Zubrag.com :: Forum

zubrag.com => Password Protect => Topic started by: zubrag on June 15, 2007, 03:39:38 PM



Title: Adding Logout link
Post by: zubrag on June 15, 2007, 03:39:38 PM
Password Protector will automatically logout user when browser is closed (if TIMEOUT_MINUTES is set to 0).
But script also supports a manual logout feature which you may find useful.

In order to implement manual logout feature you'll have to accomplish following steps:

1. Setup logout URL in the script

If you look at the password_protect.php source code you'll see following

// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.example.com/');

2. Add Logout link on your website

Add following HTML code on your site pages wherever you want a logout link to be shown

<a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a>

Upon logout script will redirect user to the URL you specified on step 1.


Title: Re: Adding Logout link
Post by: sabotage on June 18, 2007, 09:43:54 PM
Very useful thanks!!!


Title: Re: Adding Logout link
Post by: dmax on June 21, 2007, 02:59:26 PM
Script works great. Also installed logout script which is exactly what i needed. There is 1 small problem, after logout if I hit the browser back button it takes me right back into the protected page I just logged out of.  Is there a way to fix this.  Cheers, -d


Title: Re: Adding Logout link
Post by: zubrag on June 21, 2007, 03:36:07 PM
Browser cached protected page. Add following code to all protected pages (to avoid caching):

  <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
  <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">

The code needs to be placed somewhere between <head> and </head> tags.

For example page's HTML code was

<html>
<head>
  <title>Custom Title</title>
</head>
...

after change it would be


<html>
<head>
  <title>Custom Title</title>
  <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
  <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
</head>
...


Title: Re: Adding Logout link
Post by: dmax on June 21, 2007, 07:16:45 PM
I tried this and it doesnt seem to work. Before I copied the script into my file, I converted the script into php.
Here's what it looks like inside my protect php page.

echo "  <head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n";
echo "<META HTTP-EQUIV=\"CACHE-CONTROL\" CONTENT=\"NO-CACHE\"><META HTTP-EQUIV=\"PRAGMA\" CONTENT=\"NO-CACHE\">\n";
echo "  \n";
echo "  \n";
echo "\n";
echo "<body>\n";
echo "    <meta name=\"Generator\" content=\"iWeb 1.1.2\" />\n";
echo "    <title>Calendar_1</title>\n";
echo "    <link rel=\"icon\" href=\"favicon.ico\">\n";
echo "<link rel=\"stylesheet\" type=\"text/css\" media=\"screen\" href=\"Calendar_1_files/Calendar_1.css\" /><script type=\"text/javascript\" src=\"Calendar_1_files/Calendar_1.js\"></script>\n";
echo "  </head>\n";


Title: Re: Adding Logout link
Post by: dmax on June 21, 2007, 07:26:33 PM
Would it be easier to adjust the log out script so the redirect page ('LOGOUT_URL', 'http://www.example.com/');  opens in a new browser window?  If yes, how would I do this? Thank You! Cheers, -dmax


Title: Re: Adding Logout link
Post by: zubrag on June 22, 2007, 04:15:29 AM
Currently you have body tag inside header. This is not correct. Move echo "<body>\n"; after the </header>.

In order to open in a new browser window add target="_blank" to the logout url, like this:

<a href="http://www.example.com/path/to/protected/page.php?logout=1" target="_blank">Logout</a>


Title: Re: Adding Logout link
Post by: dmax on June 22, 2007, 10:16:40 AM
Hi, sorry for the trouble. It's still allowing the back button in safari browser to take me back into the secure page. Here's the code, I'm sure there's something wrong.

<head>
      <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n";
      echo "
      <META HTTP-EQUIV=\"CACHE-CONTROL\" CONTENT=\"NO-CACHE\">
      <META HTTP-EQUIV=\"PRAGMA\" CONTENT=\"NO-CACHE\">\n";
      echo "  \n";
      echo "  \n";
      echo "\n";
      echo "
      <meta name=\"Generator\" content=\"iWeb 1.1.2\" />\n";
      echo "
      <title>Calendar_1</title>\n";
      echo "
      <link rel=\"icon\" href=\"favicon.ico\">\n";
      echo "
      <link rel=\"stylesheet\" type=\"text/css\" media=\"screen\" href=\"Calendar_1_files/Calendar_1.css\" />
      <script type=\"text/javascript\" src=\"Calendar_1_files/Calendar_1.js\"></script>\n";
      echo "
   </head>\n";
   echo "
   <body>
      <body style=\"background: transparent url(Images/bckgrnd2.jpg) repeat scroll top left; margin: 0pt; \" onload=\"onPageLoad();\">\n";
         echo "
         <div style=\"text-align: center; \">\n";
            echo "
            <div style=\"margin-bottom: 0px; margin-left: auto; margin-right: auto; margin-top: 0px; overflow: hidden; position: relative;  background: transparent; text-align: left; width: 800px; \" id=\"body_content\">\n";
               echo "
               <div style=\"float: left; margin-left: 0px; position: relative; width: 800px; z-index: 0; \" id=\"nav_layer\">\n";
                  echo "
                  <div style=\"height: 0px; line-height: 0px; \" class=\"tinyText\"> </div>\n";
                  echo "
               </div>\n";
               echo "<a href=\"http://www.midnightlighting.com/Calendar.php?logout=1\">
                  <img src=\"Calendar_1_files/shapeimage_1.png\" alt=\"LOG OUT!\" title=\"\" id=\"id2\" style=\"height: 47px; left: 306px; position: absolute; top: 1px; width: 187px; z-index: 1; \" />\n";
                  echo "
                  <div style=\"height: 50px; line-height: 50px; \" class=\"tinyText\"> </div>\n";
                  echo "


Title: Re: Adding Logout link
Post by: tinem on November 11, 2007, 09:12:51 AM
First I like to thank you for this great script. I just have some problems that when closing the browserwindow it doesn't clear the access and I have put this code in the passwordprotected file as you suggest like this:
   <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
     <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">

It's working if I click the Logout link but is there a way to get it functioning when closing the browserwindow beside what I have done?

Click on the map link from this site http://www.tinemuller.dk/Saving_User-Added_Form_Data/ and login as admin - adminpass and then you can see what I'm talking about.

Do you have a script for password protect a folder?



Title: Re: Adding Logout link
Post by: zubrag on November 12, 2007, 07:37:23 AM
Hi. I tried that url in IE and Firefox. Both logged out when i closed browser. What browser you are using?


Title: Re: Adding Logout link
Post by: tinem on November 12, 2007, 07:47:37 AM
Thanks for your quick reply.

Firefox 2.0.0.9 it's not functioning but Explorer 6 it's OK. I use xp pro if it matters. After you close the browser window try pasting the adress http://www.tinemuller.dk/Saving_User-Added_Form_Data/phpsqlinfo_add.php again and you will se the problem.

What about my other question about password protect a folder?



Title: Re: Adding Logout link
Post by: zubrag on November 12, 2007, 09:27:11 AM
I have 2.0.0.9. Opened that page, logged in, closed browser. Opened page again. Login dialog appeared. Not sure why your Firefox is working differently. I'm on XP pro also. Maybe firefox cached page. Try Ctrl+F5 on that page afte you log in.


Title: Re: Adding Logout link
Post by: tinem on November 12, 2007, 10:26:17 AM
It's still the same. So maybe I should leave out close the browser and only have click logout?

If you don't have a script for password protect a folder please tell me yes og no?


Title: Re: Adding Logout link
Post by: zubrag on November 12, 2007, 11:12:42 AM
Sorry, forgot to answer that one. No specific script for protecting folders, unless you protect each file in the folder using password protector. If you want to protect a folder try using .htaccess protection (should be some 'protect folder' menu in your webhosting account management to do that).


Title: Re: Adding Logout link
Post by: nikwit on November 13, 2007, 09:20:57 AM
Hello and thank you for such a great piece of code to add to my site.

I hope you'll forgive my ignorance, but this is the very first piece of php code I've written (I've developed other code - but that was 3 years ago)!

In the link for the logout you have the user redirected to page.php

<a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a>

I'm not sure what to do with the parameter
logout=1
in order to actually log them out.  Do you have an example of this page as well?

Thanks a bunch!


Title: Re: Adding Logout link
Post by: zubrag on November 14, 2007, 04:23:58 AM
Hi. You do not need to add code. Protected page will logout automatically when "logout=1" parameter passed (as logout functionality is implemented in protection script).


Title: Re: Adding Logout link
Post by: dandrianjafy on November 22, 2007, 07:55:48 PM
Hi, I am trying to add th elogout link as per your instruction at the top of this thread, but cannot find the line you indicated in point 1.  All I can find within password_protect.php is // User will be redirected to this page after logout
define('LOGOUT_URL_ADMIN', isset($_SERVER['HTTP_REFERER']) ? str_replace('?logout=1','',$_SERVER['HTTP_REFERER']) : '');  Is this the right one, and where would I add the redirect URL?

Cheers


Title: Re: Adding Logout link
Post by: zubrag on November 23, 2007, 03:53:04 AM
Hi. You have to place logout url on your page (where you want it to appear). For example, if you protected members.php then you have to add logout url to members.php.

Lets say page contents was
<?php

echo "<p>This is protected page</p>";
echo "<p>Some more text here</p>";
....

?>

then you can add url as follows

<?php
echo '<a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a>';
echo "<p>This is protected page</p>";
echo "<p>Some more text here</p>";
....

?>

So you have to put it anywhere on your page.


Title: Re: Adding Logout link
Post by: dandrianjafy on November 23, 2007, 06:01:26 AM
Thanks for your quick support.  I have added the link as you instructed, but when clicked on it takes me to this - You have reached this web page by typing "example.com", "example.net", or "example.org" into your web browser.

These domain names are reserved for use in documentation and are not available for registration. See RFC 2606, Section 3.

How can I redirect to my logout confirmation page?

cheers


Title: Re: Adding Logout link
Post by: zubrag on November 23, 2007, 06:09:49 AM
I provided this link just for example
<a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a>

Change url to match your protected page url.


Title: Re: Adding Logout link
Post by: dandrianjafy on November 23, 2007, 06:18:00 AM
Sorry, I think I must be a little thick when it comes to this.  I have copied your example link and added the path as per my protected page and it still goes to the same place as I mentioned above.  The protected page you mention...is that the logout confirmation page or the page on which the logout link is on?  I have put the same address as the lougout link is on.

Chhers


Title: Re: Adding Logout link
Post by: zubrag on November 23, 2007, 06:26:55 AM
Protected page stands for any page protected using password protector. You could also link to login.php instead of protected page.
For example you have login.php in http://www.example.com/members/login.php
Logout url could be <a href="http://www.example.com/members/login.php?logout=1">

When user click on that url, password protector will automatically check parameter, and if it is logout=1 then it will redirect to url specified in the settings.php as logout url (from what you posted you seems to be using advanced password protector (http://www.zubrag.com/scripts/password-protect-advanced.php)). Simple password protector (http://www.zubrag.com/scripts/password-protect.php) has logout url defined in the script code (password_protect.php).

Advanced password protector has its own section as it differs from simple one: http://www.zubrag.com/forum/index.php/board,17.0.html (http://www.zubrag.com/forum/index.php/board,17.0.html)


Title: Re: Adding Logout link
Post by: dandrianjafy on November 23, 2007, 06:30:29 AM
Damn you're quick  ;)

Yes I am using Advanced Password Protect.  Does that mean I need to do anything differently?


Title: Re: Adding Logout link
Post by: zubrag on November 23, 2007, 06:34:35 AM
They differ in user management (advanced has user management functionality, signup, etc) and settings (different files contain settings), but login/logout functionality is almost the same. So above info is good for both (except for you cannot link to login.php in simple protector as it does not have such program).
Updated my post above to be more descriptive.


Title: Re: Adding Logout link
Post by: dandrianjafy on November 23, 2007, 06:44:11 AM
Thanks for all of your help.  The support for this script is excellent


Title: Re: Adding Logout link
Post by: anaz on April 25, 2008, 03:39:31 PM
Hi:

I am using your script (its wonderful) however I have a question. If a user logsout more then once in the same session (same browser), the logout does not work (it takes the user to the redirected page) but the user is not actually "logged" out. Next time user clicks on the link it doesnt ask for the password...(again this only occurs if user logsout more then once in the same session/same browser). I am guessing it might have to do with logout=1 in the script...is there a way to reset the logout variable after its=1.

Thanks


Title: Re: Adding Logout link
Post by: testmen on September 20, 2008, 01:50:20 PM
Has anyone got this logout link to work yet??

I have the no cache lines in the document head, ?logout=1 in the logout link, etc, etc. But like many others, my browser back button brings me right back onto the protected page again.



Title: Re: Adding Logout link
Post by: dgow on December 02, 2008, 02:55:14 PM
The password protect script works great. No problem there.  I even added the login to my own login.php page.  Looks great in the web editor, (expression web 2), but never shows up on the website.  When I added the logout link to the password protect page some strange things start to happen.  I am not adding something in right.

I click to enter the password protected page and it takes me to the login page, not the login.php page I created.  I login and I get the password protected page as designed.  But when I click the logout text it takes me back to the page I setup, but without any of the graphics.  Furthermore when I click any of the links from that page, all the pages have NO graphics on them anymore.

What am I not adding in correctly?

Link:   http://www.mbiweb13.com/customer_accounts.php (http://www.mbiweb13.com/customer_accounts.php)

Click on "Sincerely Yours" & use the "zubrag & root" as password.


Title: Re: Adding Logout link
Post by: David on December 08, 2008, 02:36:24 PM
Hey dgow

I can't login using the zubrag and root. Can you check you havent made a spelling error or used capitals somewhere?

Thanks

David


Title: Re: Adding Logout link
Post by: soccercap5 on February 23, 2009, 09:53:56 AM
I am having difficulties with the logout link.  If I delete all my cookies and go to my welcome page, when I hit my ENTER button, I proceed to the Password_Protect page which displays the login and password form as it should.  I can then login and go to my password protected page.  On this page, I have put the logout link and when I click on it, I have it redirect to my welcome page and it sets logout=1 again as it should.  But then, when I hit ENTER again on my welcome page, the login and password form are skipped and i go directly to my password protected page again. 

I would like this to function as follows:  when you hit logout, it brings you back to the welcome page, but now if you have hit logout previously, you will have to re-enter information in the login and password form.  Also, firefox does not clear my cookies upon exiting, and so when I close the browser, I also skip the login/password form when I hit ENTER.  Any help?  Let me know if you need more info.


Title: Re: Adding Logout link
Post by: arjun on October 24, 2009, 11:38:13 PM
I newly started using your password protecter (simple version) and the login works fine but when i click the logout link it redirects the user to the  proper page but if i click back it just goes back to the protected page and skips the login page.
i used the code you gave for clearing the cache but it still doesnt work it only logs out if i close the browser.

you can try the page at http://www.techlibrary.co.cc/funbox.php use this id to login
id= admin
pass=admin1234login

please help


Title: Re: Adding Logout link
Post by: ruks12 on November 05, 2009, 10:08:58 AM
Im trying to use the logout link but it doesn't work - http://www.callnorthwest.org.uk/news/research-papers.php

What path do i have to put for the logout -

I have done the re-direct in the php code - define('LOGOUT_URL', 'http://www.callnorthwest.org.uk');

i change example to my website but still it don't work

 <a href="http://www.callnorthwest.org.uk/path/to/protected/page.php?logout=1">Logout</a>

any ideas

Thanks


Title: Re: Adding Logout link
Post by: designerguy on January 31, 2010, 06:35:22 AM
I saw where someone else asked about this, but never saw an answer.  If there any way to get this to work with Apple Safari? When I logout with Safari, I'm able to log back in even after closing the browser which is a pretty bad security issue for me.  I even tried emptying Safari's cache & history and quiting it again and I was still able to get in without a password.

I followed all the instructions, but Safari gets in.  Works perfect with Firefox though.


Title: Re: Adding Logout link
Post by: designerguy on February 03, 2010, 06:50:38 AM
Oh man, I just tested Firefox in Win XP instead of Mac, and Firefox doesn't log out either.  I'm getting pretty sketched out with this.  Not secure on public computers at all.


Title: Re: Adding Logout link
Post by: zubrag on February 04, 2010, 02:28:35 PM
On public computer, i would suggest clearing cookies before you leave.


Title: Re: Adding Logout link
Post by: Kara on February 10, 2010, 03:47:57 AM
I'm now getting this error on my pages when I click the logout link:

Warning: Cannot modify header information - headers already sent by (output started at /home/cro4912/public_html/password_protect.php:1) in /home/cro4912/public_html/password_protect.php on line 88

Warning: Cannot modify header information - headers already sent by (output started at /home/cro4912/public_html/password_protect.php:1) in /home/cro4912/public_html/password_protect.php on line 89


Title: Re: Adding Logout link
Post by: cws1 on March 22, 2010, 10:33:05 AM
The simple password protect script is nice and easy. Thanks for your contribution. However, the logout does not actually work, so for any serious purpose, this script is not safe to use. From reading this forum I can see it has been a problem for a long time.
Logout failure:
The symptoms of the bug are: upon clicking the logout link, the script appears to go through the logout process and eventually redirects the user to the target page according to the script variable set. But, upon clicking the back button (once in FF and twice in IE) it brings the user back to the protected page requiring no password. (char limit... read next post)




Title: Re: Adding Logout link
Post by: cws1 on March 22, 2010, 10:35:13 AM
and, while on the protected page (after back button) refreshing (F5) or reloading (ctrl+F5) has no effect. The user remains logged in. and, if there are several pages protected, one can regain access to all pages in with the "protection" without login.

and, even after closing the browser with the protected page open, the user can reopen browser and go right back into protected page without a password.


Title: Re: Adding Logout link
Post by: Traymond on June 14, 2010, 09:15:45 PM
See if this solves your problems

Step 1.

make changes that fit your setup.  copy and paste this into the file you are protecting where you want it to show up on the page.  Make sure it is all on one line after you paste it.

<a href="http://www.yourwebsite.com/vault/secure_data.php?logout=1" onclick="javascript:location.replace(this.href); event.returnValue=false; ">Logout</a>



Step 2.

open the password_protected.php file

Look for the header on the next line. it is not far down from the top of the password_protect.php file.

##################################################################
#  SETTINGS START
##################################################################

You only need to make changes to the following sections. There are other sections in there but they require no changes.

1. change the web address to where you want to redirect the user too when they logout.
    Note: It does not matter what web address  you direct them too.   


// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.example.com');       <---------  change to the web address you want to redirect the user to.


2  make sure the TIMEOUT_MINUTES'   is  .01       by default it is usually 0


// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', .01);  ,    <-------------  make sure this is .01



3. make sure TIME_OUT_ACTIVITY is set  to false    by default it is usually true

// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', false);   <------   Make sure this is set this to false



Save your changes and upload your new PASSWORD_PROTECT.PHP  file to your webserver.



Title: Re: Adding Logout link
Post by: tux on June 18, 2010, 07:50:52 PM
Hello,
Thank you such a great script!

I have a quick question, in Google Chrome, when the user goes to the site "www.example.php," the script works perfectly.  However, if the user goes to "example.php" the page opens up without prompting for a password, although the logout link appears and works, i.e. it sends the user to the link specified, but doesn't really log out the user.  Again, the script works perfectly if one prefaces the web address with "www".

This is not an issue with the Safari browser.

Thanks for your help!

Tux


Title: Log Out issue
Post by: pavel89l on July 20, 2010, 04:18:21 PM
I love this script, but I have an error when I log out.

I get the same error about lines 89 and 90....

here's the code that was posted earlier by Kara.

Warning: Cannot modify header information - headers already sent by (output started at /home/cro4912/public_html/password_protect.php:1) in /home/cro4912/public_html/password_protect.php on line 88

Warning: Cannot modify header information - headers already sent by (output started at /home/cro4912/public_html/password_protect.php:1) in /home/cro4912/public_html/password_protect.php on line 89


Title: Re: Adding Logout link
Post by: Kimball342 on August 12, 2010, 12:26:33 AM
Hi. You do not need to add code. Protected page will logout automatically when "logout=1" parameter passed (as logout functionality is implemented in protection script).


Title: Re: Adding Logout link
Post by: Peter_hauritz on October 14, 2010, 11:38:00 PM
I have 2.0.0.9. Opened that page, logged in, closed browser. Opened page again. Login dialog appeared. Not sure why your Firefox is working differently. I'm on XP pro also. Maybe firefox cached page. Try Ctrl+F5 on that page afte you log in.


Title: Re: Adding Logout link
Post by: nasimuddin58 on January 13, 2012, 03:37:05 PM
Thankssss Thankssss Thankssss Thanksssss........ :D :D :D :D


Title: Re: Adding Logout link
Post by: computerteacher on May 25, 2012, 12:59:46 PM
Hi Everyone,

I have been pulling my hair out!!!

Can I login- Yes! Can I logout- NO!!

When I click "logout" it directs me to a "general error" page that indicates that "the page you requested in unavailable." It directs me to this site: http://nspdkeasternregion.org/vault/secure_data.php?logout=1

This is what my code looks like:

(between <head> and </head> tags )
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">

(2 strategic places in the script with my information)
<a href="http://www.mywebsite.info/vault/secure_data.php?logout=1" onclick="javascript:location.replace(this.href); event.returnValue=false; ">Logout</a>

and on the very first line I have the code given to secure the pages.

On my password protect document the logout redirect code is:
('LOGOUT_URL', 'http://nspdkeasternregion.org/');

I have actually tried putting www in front and get same message.


Anyone, everyone
HELPPPPPP PLEEEEAASSSEEE

Any assistance is greatly appreciated!



Title: Re: Adding Logout link
Post by: computerteacher on May 25, 2012, 01:05:25 PM
Hi Everyone,

I have been pulling my hair out!!!

Can I login- Yes! Can I logout- NO!!

When I click "logout" it directs me to a "general error" page that indicates that "the page you requested in unavailable." It directs me to this site: http://nspdkeasternregion.org/vault/secure_data.php?logout=1

This is what my code looks like:

(between <head> and </head> tags )
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">

(2 strategic places in the script with my information)
<a href="http://www.mywebsite.info/vault/secure_data.php?logout=1" onclick="javascript:location.replace(this.href); event.returnValue=false; ">Logout</a>

and on the very first line I have the code given to secure the pages.

On my password protect document the logout redirect code is:
('LOGOUT_URL', 'http://nspdkeasternregion.org/');

I have actually tried putting www in front and get same message.


Anyone, everyone
HELPPPPPP PLEEEEAASSSEEE

Any assistance is greatly appreciated!




Title: Re: Adding Logout link
Post by: Ran on November 09, 2012, 03:20:26 PM
Same problem as a lot of other people have reported, and seems no one has found a remedy.  I've already been wrestling with this issue for a couple hours and my frustration level is about as high as it gets.

I got the logout working fine, and redirecting the page via changing the header, but........

the user is not really logged off!  If the user uses the "back" button, he goes back to the original page AND IS LOGGED IN!  If he was truly being logged out, then pressing the back button would take him to the Log In page.  But instead the back button bypasses the log in and password, and the "secure" page is open to public view.

Solutions anyone?????