Problem with SESSIONS

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
nirma78
Forum Commoner
Posts: 42
Joined: Wed Sep 17, 2003 2:02 pm

Problem with SESSIONS

Post by nirma78 »

Hi there !

I am using PHP and Oracle for a web application.

I have a script logincheck.php where I am checking for valid user and go to the next page. I have a link for logout in it which calls a php script : logout.php. what I want is after clicking on logout the user should not be able to go to any other pages saying "Not logged in..." .


Can anyone help me on this please !!!!

LOGINCHECK.PHP

Code: Select all

<?php
session_start();
include_once("header.inc.php");
include_once("config.php");
include_once("adodb/adodb.inc.php");

 $username = $_POST['username'];
 $password = $_POST['password'];

 // This query checks whether the given user exists in the database.
 // Irrespective of the case : Capital letters or lower case letters.
  $query = "SELECT *
            FROM app_system_user
            WHERE user_name=LOWER('$username')
            AND password=$password";
  $user = $db->Execute($query);

  if($user->EOF)
   {
   ?>
   <p><h3><?php  echo "INVALID Username / Password !!"; ?> </h3></p>
   <p><h3><?php  echo "Please Go Back and enter a valid Username & Password"; ?></h3> </p>
   <p><b><a href = 'login.php'>[Back]</b></a></p>
   <?php
   include_once("footer.inc.php");
   exit;
  }
  else
  {

     $_SESSION['valid'] = "true";
    $query = "SELECT Privilege_ID
              FROM App_System_User
              WHERE User_Name=LOWER('$username')
              AND Password='$password'";
    $privilege = $db->Execute($query);
    $privilege_id = $privilege->fields[0];
    switch($privilege_id)
    {
      case 1 :
                 // for staff users
                 include_once("staff_menu_form.php");
                 exit;
      case 2  :
                 // for admission committee users
                 include_once("admission_menu_form.php");
                 exit;
      case 'default' :
                 echo "Error on Page !!";
                 break;
    }
    //include_once("footer.inc.php");
    ?>
   <input type="hidden" name="username" value="<?php echo $username; ?>">
   <input type="hidden" name="password" value="<?php echo $password; ?>">
<?php
include_once("footer.inc.php");
  }
?>

LOGOUT.PHP

Code: Select all

<?php

session_start();
$_SESSION['valid'] = "false";
//unset($_SESSION['valid']);
include_once("login.php");

?>
what happens is when I try going back to the old page using the browser back button after logout I am still able to go the next pages.
tsg
Forum Contributor
Posts: 142
Joined: Sun Jan 12, 2003 9:22 pm
Location: SE, Alabama
Contact:

Post by tsg »

What I do is at toward the top of the pages (actually I have this is a different session file) I add something like this:

Code: Select all

if(( $_SESSION['member_login'] !== true) ||  ($_SESSION['member_id'] == NULL )) {
    header("Location: /login.php");
}
With the header, you have to have that before any browser output.
Post Reply