2. PHPRunner General questions
  3. [SOLVED]  Security::logout() - not working as intended
This topic is locked
[SOLVED]

 Security::logout() - not working as intended

 		10/2/2020 10:52:53 AM
PHPRunner General questions
A
 acpan author

Hi,
I was trying to programmatically log out a user, in the "after successful login" event, if user table's field, account_enabled = 0, redirects user to login screen with a message "Account Disable" on the login screen.
With the Security API logout(), it supposes to do so.
In the manual, Security API logout function:



Logs the current user out without redirecting them.
Eg:
Security::logout();

//********** Redirect to another page ************

header("Location: login.php");

exit();


My Code in After successful login event:



if ( $data["account_enabled"] == 0 )

{

Security::logout();

header("Location: login.php?message=Account disabled!");

exit();

}


My redirect code was not executed, instead the "after successful logout event" was executed, which redirected to login.php and user was puzzled without knowing his account was disabled.
Is Security API logout function supposed to work as what I intended?
Thanks

ACP
Sergey Kornilov admin 10/2/2020

It is hard to tell what and why it is not working there but I think the best place to place the logic like this in BeforeLogin event.
There is no need to let user login just to log them out immediately.
D
 		david22585 10/2/2020

Try this:



$_SESSION["msg"] = "";

if ( $data["account_enabled"] == '0' )

{

Security::logout();

header("Location: login.php");

$message = "Account disabled!";

exit();

}
A
 		acpan author 10/3/2020



It is hard to tell what and why it is not working there but I think the best place to place the logic like this in BeforeLogin event.
There is no need to let user login just to log them out immediately.


Thanks. You are right. I was thinking of saving a SQL Query by allowing user logged in first and logged him out if account is disabled.
Did what you advised and it works.
Before Login event:



// SQL to check if account exists and get the account_disabled value

$data = array();

$data["login"] = $username;

$rs = DB::Select("account", $data );

while( $record = $rs->fetchAssoc() )

{

if (password_verify($password, $record["password"]) )

{

if ($record["account_disabled"] == 1)

{

// this will show the error message on login screen

$message = "Account Disabled!";

return false;

}



}

}
return true;
A
 		acpan author 10/3/2020



Try this:



$_SESSION["msg"] = "";

if ( $data["account_enabled"] == '0' )

{

Security::logout();

header("Location: login.php");

$message = "Account disabled!";

exit();

}



Thanks for your time.
I also tried this but it did not work. The working one, and proper place is before login event and do an SQL Query, shown above.