Logging In and Logging out using sessions.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Cubone8
Forum Newbie
Posts: 2
Joined: Tue May 21, 2002 9:15 pm

Logging In and Logging out using sessions.

Post by Cubone8 »

Perhaps someone could offer some assistance on this topic for me.
I have created user accounts for a site i am working on. I am able to log in, look around the member area, and log out all without a hitch with the help of session commands. However, once i have logged out, i am able to press the back button to where the session variable were registered, refresh, and the page reloads the same variables, and i can access this members site, despite the fact that they have logged out. All variables have been unregistered and the session has been destroyed when logging out.
Is there any methods, or processes, file structures, special commands that i can use to get around this problem?
jmaker
Forum Newbie
Posts: 16
Joined: Tue May 21, 2002 11:13 pm

Post by jmaker »

hmm...that sounds odd, because I just tried it on one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyed the session, then try to go back, it shouldn't allow you in since your variables aren't registered. hope that helps
?>odd, because I just tried it on one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyed the session, then try to go back, iodd, because I just tried it on one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyed the odd, because I just tried it on one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyed the session, then try to go back, it shouldn't allow you in sodd, because I just tried it on one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyed the session, then try to go back, it shouldn't aodd, because I just tried it on one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyed the session, then try to go back, it shouldn't allow you in since your variables ar one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyeif it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that shouodd, because I just tried it on one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyed the session, then try to go back, it shouldn't allow you in since yodd, because I just tried it on one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyodd, because I just tried it on one of my small pages and it works fine. try this and see if it helps

for each page I want restricted access to, I put this code at the top of each page

Code: Select all

<?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "<a href='login.php'>Go Login</a>";
}
that should work because if you destroyed the session, then try to go back, it shouldn't allow you in since your variables aren't registered. hope that helps
?><?php
if(isset($username) and isset($password))
{
echo "You are logged in";
}
else
{
echo "You are not logged in";
echo "<a href='login.php'>Go Login</a>";
}


that should work because if you destroyed the session, then try to go back, it shouldn't allow you in since your variables aren't registered. hope that helps
?>
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

which
- version of php (module/cgi-exe)
- webserver
- method to register the sessions vars
- % to destroy the session
do you use?
MattF
Forum Contributor
Posts: 225
Joined: Sun May 19, 2002 9:58 am
Location: Sussex, UK

Post by MattF »

jmaker wrote:

Code: Select all

&lt;?php
if(isset($username) and isset($password))
{
  echo "You are logged in";
}
else
{
  echo "You are not logged in";
  echo "&lt;a href='login.php'&gt;Go Login&lt;/a&gt;";
}
?&gt;
Surely someone could just go to page.php?username=blah&password=blah and they would get in?!
User avatar
gotDNS
Forum Contributor
Posts: 217
Joined: Tue May 07, 2002 5:53 pm
Location: West Chester, PA

Examples from my page...

Post by gotDNS »

Example fro my page: http://oversoul.mine.nu/~brian/techy/

This code is for a forum

Code: Select all

<?php
session_start();

mysql_connect("localhost:3306", "techy") && mysql_select_db("forum")
or $failed = "Could not connect to database.";

$result = mysql_query("select * from usrinfo where username="$username"");

$loginform = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br />&nbsp;<b><u>Login</u></b><br />
&nbsp;Username: <input type="text" size="16" maxlength="16" name="username" />
 Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="submit" />
</form>";

$loginform2 = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br />&nbsp;<b>ERROR: Username or password incorrect.</b><br /><br />&nbsp;<b><u>Login</u></b><br />
&nbsp;Username: <input type="text" size="16" maxlength="16" name="username" />
 Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="submit" />
</form>";

echo "<html><head>
<title>Techy Board</title>
<link rel="stylesheet" type="text/css" href="forum.css" />
</head>
<body marginheight="0" marginwith="0" topmargin="0" leftmargin="0">";

$row = mysql_fetch_assoc($result);

if($row&#1111;"password"]==md5($password))
&#123;
        $loggedin=$username;
        session_register("loggedin");
        if($params&#1111;"prevurl"])
                header("Location: $prevurl");
        else
                echo "<img src="forumtop.gif" /><br />&nbsp;<b>You are logged in as $loggedin</b> : <a href="logout.php" class="NLINK">Logout</a><br /><br />";
&#125;
else
&#123;
        echo $loginform2;
&#125;
?>
<br />
<table cellpadding="0" cellspacing="0" width="92%" border="0" align="center">
<tr>
<td colspan="2"><a href="index.php" class="NLINK">Techy Home</a></td>
</tr>
<tr>
<td width="20"></td>
<td>
<?php
if(session_is_registered("loggedin"))
&#123;
	echo "<a href="editup.php" class="NLINK">Edit User Profile</a><br />";
&#125;
?>
<br /><b>NOTE: Remember, keep the language clean. Please no spamming. The cleaner the forum, the less the restrictions. Thanks. -Admin</b>
</td>
</tr>
</table>
<br /><br />
<table cellpadding="0" cellspacing="0" align="center" width="85%" class="TBL">
<tr>
<td bgcolor="#000000" height="12" align="center" colspan="3"><strong class="HEADER">Forums</strong></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="general"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) &#123;
	echo $row&#1111;"count(1)"];
&#125; if($row&#1111;"count(1)"] == "1") &#123; echo " post"; &#125; else &#123; echo " posts"; &#125; ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="genforum.php" class="NLINK">General Conversation</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="computers"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) &#123;
	echo $row&#1111;"count(1)"];
&#125; if($row&#1111;"count(1)"] == "1") &#123; echo " post"; &#125; else &#123; echo " posts"; &#125; ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="compforum.php" class="NLINK">Computers</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="games"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) &#123;
	echo $row&#1111;"count(1)"];
&#125; if($row&#1111;"count(1)"] == "1") &#123; echo " post"; &#125; else &#123; echo " posts"; &#125; ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="gameforum.php" class="NLINK">Computer Games</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="web"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) &#123;
	echo $row&#1111;"count(1)"];
&#125; if($row&#1111;"count(1)"] == "1") &#123; echo " post"; &#125; else &#123; echo " posts"; &#125; ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="webforum.php" class="NLINK">Web Design</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="ut"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) &#123;
	echo $row&#1111;"count(1)"];
&#125; if($row&#1111;"count(1)"] == "1") &#123; echo " post"; &#125; else &#123; echo " posts"; &#125; ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="utforum.php" class="NLINK">Unreal Tournament</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="prog"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) &#123;
	echo $row&#1111;"count(1)"];
&#125; if($row&#1111;"count(1)"] == "1") &#123; echo " post"; &#125; else &#123; echo " posts"; &#125; ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="progforum.php" class="NLINK">Programming</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="music"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) &#123;
	echo $row&#1111;"count(1)"];
&#125; if($row&#1111;"count(1)"] == "1") &#123; echo " post"; &#125; else &#123; echo " posts"; &#125; ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="musicforum.php" class="NLINK">Music</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="weird"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) &#123;
	echo $row&#1111;"count(1)"];
&#125; if($row&#1111;"count(1)"] == "1") &#123; echo " post"; &#125; else &#123; echo " posts"; &#125; ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="weirdforum.php" class="NLINK">Weird Stuff</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="soft"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) &#123;
	echo $row&#1111;"count(1)"];
&#125; if($row&#1111;"count(1)"] == "1") &#123; echo " post"; &#125; else &#123; echo " posts"; &#125; ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="softforum.php" class="NLINK">Computer Software</a></td>
</tr>
</table>
</body>
</html>
^ That is tyhe login page, for the rest...:

Code: Select all

<?php
session_start();

$connect = mysql_connect("localhost:3306", "techy") && mysql_select_db("forum")
or $failed = "Could not connect to database.";

$loginform = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br />&nbsp;<b><u>Login</u></b><br />
&nbsp;Username: <input type="text" size="16" maxlength="16" name="username" />
 Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="Login" />
</form>";

echo "<html><head>
<title>Techy Board</title>
<link rel="stylesheet" type="text/css" href="forum.css" />
</head>
<body marginheight="0" marginwith="0" topmargin="0" leftmargin="0">";

if(session_is_registered("loggedin"))
{
        echo "<img src="forumtop.gif" /><br />&nbsp;<b>You are logged in as $loggedin</b> : <a href="logout.php" class="NLINK">Logout</a><br /><br />";

$theforum = "general";

session_register("theforum");

$lastpage = "genforum.php";

session_register("lastpage");}
else
{
        echo $loginform;
	echo "<br /><br />";
}
?>
<table cellpadding="0" cellspacing="0" width="92%" border="0" align="center">
<tr>
<td colspan="2"><a href="index.php" class="NLINK">Techy Home</a><br /><a href="forum.php" class="NLINK">Forum List</a></td>
</tr>
<tr>
<td width="20"></td>
<?php
if(session_is_registered("loggedin"))
{
        echo "<td><a href="editup.php" class="NLINK">Edit User Profile</a><br /><a href="post.php" class="NLINK">Post a message</a></td>";
}
else
{
	echo "<td><a href="signup.php" class="NLINK">Sign-Up to post</a></td>";
}
?>
</tr>
</table>
<br />
<table cellpadding="0" cellspacing="0" align="center" width="85%" class="TBL">
<tr>
<td bgcolor="#000000" height="12" align="center"><strong class="HEADER">General Forum</strong></td>
</tr>
</table>
<?php $listquery = "SELECT * FROM forum where forumname="general"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo "<table cellpadding="0" cellspacing="0" align="center" width="85%" class="TBL">";
	echo "<tr>";
	echo "<td width="80" height="170" class="NAME" align="center">";
	echo "posted by<br />";
	echo "<b>";
	echo $row&#1111;"name"];
	echo "</b>";
	echo "</td>";
	echo "<td bgcolor="#DDDDDD" width="6" height="170"></td>";
	echo "<td width="*" height="170" bgcolor="#DDDDDD" valign="top">";
        echo $row&#1111;"msg"];
        echo "</td>";
	echo "</tr>";
	echo "</table>";
} ?>
</body>
</html>
And for teh Logout:

Code: Select all

<?php
session_start();

mysql_connect("localhost:3306", "techy") && mysql_select_db("forum")
or $failed = "Could not connect to database.";

$loginform = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br />&nbsp;<b><u>Login</u></b><br />
&nbsp;Username: <input type="text" size="16" maxlength="16" name="username" />
 Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="Login" />
</form>";

$loginform2 = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br />&nbsp;<b class="RED"><i>X</i></b> <b>You have been logged out.</b><br /><br />&nbsp;<b><u>Login</u></b><br />
&nbsp;Username: <input type="text" size="16" maxlength="16" name="username" />
 Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="Login" />
</form>";

$loginform3 = "<form method="post" action="login.php">
<img src="forumtop.gif" /><br />&nbsp;<b>ERROR: You can not logout unless you are logged in.<img src="smile.gif" /></b><br /><br />&nbsp;<b><u>Login</u></b><br />
&nbsp;Username: <input type="text" size="16" maxlength="16" name="username" />
 Password: <input type="password" size="16" maxlength="16" name="password" />
<input type="hidden" name="login" value="true" />
<input type="submit" value="Login" />
</form>";

echo "<html><head>
<title>Techy Board</title>
<link rel="stylesheet" type="text/css" href="forum.css" />
</head>
<body marginheight="0" marginwith="0" topmargin="0" leftmargin="0">";

if(session_is_registered("loggedin"))
{
        session_unregister("loggedin");
        echo $loginform2;
}
else
{
	echo $loginform3;
}
?>

<br />
<table cellpadding="0" cellspacing="0" width="92%" border="0" align="center">
<tr>
<td colspan="2"><a href="index.php" class="NLINK">Techy Home</a></td>
</tr>
<tr>
<td width="20"></td>
<td><br /><b>NOTE: Remember, keep the language clean. Please no spamming. The cleaner the forum, the less the restrictions. Thanks. -Admin</b>
</td>
</tr>
</table>
<br /><br />
<table cellpadding="0" cellspacing="0" align="center" width="85%" class="TBL">
<tr>
<td bgcolor="#000000" height="12" align="center" colspan="3"><strong class="HEADER">Forums</strong></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="general"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo $row&#1111;"count(1)"];
} if($row&#1111;"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="genforum.php" class="NLINK">General Conversation</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="computers"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo $row&#1111;"count(1)"];
} if($row&#1111;"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="compforum.php" class="NLINK">Computers</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="games"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo $row&#1111;"count(1)"];
} if($row&#1111;"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="gameforum.php" class="NLINK">Computer Games</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="web"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo $row&#1111;"count(1)"];
} if($row&#1111;"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="webforum.php" class="NLINK">Web Design</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="ut"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo $row&#1111;"count(1)"];
} if($row&#1111;"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="utforum.php" class="NLINK">Unreal Tournament</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="prog"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo $row&#1111;"count(1)"];
} if($row&#1111;"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="progforum.php" class="NLINK">Programming</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="music"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo $row&#1111;"count(1)"];
} if($row&#1111;"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="musicforum.php" class="NLINK">Music</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="weird"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo $row&#1111;"count(1)"];
} if($row&#1111;"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="weirdforum.php" class="NLINK">Weird Stuff</a></td>
</tr>
<tr>
<td width="65" height="30" class="NAME2" align="center">
<?php $listquery = "select count(1) from forum where forumname="soft"";
$listresult = mysql_query($listquery);
while ($row = mysql_fetch_assoc($listresult)) {
	echo $row&#1111;"count(1)"];
} if($row&#1111;"count(1)"] == "1") { echo " post"; } else { echo " posts"; } ?></td>
<td width="8" height="30" bgcolor="#DDDDDD" class="FORLIST">&nbsp;</td>
<td width="*" height="30" bgcolor="#DDDDDD" class="FORLIST"><a href="softforum.php" class="NLINK">Computer Software</a></td>
</tr>
</table>
</body>
</html>
Cubone8
Forum Newbie
Posts: 2
Joined: Tue May 21, 2002 9:15 pm

perhaps this can clarify what im asking...

Post by Cubone8 »

gotDNS,
i checked out your site, and it is a good example of what im talking about...
I registered and attempted my problem and i encounter the same problem.
I log on at forum.php.
I am then logged on at login.php
I click "logout" and am logged out at logout.php

So i am logged out, right?

So when i click the back button on the browser, click refresh, i return to login.php and i am logged in again.
This is what i dont want to happen.

Depending on file structure, there are preventive measures taken which can prevent this from happening in most "member" pages, not a problem.

Assuming i log on, play around a bit on the member pages, then log off, i can keep pressing "back" on the browser until i am at the page containing the login forms, then press forward on the browser and refresh, i return to the logged in state.

I need to know if there is a way around this...
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

what you're looking for is a kind of transaction number but I don't know an elegant way to do this in php. But I may offer you a suggestion.
Store a unique TAN (or almost unique) in $_SESSION and accept only login-attemps having this TAN (as <input type='hidden' name='TAN' value='{$_SESSION["TAN"]}'/>" ). As soon as the login is accepted remove the TAN from the Session-Object. If the session-TAN is unequal to the posted one (or isn't set) reject the login and send the empty login-form (where a new session-TAN is created)
To create a unique value use uniqid
Hopefully this will do the trick as the user may use the 'back' and 'refresh' buttons on the login-form as they like - no effect ;)
Post Reply