Love_PHP Love_PHP - 6 months ago 20
PHP Question

User Log Out displaying in all the users

Im trying to create a member page but when im logged in as the user
i need a log out button and if im logged in as the (X) user and i try to access (Y) user's profile i still get the logout button. Basically, im trying to get a logout button only when im logged in as my user and if i want to check another profile i want to check it and dont want a logout button to show on another profile page while im logged in.

PROFILE.php

<?php
session_start();
include_once 'php/classes/class.user.php';

//echo 'GET:';
//var_dump($_GET);
//echo '$_SESSION:';
//echo var_dump($_SESSION);

$user = new User();

$uid = $_GET['uid'];

if(isset($_SESSION['uid']) && $_GET['uid'] == $_SESSION['uid']){

if ($user->check_user($uid)) {

echo " " . $user->get_fullname($uid) . " ";
echo "<a href='profile.php?q=logout'>Log Out</a>";

}

}else if(isset($_SESSION['uid']) && $_GET['uid'] != $_SESSION['uid']){

echo " " . $user->get_fullname($uid) . " ";

}else if(!isset($_SESSION['uid']) && $_GET['uid'] != $_SESSION['uid']){
echo " " . $user->get_fullname($uid) . " ";
}else if($user->check_user($count_row1) > $uid){
echo "User Doesn't exist";
}

if (isset($_GET['q'])) {
$user->user_logout();
header("location: index.php");
}
?>


USERS.FUNCTIONS.php

<?php
include "db_config.php";

class User{

public $db;

public function __construct(){
$this->db = new mysqli(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_DATABASE);

if(mysqli_connect_errno()) {
echo "Error: Could not connect to database.";
exit;
}
}

/*** for login process ***/
public function check_login($emailusername, $password){

$password = md5($password);
$sql2="SELECT uid from users WHERE uemail='$emailusername' or uname='$emailusername' and upass='$password'";

//checking if the username is available in the table
$result = mysqli_query($this->db,$sql2);
$user_data = mysqli_fetch_array($result);
$count_row = $result->num_rows;

if ($count_row == 1) {
// this login var will use for the session thing
session_start();
$_SESSION['login'] = true;
$_SESSION['uid'] = $user_data['uid'];
return true;
}
else{
return false;
}
}
/*** for showing the username or fullname ***/

public function get_fullname($uid){
$sql = "SELECT * FROM users WHERE uid = $uid";
$result = mysqli_query($this->db, $sql);
$user_data = mysqli_fetch_array($result);

echo $user_data['fullname'], "<br/>";
echo $user_data['uemail'], "<br/>";
echo $user_data['uid'], "<br/>";
}

public function check_user($uid){

$sql5 = "SELECT uid from users WHERE uid='$uid'";
$result1 = $this->db->query($sql5);
$count_row1 = $result1->num_rows;

return ($count_row1 ==1);


}

/*** starting the session ***/
public function get_session(){
return $_SESSION['login'];
}

public function user_logout() {
$_SESSION['login'] = FALSE;
session_destroy();
}

}

Answer

According to your code

if (isset($_GET['uid'])) {
// Your Code of Check user exist? I don't get it
}
else if (isset($_SESSION['uid'], $_SESSION['login'])) {
// Your Code to print Logout
}
else
echo "Session not set";

This actually doesn't make sense, You are checking uid first. I'm guessing that's user's unique id. If uid is set, it won't even go to else part. And if I ignore that in your else part you are not checking whether current user is the same user who is logged in, you should do something like this:

if(isset($_SESSION['user'],$_GET['uid']))
 {
   if($_GET['uid']==$_SESSION['uid'])
    {
     //Your Code to Print Logout
    }
  else if($user->check_user($uid))
   {
    //User Exist and Not Logged in User
   }
  else if(!$user->check_user($uid))
   {
   //User Doesn't Exist
   }
 }

You must use a GET parameter to check current profile with your logged in user. I advise you to eliminate first if condition and use above condition.

Edit : As you want to print if user exist or not, there can be multiple ways, I just edited to show an example, but it can be different according to multiple circumstances. It is just an idea