Page 1 of 1

Logging In and Logging out using sessions.

Posted: Tue May 21, 2002 9:15 pm
by Cubone8
Perhaps someone could offer some assistance on this topic for me.
I have created user accounts for a site i am working on. I am able to log in, look around the member area, and log out all without a hitch with the help of session commands. However, once i have logged out, i am able to press the back button to where the session variable were registered, refresh, and the page reloads the same variables, and i can access this members site, despite the fact that they have logged out. All variables have been unregistered and the session has been destroyed when logging out.
Is there any methods, or processes, file structures, special commands that i can use to get around this problem?

Posted: Tue May 21, 2002 11:13 pm
by jmaker
hmm...that sounds odd, because I just tried it on one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyed the session, then try to go back, it shouldn't allow you in since your variables aren't registered. hope that helps
?>odd, because I just tried it on one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyed the session, then try to go back, iodd, because I just tried it on one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyed the odd, because I just tried it on one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyed the session, then try to go back, it shouldn't allow you in sodd, because I just tried it on one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyed the session, then try to go back, it shouldn't aodd, because I just tried it on one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyed the session, then try to go back, it shouldn't allow you in since your variables ar one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyeif it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that shouodd, because I just tried it on one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyed the session, then try to go back, it shouldn't allow you in since yodd, because I just tried it on one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyodd, because I just tried it on one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyed the session, then try to go back, it shouldn't allow you in since your variables aren't registered. hope that helps
?><?php
if(isset($username) and isset($password))
{
echo "You are logged in";
}
else
{
echo "You are not logged in";
echo "<a href='login.php'>Go Login</a>";
}


that should work because if you destroyed the session, then try to go back, it shouldn't allow you in since your variables aren't registered. hope that helps
?>

Posted: Wed May 22, 2002 6:24 am
by volka
which
- version of php (module/cgi-exe)
- webserver
- method to register the sessions vars
- % to destroy the session
do you use?

Posted: Wed May 22, 2002 1:16 pm
by MattF
jmaker wrote:

Code: Select all

&lt;?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "&lt;a href='login.php'&gt;Go Login&lt;/a&gt;";
}
?&gt;
Surely someone could just go to page.php?username=blah&password=blah and they would get in?!

Examples from my page...

Posted: Wed May 22, 2002 2:17 pm
by gotDNS
Example fro my page: http://oversoul.mine.nu/~brian/techy/

This code is for a forum

Code: Select all

<?php
session_start();

mysql_connect("localhost:3306", "techy") && mysql_select_db("forum")
or $failed = "Could not connect to database.";

$result = mysql_query("select * from usrinfo where username="$username"");

$loginform = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br />&nbsp;<b><u>Login</u></b><br />
&nbsp;Username: <input type="text" size="16" maxlength="16" name="username" />
 Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="submit" />
</form>";

$loginform2 = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br />&nbsp;<b>ERROR: Username or password incorrect.</b><br /><br />&nbsp;<b><u>Login</u></b><br />
&nbsp;Username: <input type="text" size="16" maxlength="16" name="username" />
 Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="submit" />
</form>";

echo "<html><head>
<title>Techy Board</title>
<link rel="stylesheet" type="text/css" href="forum.css" />
</head>
<body marginheight="0" marginwith="0" topmargin="0" leftmargin="0">";

$row = mysql_fetch_assoc($result);

if($row&#1111;"password"]==md5($password))
&#123;
        $loggedin=$username;
        session_register("loggedin");
        if($params&#1111;"prevurl"])
                header("Location: $prevurl");
        else
                echo "<img src="forumtop.gif" /><br />&nbsp;<b>You are logged in as $loggedin</b> : <a href="logout.php" class="NLINK">Logout</a><br /><br />";
&#125;
else
&#123;
        echo $loginform2;
&#125;
?>
<br />
<table cellpadding="0" cellspacing="0" width="92%" border="0" align="center">
<tr>
<td colspan="2"><a href="index.php" class="NLINK">Techy Home</a></td>
</tr>
<tr>
<td width="20"></td>
<td>
<?php
if(session_is_registered("loggedin"))
&#123;
	echo "<a href="editup.php" class="NLINK">Edit User Profile</a><br />";
&#125;
?>
<br /><b>NOTE: Remember, keep the language clean. Please no spamming. The cleaner the forum, the less the restrictions. Thanks. -Admin</b>
</td>
</tr>
</table>
<br /><br />
<table cellpadding="0" cellspacing="0" align="center" width="85%" class="TBL">
<tr>
<td bgcolor="#000000" height="12" align="center" colspan="3"><strong class="HEADER">Forums</strong></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="general"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) &#123;
	echo $row&#1111;"count(1)"];
&#125; if($row&#1111;"count(1)"] == "1") &#123; echo " post"; &#125; else &#123; echo " posts"; &#125; ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="genforum.php" class="NLINK">General Conversation</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="computers"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) &#123;
	echo $row&#1111;"count(1)"];
&#125; if($row&#1111;"count(1)"] == "1") &#123; echo " post"; &#125; else &#123; echo " posts"; &#125; ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="compforum.php" class="NLINK">Computers</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="games"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) &#123;
	echo $row&#1111;"count(1)"];
&#125; if($row&#1111;"count(1)"] == "1") &#123; echo " post"; &#125; else &#123; echo " posts"; &#125; ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="gameforum.php" class="NLINK">Computer Games</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="web"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) &#123;
	echo $row&#1111;"count(1)"];
&#125; if($row&#1111;"count(1)"] == "1") &#123; echo " post"; &#125; else &#123; echo " posts"; &#125; ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="webforum.php" class="NLINK">Web Design</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="ut"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) &#123;
	echo $row&#1111;"count(1)"];
&#125; if($row&#1111;"count(1)"] == "1") &#123; echo " post"; &#125; else &#123; echo " posts"; &#125; ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="utforum.php" class="NLINK">Unreal Tournament</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="prog"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) &#123;
	echo $row&#1111;"count(1)"];
&#125; if($row&#1111;"count(1)"] == "1") &#123; echo " post"; &#125; else &#123; echo " posts"; &#125; ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="progforum.php" class="NLINK">Programming</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="music"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) &#123;
	echo $row&#1111;"count(1)"];
&#125; if($row&#1111;"count(1)"] == "1") &#123; echo " post"; &#125; else &#123; echo " posts"; &#125; ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="musicforum.php" class="NLINK">Music</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="weird"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) &#123;
	echo $row&#1111;"count(1)"];
&#125; if($row&#1111;"count(1)"] == "1") &#123; echo " post"; &#125; else &#123; echo " posts"; &#125; ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="weirdforum.php" class="NLINK">Weird Stuff</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="soft"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) &#123;
	echo $row&#1111;"count(1)"];
&#125; if($row&#1111;"count(1)"] == "1") &#123; echo " post"; &#125; else &#123; echo " posts"; &#125; ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="softforum.php" class="NLINK">Computer Software</a></td>
</tr>
</table>
</body>
</html>
^ That is tyhe login page, for the rest...:

Code: Select all

<?php
session_start();

$connect = mysql_connect("localhost:3306", "techy") && mysql_select_db("forum")
or $failed = "Could not connect to database.";

$loginform = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br />&nbsp;<b><u>Login</u></b><br />
&nbsp;Username: <input type="text" size="16" maxlength="16" name="username" />
 Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="Login" />
</form>";

echo "<html><head>
<title>Techy Board</title>
<link rel="stylesheet" type="text/css" href="forum.css" />
</head>
<body marginheight="0" marginwith="0" topmargin="0" leftmargin="0">";

if(session_is_registered("loggedin"))
{
        echo "<img src="forumtop.gif" /><br />&nbsp;<b>You are logged in as $loggedin</b> : <a href="logout.php" class="NLINK">Logout</a><br /><br />";

$theforum = "general";

session_register("theforum");

$lastpage = "genforum.php";

session_register("lastpage");}
else
{
        echo $loginform;
	echo "<br /><br />";
}
?>
<table cellpadding="0" cellspacing="0" width="92%" border="0" align="center">
<tr>
<td colspan="2"><a href="index.php" class="NLINK">Techy Home</a><br /><a href="forum.php" class="NLINK">Forum List</a></td>
</tr>
<tr>
<td width="20"></td>
<?php
if(session_is_registered("loggedin"))
{
        echo "<td><a href="editup.php" class="NLINK">Edit User Profile</a><br /><a href="post.php" class="NLINK">Post a message</a></td>";
}
else
{
	echo "<td><a href="signup.php" class="NLINK">Sign-Up to post</a></td>";
}
?>
</tr>
</table>
<br />
<table cellpadding="0" cellspacing="0" align="center" width="85%" class="TBL">
<tr>
<td bgcolor="#000000" height="12" align="center"><strong class="HEADER">General Forum</strong></td>
</tr>
</table>
<?php $listquery = "SELECT * FROM forum where forumname="general"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo "<table cellpadding="0" cellspacing="0" align="center" width="85%" class="TBL">";
	echo "<tr>";
	echo "<td width="80" height="170" class="NAME" align="center">";
	echo "posted by<br />";
	echo "<b>";
	echo $row&#1111;"name"];
	echo "</b>";
	echo "</td>";
	echo "<td bgcolor="#DDDDDD" width="6" height="170"></td>";
	echo "<td width="*" height="170" bgcolor="#DDDDDD" valign="top">";
        echo $row&#1111;"msg"];
        echo "</td>";
	echo "</tr>";
	echo "</table>";
} ?>
</body>
</html>
And for teh Logout:

Code: Select all

<?php
session_start();

mysql_connect("localhost:3306", "techy") && mysql_select_db("forum")
or $failed = "Could not connect to database.";

$loginform = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br />&nbsp;<b><u>Login</u></b><br />
&nbsp;Username: <input type="text" size="16" maxlength="16" name="username" />
 Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="Login" />
</form>";

$loginform2 = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br />&nbsp;<b class="RED"><i>X</i></b> <b>You have been logged out.</b><br /><br />&nbsp;<b><u>Login</u></b><br />
&nbsp;Username: <input type="text" size="16" maxlength="16" name="username" />
 Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="Login" />
</form>";

$loginform3 = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br />&nbsp;<b>ERROR: You can not logout unless you are logged in.<img src="smile.gif" /></b><br /><br />&nbsp;<b><u>Login</u></b><br />
&nbsp;Username: <input type="text" size="16" maxlength="16" name="username" />
 Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="Login" />
</form>";

echo "<html><head>
<title>Techy Board</title>
<link rel="stylesheet" type="text/css" href="forum.css" />
</head>
<body marginheight="0" marginwith="0" topmargin="0" leftmargin="0">";

if(session_is_registered("loggedin"))
{
        session_unregister("loggedin");
        echo $loginform2;
}
else
{
	echo $loginform3;
}
?>

<br />
<table cellpadding="0" cellspacing="0" width="92%" border="0" align="center">
<tr>
<td colspan="2"><a href="index.php" class="NLINK">Techy Home</a></td>
</tr>
<tr>
<td width="20"></td>
<td><br /><b>NOTE: Remember, keep the language clean. Please no spamming. The cleaner the forum, the less the restrictions. Thanks. -Admin</b>
</td>
</tr>
</table>
<br /><br />
<table cellpadding="0" cellspacing="0" align="center" width="85%" class="TBL">
<tr>
<td bgcolor="#000000" height="12" align="center" colspan="3"><strong class="HEADER">Forums</strong></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="general"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo $row&#1111;"count(1)"];
} if($row&#1111;"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="genforum.php" class="NLINK">General Conversation</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="computers"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo $row&#1111;"count(1)"];
} if($row&#1111;"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="compforum.php" class="NLINK">Computers</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="games"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo $row&#1111;"count(1)"];
} if($row&#1111;"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="gameforum.php" class="NLINK">Computer Games</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="web"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo $row&#1111;"count(1)"];
} if($row&#1111;"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="webforum.php" class="NLINK">Web Design</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="ut"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo $row&#1111;"count(1)"];
} if($row&#1111;"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="utforum.php" class="NLINK">Unreal Tournament</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="prog"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo $row&#1111;"count(1)"];
} if($row&#1111;"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="progforum.php" class="NLINK">Programming</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="music"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo $row&#1111;"count(1)"];
} if($row&#1111;"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="musicforum.php" class="NLINK">Music</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="weird"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo $row&#1111;"count(1)"];
} if($row&#1111;"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="weirdforum.php" class="NLINK">Weird Stuff</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="soft"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo $row&#1111;"count(1)"];
} if($row&#1111;"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="softforum.php" class="NLINK">Computer Software</a></td>
</tr>
</table>
</body>
</html>

perhaps this can clarify what im asking...

Posted: Wed May 22, 2002 10:25 pm
by Cubone8
gotDNS,
i checked out your site, and it is a good example of what im talking about...
I registered and attempted my problem and i encounter the same problem.
I log on at forum.php.
I am then logged on at login.php
I click "logout" and am logged out at logout.php

So i am logged out, right?

So when i click the back button on the browser, click refresh, i return to login.php and i am logged in again.
This is what i dont want to happen.

Depending on file structure, there are preventive measures taken which can prevent this from happening in most "member" pages, not a problem.

Assuming i log on, play around a bit on the member pages, then log off, i can keep pressing "back" on the browser until i am at the page containing the login forms, then press forward on the browser and refresh, i return to the logged in state.

I need to know if there is a way around this...

Posted: Wed May 22, 2002 10:58 pm
by volka
what you're looking for is a kind of transaction number but I don't know an elegant way to do this in php. But I may offer you a suggestion.
Store a unique TAN (or almost unique) in $_SESSION and accept only login-attemps having this TAN (as <input type='hidden' name='TAN' value='{$_SESSION["TAN"]}'/>" ). As soon as the login is accepted remove the TAN from the Session-Object. If the session-TAN is unequal to the posted one (or isn't set) reject the login and send the empty login-form (where a new session-TAN is created)
To create a unique value use uniqid
Hopefully this will do the trick as the user may use the 'back' and 'refresh' buttons on the login-form as they like - no effect ;)