Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP PHP User Authentication Adding Authentication to Your Application Reset Password

Jonathan Grieve
MOD
Jonathan Grieve
Treehouse Moderator 91,253 Points

Logout link and user profile not functioning

Hi all,

So I went ahead to the end of the third section of the course despite the fact the logout link wasn't working.

The current behaviour is as follows

  • Logout Link sends me to the login form to log in again, but if I then click on other links in top navigation, the website acts as if I am still logged in and still displays the logout link.

  • I updated the display_success function from the teachers notes as I still wasn't fully sure how to add the rest of the flash messages (error or success) but....

  • I get a red error with a general message something went wrong, not specifically about an incorrect current password.

Hope this makes it clear. :)

Here's a link to my latest repo https://github.com/jg-digital-media/php_auth (I'm sorry some redirects will not work due to my file setup on localhost) :) Thanks!

3 Answers

Benjamin Larson
Benjamin Larson
34,055 Points

1 - I can't seem to replicate the behavior you are describing when logging out. I thought it happened once where it was still behaving like I was logged in, but I can't get it to happen again. I did, however notice a mistake in your doLogin.php:

<?php
  'sub' => "{$user['id']}",

You were missing the ($) in front of user, so the actual user_id wasn't being saved in the cookie. Though I doubt that particular issue was a problem with the logout, it would be with other functions.

2 - For the FlashBag messages, you need to add these two lines to any page that might display them:

        <?php echo display_errors(); ?>
        <?php echo display_success(); ?>

Basically, any page that you redirect to after a potential success/error should have those lines. The template works best when you put them under an <h2> element for the given page. You should probably include them in all the "views" (index, account, add, edit, login, register).

3 - Here's the entirety of my doLogin.php to see example usages for for FlashBag messages

<?php

require __DIR__ . '/../inc/bootstrap.php';

$user = findUserByEmail(request()->get('email'));
if (empty($user)) {
    $session->getFlashBag()->add('error', 'Username was not found');
    redirect('/login.php');
}

if (!password_verify(request()->get('password'), $user['password'])) {
    $session->getFlashBag()->add('error', 'Incorrect password');
    redirect('/login.php');
}

$expTime = time() + 3600;

$jwt = \Firebase\JWT\JWT::encode([
    'iss' => request()->getBaseUrl(),
    'sub' => "{$user['id']}",
    'exp' => $expTime,
    'iat' => time(),
    'nbf' => time(),
    'is_admin' => $user['role_id'] == 1
    ], getenv("SECRET_KEY"),'HS256');

try {

$accessToken = new Symfony\Component\HttpFoundation\Cookie('access_token', $jwt, $expTime, '/', getenv('COOKIE_DOMAIN'));
} catch (\Exception $e) {
    throw $e;
}
$session->getFlashBag()->add('success', 'Logged In.');
redirect('/', ['cookies' => [$accessToken]]);
Jonathan Grieve
Jonathan Grieve
Treehouse Moderator 91,253 Points

Well this is hard work.

What fixing 1. did do was make sure I was displaying the correct flash error messages for logging in. But I've tried everything I can think off for logging out including reducing the cookie expiration time (temporary solution I know) but nothing seems to work.

I'll keep at it though... see if I can find the answer and update :)

Jonathan Grieve
Jonathan Grieve
Treehouse Moderator 91,253 Points

I noticed something interesting just now.

At one point, I clicked log out and it actually worked. I saw the login and register links again but when I then clicked to log in, I was locked in again. I think the cookie may have just expired at that point.

Anyway.... Logging out, actually removes the cookies from the JWT Analyser but the links still behave as if I'm logged in. There's nothing wrong with my authorisation or authentication functions. When logged out (Expiration of the cookie will eventually affect this) these work perfectly and block access to all the relevant pages.

When logged in, I can see 1 cookie noted but no longer have access to the JWT details. When I click the logout button, the cookie disappears completely but if that's the case, there's no record of any login and the logged out state should be appearing in the navigation.

My repo is up to date with my latest work.

Brian Ball
Brian Ball
23,661 Points

Make sure the paths for writing cookies are the same in all the places. If you're just using '/' it should be easy, but that little bug caused me a little "research".

Jonathan Grieve
Jonathan Grieve
Treehouse Moderator 91,253 Points

Hi Brian, this is gettng on for a year ago now, but all my cookies and file paths always included a folder as I have so many projects on my local server! :-)

Brian Ball
Brian Ball
23,661 Points

If that's the case, like it was in mine -- I used /books as the folder for development of this mini-project off the root. So, when I was writing cookies, in one place I was writing to /books -- then, when trying to over-write the cookies, I was writing to /books/ -- those aren't the same.

I couldn't decide if I should be proud of myself for sticking with it until I figured it out -- or mad at myself for making that mistake in the first place. I guess being persistent and getting the desired result is the main thing.