PHP session Problem

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • semanticnotion
    New Member
    • Sep 2010
    • 66
    #1

    PHP session Problem

    I have a login problem with my php session. once i sign in and then press sign out it destroy the session but when i clicked back button it goes to sign in page.... plz help

    below is my code.

    Code:
    <?php
ob_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="root"; // Mysql password
$db_name="test"; // Database name
$tbl_name="user"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

//$sql="SELECT * FROM $tbl_name WHERE user_name='$myusername' and password='$mypassword'";
//$result=mysql_query($sql);


$query = "SELECT * FROM `user` WHERE user_name = '$myusername'
         AND password = '$mypassword'";

/* query the database */
$result = mysql_query($query);
mysql_close();
/* Allow access if a matching record was found, else deny access. */
if (mysql_fetch_row($result)) {
  /* access granted */
  session_start();
  header("Cache-control: private");
  $_SESSION["access"] = "authorized";
  //echo"success";
  header("Location:admin.php");
} else
  /* access denied – redirect back to login */
echo '<html>
  <head>
    <title></title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <META HTTP-EQUIV="refresh" CONTENT="5;URL=main_login.php">
  </head>
  <body bgcolor="black">

    <h1 style="color:red" align="center">ACCESS DENIED !!</h1>
    <p style="color:red" align="center">You have provided invalid login information.
    <br />Your IP address has been logged
    <br /></p>
  </body>
</html>
';
  //header("Location: ./admin_login.php");
?>
    This is admin page

    Code:
    <?
session_start();
header("Cache-control: private");
$access = $_SESSION["access"];
if ($access != "authorized"){
    header("Location: main_login.php");
    die;
}
  echo "<font color='#FFFFFF'><strong><a href='logout.php'>LOGOUT</a></strong></font>";
echo"<br/>";
echo"<br/>";
?>

<html>
    <body>
        <b>welcome to the admin page.....!</b><br/><br/><br/>

        <?php
        
        $host="localhost"; // Host name
$username="root"; // Mysql username
$password="root"; // Mysql password
$db_name="test"; // Database name
//$tbl_name="question"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");


$query="select * from subject";
$result=mysql_query($query) or die ("Error in query: $query. ".mysql_error());


       while($nt=mysql_fetch_array($result)){

          $var=$nt[subject_code];
          $sub=$nt[Name];
           //echo $var;
echo "$nt[subject_code]"." <a href='entry.php?code=$var&Name=$sub'> $nt[Name]</a><br/>";// subject code and subject name will be printed with one line break at the end

    
}

        //<a href="add.html"><input type ="button" name="add" value="Add Question"></a>
       // <a href="update.html"><input type ="button" name="Update" value="Update Question"></a>
        //<a href="delete.html"><input type ="button" name="delete" value="Delete Question"></a>
?>
    </body>
</html>
    Tags: None
    • Markus
      Recognized Expert Expert
      • Jun 2007
      • 6092
      #2
      Well, what do you expect it to do? The back button refers to a cached page, in your browser's history.

        Comment

        • semanticnotion
          New Member
          • Sep 2010
          • 66
          #3
          php session

          But if copy the link from address bar then click logout and after that if i paste that link to address it goes to my login page

            Comment

            • Markus
              Recognized Expert Expert
              • Jun 2007
              • 6092
              #4
              Isn't that what you want? That is, when someone has logged out, they shouldn't be able to access areas when they're unauthorized to so? I don't understand the problem here.

                Comment

                • semanticnotion
                  New Member
                  • Sep 2010
                  • 66
                  #5
                  re: PHP session Problem

                  sir the problem is that ones i signed in to my admin page then if i clicked logout it goes to logout page but if clicked back button it goes back to my admin page it should go to main_login page because the session is already destroyed. and on my admin page first i start the session and then if it is'nt authorized it redirect to main_login.

                    Comment

                    • Markus
                      Recognized Expert Expert
                      • Jun 2007
                      • 6092
                      #6
                      This is intended behaviour. As I said before, the 'back' button in a browser takes you to a page that is stored in the browser's cache, that is, it's a copied version of a page you once visited. You may think this is a security issue, but it really isn't.

                      If I were to click the back button after logging out of a website, say, my on-line bank account, I'd get maybe the home-page for my account. However, as soon as I try to do anything on this page, the page will need to refresh/load a new page, and on that page there will be security checks to make sure the session is still alive - of course, if you've logged out, the session will have been destroyed and you can then take the appropriate action.

                      The key here is to make sure that any pages that require a user to be logged in, should *always* make this check.

                      Mark.

                        Comment

                        • ciranjeebxtreme
                          New Member
                          • Sep 2010
                          • 4
                          #7
                          HI semanticnotion,
                          In The Above Example You Are Saving Just One Session SuperGlobal In The WebServer ie
                          $_SERVER['access'] assinged as 'authorized'

                          So In This Case Its Important For You To Make Sure That You Are Deleting Your $_SERVER['access'] Superglobal in the "logout.php " Script..
                          *If Youre Saving any session cookie during the login make sure that you clear out that session cookie from the server in your logout script.
                          *Now Lets Keep Things Simple And Write The Best simple logout script
                          Rewrite Your logout.php Script.
                          <?php
                          session_start() ;
                          if(isset($_SESS ION['access'])) {
                          $SESSION=array( );
                          if(isset($_COOK IE[session_name()])) {
                          //If Session Cookie Exists Then Remove It By Setting it //to any time in the past
                          setcookie(sessi on_name(),'',ti me()-3600);
                          }
                          //Stop The Session With User
                          session_destroy ();
                          }
                          //Now Head Back To Login Page
                          $redirect='http ://'.$_SERVER['HTTP_HOST'].
                          dirname($_SERVE R['PHP_SELF'])./admin_login.php ';
                          header('Locatio n:'.$redirect);
                          exit();

                          ?>


                          I Hope That Helps !!!
                          If You Have Any More Problems Do Ask Me-
                          ciranjeebxtreme @gmail.com

                            Comment

                            • semanticnotion
                              New Member
                              • Sep 2010
                              • 66
                              #8
                              thanks ciranjeebxtreme for your response i have solved it....

                                Comment

                                Previous template Next
                                Working...