Page 1 of 1

Session management

Posted: Thu Sep 27, 2007 8:12 pm
by jruelan
my problem is this...
after successful user login in login.php, i redirected the page to the index.php along with the session and all those stuff. what i can't get is how to redirect the page in index.php even if the user clicked the back button in the web browser and the user has not yet logged out??? in my login.php, there is a script that goes like this

***** PLEASE USE THE

Code: Select all

TAG FOR POSTING CODE *****[/color]

Code: Select all

if(isset($_SESSION["username"]))
    header("Location: index.php");
else
{
 ...show login form
}

Posted: Thu Sep 27, 2007 9:17 pm
by shylor
Here is a login.php file I use when I have the user login. The forum is on the index.php

Code: Select all

<?php
	session_start();
	include('config.inc.php');

	$login_raw = mysql_query("SELECT * FROM `*` WHERE `username` = '".$_POST['username']."' AND `password` = '".md5($_POST['password'])."'", $mysql);
	
	if(mysql_num_rows($login_raw) == 0) {
		$_SESSION['message'] = 'Invaild Login';
		$_SESSION['online'] = 0;
		header("Location: ".$url."/index.php");
	} else {
		$_SESSION['message'] = '';
		$login_data = mysql_fetch_array($login_raw);
		$_SESSION['username'] = ucfirst($login_data['username']);
		$_SESSION['access'] = $login_data['access'];
		$_SESSION['online'] = 1;
		header("Location: ".$url."/index.php");
	}
?>

Posted: Thu Sep 27, 2007 10:21 pm
by s.dot
A few thoughts..

1) Are you calling session_start()?
2) Use full http paths in your header()
3) Call exit() after header, to prevent any more code from being executed

Posted: Fri Sep 28, 2007 12:50 am
by jruelan
yup, i am calling the session start function of php. and registered a variable "username"
like this

Code: Select all

<?php
     session_start();
//     username is from the database;
     $_SESSION["UN"]=$username;
     if($_SESSION["username"]!=null||$_SESSION["username"]=="") 
{
    header("Location: index.php"); 
exit;
}
else 
{ 
 ...show login form 
}
?>

Code: Select all

<form action="<?php echo(PHP_SELF)?>">
input UN
input PW
</form>
after logging in, user is redirected to the index.php it should be that when i click the "back" button of the web browser, the Login.php page still shows up rather than redirecting it to the index.php page because the user did not log out. Is there a way to solve this?

Scottayy | Please use the [ php ] and [ syntax ] tags when posting code.

Posted: Fri Sep 28, 2007 1:26 am
by s.dot
You're setting $_SESSION['UN'] and then checking for $_SESSION['username'].