser'] = $result['index'];
   $_SESSION['username'] = $result['usernamemem'];
 [/code]

and he will recognise user. Is this OK?

I have problem what to put for this issue in cookies.php :rolleyes:

@bokehNov 07.2005 — #Try reading my post again.[B]You don't need two cookies[/B] here or a remember me [[I]cookie[/I]] at all. All you need do is in your login have a checkbox for remember me. If that [I][remember me][/I] box is check [B]set a timeout for the cookie if not don't bother [/B]and the cookie will expire when the browser closes.[/QUOTE]

@toplisekauthorNov 07.2005 — #I would like to [B]set timeout [/B]for rememberme.

So, if I understand there should be cookie for rememberme.

If user is logged out it will destroy this cookie and he will be as Guest.

New user can be logged in on the same computer.

To be more accurate what I would like to do is also the following:

If user is logged in I would like to recognise his username. What to do in this case? I can track rememberme Cookie, but how to detect his username?

Need help. :rolleyes:

@bokehNov 07.2005 — #You have two cookie and you only need one!

@toplisekauthorNov 07.2005 — #Dear Bokeh,

please confirm me this if I'm right:

cookie will be just one and if Remember Me is checked:

[code=php]
 setcookie("cookname", $_SESSION['username'], time()+60*60*24*30, "/",'',0); //100 days to remember information.
 
 [/code]

and there is no other cookie

I have double checked cookies.

Cookie is allways there even with your logout code.

I have put also in logout:

[code=php]
 setcookie ('cookname', '', time() - 86400); 

 [/code]

but browser recognised $_COOKIE['cookname']; this all the time the same.

@bokehNov 07.2005 — #What exactly does remember me do? And why do you need this: [B]$_COOKIE['cookname'][/B] if you have a session running?

@toplisekauthorNov 07.2005 — #Uh... Let's start from beginning.

Bokeh, I will be accurate. ?

My aim is:

I have session on each page.

User can on Login page put login information (username and password).

There is also check Box Remember Me.

Visitor can be defined as Guest (registered or non registered)

or Logged in (just registered )

[U]Remember Me[/U] check Box should remember visitor

on his computer when he returns. But, if user decides to be [U]logged out[/U], it will give him status Guest and next time when he will be on web site, status will be the same: Guest.

Note, that he is registered user. So, he can any time decide again to be logged in.

He has choice to check Remember Me Box and work on this computer not to be logged each time. If he decides just to log in, he will close the window and

next time he has to be logged in again.

This is not easy, but I would like to do it in this way. I hope you can help me.

We are all day in contact to solve it. I hope you can suggest how to do. ?

thanks for your time Bokeh.

Also in #PHP _↴

autofill File upload help!Best Templating Method

Success!

Help @toplisek spread the word by sharing this article on Twitter...

Tweet This

Management og user as GUEST

24 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Management og user as GUEST

24 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

24 Comments(s) _↴

Also in #PHP _↴