I have a single php file to handle login/logout on my site. The login works fine, but when I try to log out, I get told that the file could not be found on the server.
This link calls the page for a log out:
<a href="/logansarchive/admin/do.login?action=out">Sign Out</a>
Here’s the code in the file:
<?php
session_start();
if (isset($action) && $action == "out") {
// Log out
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
session_destroy();
header("Location: /logansarchive/admin/login.php?logged_out=1");
}
else {
$username = $_REQUEST["txt_username"];
$password = $_REQUEST["txt_password"];
$action = $_GET["action"];
$host = "127.0.0.1";
$user = "root";
$pass = "12157114";
try {
$dbh = new PDO("mysql:host=$host;dbname=logansarchive", $user, $pass);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e) {
echo $e->getMessage();
}
// Log in
$hashed_pass = hash("sha512", $password);
$sql = "select count(*) as count, adminid, adminname, DATE_FORMAT(lastlogin, '%W, %M %e, %Y @ %h:%i %p' ) AS lastlogin from admin where adminname = :name and adminpass = :pass";
$result = $dbh->prepare($sql);
$result->bindParam(":name", $username);
$result->bindParam(":pass", $hashed_pass);
$stmt = $result->execute();
$row = $result->fetch();
if ($row["count"] == 1) {
session_start();
$_SESSION["adminid"] = $row["adminid"];
$_SESSION["adminname"] = $row["adminname"];
$_SESSION["lastlogin"] = $row["lastlogin"];
$dbh = null;
header("Location: /logansarchive/admin/index.php");
}
else {
$dbh = null;
header("Location: /logansarchive/admin/login.php?login_attempt=1");
}
};
?>
Any explanation of this behavior and (ideally) a way to fix it, would be greatly appreciated.
do.logindoesn’t seem a valid php file namewhy don’t you use
login.phpinstead?