Hi all,
I've written a login/logout code. It does what it's supposed to do but
the problem is when I logout and press browser's back button (in
Firefox), I get to the last login page. In IE, when I press back
button, I get to the page that says "Page has Expired" but Firefox does
not do this.
I think it's something to do with sessions not properly unset or
something like that but I haven't been able to figure it out. I am
attaching my codes and database structure below. If you need more info,
please email me. I really want this to be fixed asap. I've played with
this long enough. Thanks!
Login class:
-----------------
class Login {
//var $loginflag;
//var $db_connect;
function Login() {
//$this ->db_connect = $db_connect;
if (!isset($_SESSI ON['uid']) || $_SESSION['uid'] == 0) {
$this->set_session_de faults();
echo "inside login class<br />";
}
}
function check_login($us ername, $password) {
global $db;
$link=$db->connectDB();
if ($_SESSION['logged']) {
$this->check_session( );
echo "logged...< br />";
return true;
} else {
$username = mysql_escape_st ring($username) ;
$query = "SELECT * FROM users WHERE username = '$username' AND
AES_DECRYPT(pas sword, 'dreamfilmslogi n438ismbtsx') = '$password'";
$result = mysql_query($qu ery, $link) or die("Could not select");
if (mysql_num_rows ($result)) {
$this->set_session($u sername = mysql_fetch_ass oc($result), true);
return $username['username'];
} else {
$this->failed = true;
session_destroy ();
return false;
}
}
}
function check_session() {
global $db;
$link=$db->connectDB();
$username = mysql_escape_st ring($_SESSION['username']);
$token = mysql_escape_st ring($_SESSION['token']);
$session = mysql_escape_st ring(session_id ());
$ip = mysql_escape_st ring($_SERVER['REMOTE_ADDR']);
$query = "SELECT * FROM users WHERE username='{$use rname}' AND
token='{$token} ' AND session='{$sess ion}' AND ip='{$ip}'";
$result = mysql_query($qu ery, $link) or die("Could not select");
echo "check session:<br />";
print_r($result );
echo "<br />";
if ($result != false) {
} else {
$this->logout();
}
}
function set_session_def aults() {
//session_start() ;
////session_registe r("logged", "uid", "username") ;
$_SESSION['logged'] = false;
$_SESSION['uid'] = 0;
$_SESSION['username'] = '';
}
function set_session($re sult,$init = true) {
global $db;
$link=$db->connectDB();
if ($init) {
//session_start() ;
$session = mysql_escape_st ring(session_id ());
$ip = mysql_escape_st ring($_SERVER['REMOTE_ADDR']);
$result['token'] = $this->token(); // generate a new token
$query = "UPDATE users SET session='{$sess ion}',
token='{$result['token']}', ip='{$ip}' WHERE uid='{$result['uid']}'";
mysql_query($qu ery, $link) or die("Could not select");
$_SESSION['logged'] = true;
$_SESSION['uid'] = $result['uid'];
$_SESSION['username'] = $result['username'];
echo "set session:<br />";
print_r($result );
echo "<br />";
echo "session: ".$session. "<br />";
echo "ip: ".$ip."<br />";
}
}
function token() {
// generate a random token
for($i=1;$i<33; $i++) {
$seed .= chr(rand(0,255) );
}
return md5($seed);
}
function logout() {
global $db;
$link=$db->connectDB();
$query = "UPDATE users SET session='', token='', ip='' WHERE
uid='{$_SESSION['uid']}'";
mysql_query($qu ery, $link) or die("Could not select");
mysql_close($li nk);
unset($_SESSION['username']);
unset($_SESSION['logged']);
unset($_SESSION['uid']);
// kill session variables
$_SESSION = array(); // reset session array
session_destroy ();
/**$this->set_session_de faults();
session_destroy ();*****/
echo "logged out...<br />";
return true;
}
} // end class Login
DBAccess class
-------------------------
class DBAccess {
var $_login;
// Constructor
function DBAccess() {
$this -_login = array();
$this -_login['db_loginid'] = "testuser";
$this -_login['db_password'] = "";
$this -_login['hostname'] = "localhost" ;
$this -_login['db_name'] = "dblogin";
}
function connectDB() {
if (!($link = @mysql_connect( $this->_login['hostname'],
$this->_login['db_loginid'], $this->_login['db_password']))) {
echo "<strong>Co uld not connect: </strong>".mysql_ error()."<br
/><hr size='1' /><br />";
} else if (!@mysql_select _db($this->_login['db_name'],$link)) {
echo "Could not select database";
}
if ($link) {
return $link;
}
} // end connectDB()
} // end class DB_Access
database structure
----------------------------
CREATE TABLE `users` (
`uid` int(11) NOT NULL auto_increment,
`username` varchar(20) NOT NULL default '',
`password` varchar(50) NOT NULL default '',
`token` varchar(100) NOT NULL default '',
`session` varchar(100) NOT NULL default '',
`ip` varchar(20) NOT NULL default '',
PRIMARY KEY (`uid`),
UNIQUE KEY `username` (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT= 2 ;
I've written a login/logout code. It does what it's supposed to do but
the problem is when I logout and press browser's back button (in
Firefox), I get to the last login page. In IE, when I press back
button, I get to the page that says "Page has Expired" but Firefox does
not do this.
I think it's something to do with sessions not properly unset or
something like that but I haven't been able to figure it out. I am
attaching my codes and database structure below. If you need more info,
please email me. I really want this to be fixed asap. I've played with
this long enough. Thanks!
Login class:
-----------------
class Login {
//var $loginflag;
//var $db_connect;
function Login() {
//$this ->db_connect = $db_connect;
if (!isset($_SESSI ON['uid']) || $_SESSION['uid'] == 0) {
$this->set_session_de faults();
echo "inside login class<br />";
}
}
function check_login($us ername, $password) {
global $db;
$link=$db->connectDB();
if ($_SESSION['logged']) {
$this->check_session( );
echo "logged...< br />";
return true;
} else {
$username = mysql_escape_st ring($username) ;
$query = "SELECT * FROM users WHERE username = '$username' AND
AES_DECRYPT(pas sword, 'dreamfilmslogi n438ismbtsx') = '$password'";
$result = mysql_query($qu ery, $link) or die("Could not select");
if (mysql_num_rows ($result)) {
$this->set_session($u sername = mysql_fetch_ass oc($result), true);
return $username['username'];
} else {
$this->failed = true;
session_destroy ();
return false;
}
}
}
function check_session() {
global $db;
$link=$db->connectDB();
$username = mysql_escape_st ring($_SESSION['username']);
$token = mysql_escape_st ring($_SESSION['token']);
$session = mysql_escape_st ring(session_id ());
$ip = mysql_escape_st ring($_SERVER['REMOTE_ADDR']);
$query = "SELECT * FROM users WHERE username='{$use rname}' AND
token='{$token} ' AND session='{$sess ion}' AND ip='{$ip}'";
$result = mysql_query($qu ery, $link) or die("Could not select");
echo "check session:<br />";
print_r($result );
echo "<br />";
if ($result != false) {
} else {
$this->logout();
}
}
function set_session_def aults() {
//session_start() ;
////session_registe r("logged", "uid", "username") ;
$_SESSION['logged'] = false;
$_SESSION['uid'] = 0;
$_SESSION['username'] = '';
}
function set_session($re sult,$init = true) {
global $db;
$link=$db->connectDB();
if ($init) {
//session_start() ;
$session = mysql_escape_st ring(session_id ());
$ip = mysql_escape_st ring($_SERVER['REMOTE_ADDR']);
$result['token'] = $this->token(); // generate a new token
$query = "UPDATE users SET session='{$sess ion}',
token='{$result['token']}', ip='{$ip}' WHERE uid='{$result['uid']}'";
mysql_query($qu ery, $link) or die("Could not select");
$_SESSION['logged'] = true;
$_SESSION['uid'] = $result['uid'];
$_SESSION['username'] = $result['username'];
echo "set session:<br />";
print_r($result );
echo "<br />";
echo "session: ".$session. "<br />";
echo "ip: ".$ip."<br />";
}
}
function token() {
// generate a random token
for($i=1;$i<33; $i++) {
$seed .= chr(rand(0,255) );
}
return md5($seed);
}
function logout() {
global $db;
$link=$db->connectDB();
$query = "UPDATE users SET session='', token='', ip='' WHERE
uid='{$_SESSION['uid']}'";
mysql_query($qu ery, $link) or die("Could not select");
mysql_close($li nk);
unset($_SESSION['username']);
unset($_SESSION['logged']);
unset($_SESSION['uid']);
// kill session variables
$_SESSION = array(); // reset session array
session_destroy ();
/**$this->set_session_de faults();
session_destroy ();*****/
echo "logged out...<br />";
return true;
}
} // end class Login
DBAccess class
-------------------------
class DBAccess {
var $_login;
// Constructor
function DBAccess() {
$this -_login = array();
$this -_login['db_loginid'] = "testuser";
$this -_login['db_password'] = "";
$this -_login['hostname'] = "localhost" ;
$this -_login['db_name'] = "dblogin";
}
function connectDB() {
if (!($link = @mysql_connect( $this->_login['hostname'],
$this->_login['db_loginid'], $this->_login['db_password']))) {
echo "<strong>Co uld not connect: </strong>".mysql_ error()."<br
/><hr size='1' /><br />";
} else if (!@mysql_select _db($this->_login['db_name'],$link)) {
echo "Could not select database";
}
if ($link) {
return $link;
}
} // end connectDB()
} // end class DB_Access
database structure
----------------------------
CREATE TABLE `users` (
`uid` int(11) NOT NULL auto_increment,
`username` varchar(20) NOT NULL default '',
`password` varchar(50) NOT NULL default '',
`token` varchar(100) NOT NULL default '',
`session` varchar(100) NOT NULL default '',
`ip` varchar(20) NOT NULL default '',
PRIMARY KEY (`uid`),
UNIQUE KEY `username` (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT= 2 ;
Comment