Problem with SESSIONS
Posted: Tue Oct 28, 2003 11:12 am
Hi there !
I am using PHP and Oracle for a web application.
I have a script logincheck.php where I am checking for valid user and go to the next page. I have a link for logout in it which calls a php script : logout.php. what I want is after clicking on logout the user should not be able to go to any other pages saying "Not logged in..." .
Can anyone help me on this please !!!!
LOGINCHECK.PHP
LOGOUT.PHP
what happens is when I try going back to the old page using the browser back button after logout I am still able to go the next pages.
I am using PHP and Oracle for a web application.
I have a script logincheck.php where I am checking for valid user and go to the next page. I have a link for logout in it which calls a php script : logout.php. what I want is after clicking on logout the user should not be able to go to any other pages saying "Not logged in..." .
Can anyone help me on this please !!!!
LOGINCHECK.PHP
Code: Select all
<?php
session_start();
include_once("header.inc.php");
include_once("config.php");
include_once("adodb/adodb.inc.php");
$username = $_POST['username'];
$password = $_POST['password'];
// This query checks whether the given user exists in the database.
// Irrespective of the case : Capital letters or lower case letters.
$query = "SELECT *
FROM app_system_user
WHERE user_name=LOWER('$username')
AND password=$password";
$user = $db->Execute($query);
if($user->EOF)
{
?>
<p><h3><?php echo "INVALID Username / Password !!"; ?> </h3></p>
<p><h3><?php echo "Please Go Back and enter a valid Username & Password"; ?></h3> </p>
<p><b><a href = 'login.php'>[Back]</b></a></p>
<?php
include_once("footer.inc.php");
exit;
}
else
{
$_SESSION['valid'] = "true";
$query = "SELECT Privilege_ID
FROM App_System_User
WHERE User_Name=LOWER('$username')
AND Password='$password'";
$privilege = $db->Execute($query);
$privilege_id = $privilege->fields[0];
switch($privilege_id)
{
case 1 :
// for staff users
include_once("staff_menu_form.php");
exit;
case 2 :
// for admission committee users
include_once("admission_menu_form.php");
exit;
case 'default' :
echo "Error on Page !!";
break;
}
//include_once("footer.inc.php");
?>
<input type="hidden" name="username" value="<?php echo $username; ?>">
<input type="hidden" name="password" value="<?php echo $password; ?>">
<?php
include_once("footer.inc.php");
}
?>LOGOUT.PHP
Code: Select all
<?php
session_start();
$_SESSION['valid'] = "false";
//unset($_SESSION['valid']);
include_once("login.php");
?>