I am using session variable to hide a log in form after user logs in. Here are first two lines from the PHP webpage
<?php
session_start();
Now,this is the logout button which appears after a user has logged in but take disappears only after two clicks
<div class="col-lg-4 col-md-4 col-sm-6 col-xs-12" <?php if(!isset($_SESSION['login'])) echo 'style="display:none;"'; else echo 'style="display:block;"';?>/>
<form method="post" action="">
<p>Hey, <?php echo ''.$_SESSION['user'].''; ?></p>
<input style="border: none; padding: 8px 15px; background: #BAFF00; box-shadow: 0px 0px 3px #757875;" type="submit" name="submit" value="Logout">
</form>
<?php
if ($_POST['submit'] == 'Logout'){
session_destroy();
}?>
Here is code snippet from login form
<div class="col-lg-4 col-md-4 col-sm-6 col-xs-12" <?php if(isset($_SESSION['login'])) echo 'style="display:none;"'; else echo 'style="display:block;"';?>/>
<form method="post" action="">
After succesful login I set $_SESSION['login'] = true; $_SESSION['user'] = $memberinfo['USER'];
Why do I have to click two times to keep get the forms work as expected?
EDIT Here is the complete code with HTML and Javascript stripped out
<?php
session_start();
$mysqli = new mysqli($db_hostname,$db_username,$db_password,$db_database);
if (mysqli_connect_errno()) {
printf("Connect failed: %s
", mysqli_connect_error());
exit();
}
if($passkey=$_GET['passkey']){
$result=$mysqli->query("SELECT * FROM unactivated WHERE code ='$passkey'");
if($result){
$count=mysqli_num_rows($result);
if($count==1){
$rows=mysqli_fetch_array($result);
$user=$rows['USER'];
$email=$rows['EMAIL'];
$password=$rows['PASSWORD'];
$password=$mysqli->real_escape_string(hash_hmac('sha256',$password, 'c#haRl891', true));
if($mysqli->query("INSERT INTO member ( USER, EMAIL, PASSWORD) VALUES ('$user', '$email', '$password')"))
{
echo "Your account has been activated";
$mysqli->query("DELETE FROM unactivated WHERE code = '$passkey'");
}}}
else {
echo "Wrong Confirmation code";
}}?>
<div class="col-lg-4 col-md-4 col-sm-6 col-xs-12" <?php
if(isset($_SESSION['login'])) echo 'style="display:none;"'; else echo 'style="display:block;"';?>/>
<form method="post" action="">
<input class="form-control" type="text" name="user" placeholder="Alex Bruno (for Sign Up)" />
<input class="form-control" type="email" name="email" placeholder="your@email.com" required />
<input class="form-control" type="password" name="password" value="" placeholder="Strong Password" required />
<p>Enter valid email to get a login link.</p>
<input style="border: none; padding: 8px 15px; background: #BAFF00; box-shadow: 0px 0px 3px #757875;" type="submit" name="submit" value="Register">
<input style="border: none; padding: 8px 15px; background: #BAFF00; box-shadow: 0px 0px 3px #757875; float:right;" type="submit" name="submit" value="Login">
</form>
<?php
if ($_POST['submit'] == 'Register'){
if (!empty($_REQUEST['user'])&&!empty($_REQUEST['email'])&&!empty($_REQUEST['password'])) {
$user = $_POST['user'];
$email = $_POST['email'];
$password = $_POST['password'];
$user = $mysqli->real_escape_string($user);
$email = $mysqli->real_escape_string($email);
$password = $mysqli->real_escape_string($password);
$query = $mysqli->query("SELECT * from member WHERE EMAIL ='$email'");
$rows = mysqli_num_rows($query);
if ($rows == 0)
{
$code=md5(uniqid(rand()));
$mysqli->query("INSERT INTO unactivated (CODE, USER, EMAIL, PASSWORD) VALUES ('$code', '$user', '$email', '$password')");
$to=$email;
$subject="Please verify your Sign Up";
$header="from: 8mags <contact@8mags.com>";
$message="You or someone else used this email address to sign up for 8mags. If you did not do it ignore the message.
";
$message.="To verify your account please click on the link below
";
$url="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'].'?passkey='.$code.'';
$message.=$url;
$sentmail = mail($to,$subject,$message,$header);
if($sentmail){
echo 'Your Confirmation link Has Been Sent To Your Email Address.';
}}
echo 'Email already registered!';
}}
if ($_POST['submit'] == 'Login'){
$password=$mysqli->real_escape_string(hash_hmac('sha256',$password, 'c#haRl891', true));
$query = $mysqli->query("SELECT * from member WHERE EMAIL = '$email' AND PASSWORD = '$password'");
$rows = mysqli_num_rows($query);
if($rows==1)
{
$memberinfo = mysqli_fetch_array($query);
$_SESSION['login'] = true;
$_SESSION['user'] = $memberinfo['USER'];
}
else{
echo 'Entered Password and Email Combination is wrong!';
}}?>
<div class="col-lg-4 col-md-4 col-sm-6 col-xs-12" <?php if(!isset($_SESSION['login'])) echo 'style="display:none;"'; else echo 'style="display:block;"';?>/>
<form method="post" action="">
<p>Hey, <?php echo ''.$_SESSION['user'].''; ?></p>
<input style="border: none; padding: 8px 15px; background: #BAFF00; box-shadow: 0px 0px 3px #757875;" type="submit" name="submit" value="Logout">
</form>
<?php
if ($_POST['submit'] == 'Logout'){
}?>