R
E
S
O
U
R
C
E
S
       Home      Products & Services      Contact Us      Links


WebHatchers will design & develop your site for you.
_______________________

Website Menu Heaven: menus, buttons, etc.
_______________________

Send us your questions.
_______________________

site search by freefind
_______________________

HOME
SEO, Google, Privacy
   and Anonymity
Browser Insanity
JavaScript
Popups and Tooltips
Free Website Search
HTML Form Creator
Animation
Buttons and Menus
Counters
Captchas
Image Uploading
CSS and HTML
PHP
AJAX
XPATH
Website Poll
IM and Texting
Databases—MySQL
   or Not MySQL
Personal Status Boards
Content Management
   Systems
Article Content
   Management Systems
Website Directory
   CMS Systems
Photo Gallery CMS
Forum CMS
Blog CMS
Customer Records
   Management CMS
Address Book CMS
Private Messaging CMS
Chat Room CMS
JavaScript Charts
   and Graphs




Free Personal Status Boards (PSB™)

Free Standard Free PSB

Free PSB Pro Version

Free Social PSB

Free Social PSB Plus (with Email)

Free Business PSB

Free Business PSB Plus (with Email)

PSB demo

Social PSB demo

Business PSB demo

So what's all this PSB stuff about?

Chart comparing business status boards

PSB hosting diagram

PSB Licence Agreement



Copyright © 2002 -
MCS Investments, Inc. sitemap

PSBs, social networking, social evolution, microcommunities, personal status boards
PSBs, social networking, business personal status boards
website design, ecommerce solutions
website menus, buttons, image rotators
Ez-Architect, home design software
the magic carpet and the cement wall, children's adventure book
the squirrel valley railroad, model railroad videos, model train dvds
the deep rock railroad, model railroad videos, model train dvds

Logout Script

Logout is kind of a luxury. It's mostly there to ensure the safety of your personal information. Many sites that deal with simple memberships and superficial data on non-secure servers don't even bother, and many people don't bother to logout from websites at all. More secure servers or servers hosting more sensitive data tend to have automatic logout features after a certain period of time elapses in which there is inactivity. In general, if you're on a computer no one else has access to, logging out is not important, but if you're in an office or someplace where others may access your machine, especially if the data in question is sensitive, log out!

There are 2 ways of dealing with logging out if you're programming in PHP. The first is the use of sessions. With sessions the server keeps track of session variables which can be retrieved for use on a website's pages using PHP code. Logouts are easy, as the only thing you need to do is to destroy the session. Fortunately, PHP has a built-in function for that:

session_destroy();

When this function is executed, all the session variables that you set up for the user will be destroyed. Here's the simplest logout you'll find:

<?PHP

session_start();
session_destroy();

?>


Note that you have to start the session first before destroying it, even though you've been using sessions throughout your pages! So that the user can log out from anywhere, you can add a logout link on your site's pages:

<A HREF = 'logout.php'>Log out</A>

When the user clicks this link, the log out script will be executed. If he tries to do anything else on the site, he'll be redirected to the login page.

The second method of dealing with user login/logout, which we prefer due to the notorious security holes opened up using sessions, is POSTing the username to each page. This method uses the server and the browser (while sessions use the server only), as all POSTing does. The password is not POSTed except during login when it's POSTed during the page reload which the login page needs to do to send form-entered data to itself. Other than that, only 'username' is POSTed as users (actually, administrators are the users in the references on this page) leave each website page. Once it is POSTed into each page's PHP script and stuck in the $U variable, it is checked to see if it is set or not. If it is, it allows a user to use the web page, and if not, he gets sent to the login script. In the login script, there's no way to get anywhere else on the site until an acceptable user name and password has been entered, so acceptance here is a must. Even though the $U variable is set when unacceptable login entries are made as well as acceptable ones, there is no way off the login page except with good inputs.

Note that entry into pages doesn't require a password, since the user has already proven himself valid. The actual entry into the MySQL database where all the tables are is given through a configure.php file hard-coded with the host's password, user name, and database name, which is added as an include file on most of the site's pages. No user or administrator gets to see any of the code on the site—especially that code! Only the PSB™ host sees it. That's the point of this section of our PSB™ code tutorials, to explain how the code works to PSB™ hosts, not users or administrators.

In the logout script below, we check the $U variable POSTed to this script from a form's hidden field found in all the pages on the site except this logout page. If it is set, we log the user out with a "thank you" message and unset the $U variable just to be safe, then send the user to the css-resources.com home page. In order to do more on the site, the user would have to login again. If $U was aleady unset somehow, we send the user to the login script. Note how we were able to use a PHP variable in the middle of a JavaScript alert box.

<html><head><title>Logout</title></head><body>

<?php

$U=$_POST['username'];

if (isset($U)) { ?>
<script language="javascript">
alert('Thank you for visiting, '+'<?= $U ?>');
window.location = "../index.html"; </script>

<?php
unset($U);} else

{echo '<script language="javascript">alert("Please login.");window.location = "login.php"; </script>';}

?>

</body></html>