Jump to content

Having trouble with sessions

Imothep

By Imothep
in PHP Coding Help

 Share

Recommended Posts

Imothep Newbie

Imothep

Posted
Posted
Hello folks im a PHP noob and im having trouble with sessions.

[code]<?php session_start();

$host="xxxxxx";
$username="xxxxxx";
$password="xxxxx";

$database="XXXXX";

$larfuser=$_POST['email'];
$larfpass=$_POST['password'];



mysql_connect($host, $username, $password) or die("Could not connect to the server");
mysql_select_db($database) or die("Could not connect to the database");

$sql=mysql_query("SELECT * FROM larf_users WHERE email='$larfuser' AND password='$larfpass'");

if (mysql_num_rows($sql)==0) {

echo"Could not log you in.";
exit;
}else{
session_register("username");
$_SESSION['welcome'] = "Welcome to your control panel $larfuser";
header("location:http://www.pixelpeople.org/larf/usernames.php");
}
?>[/code]

This site does what it is supposed to.. it takes me to the usernames.php if the usrname and pw corresponds to the information in the mysql db. However, when i try to logout on the usernames page and i try to press back in the browser i can still access usernames.php.

This is my code for logout.php

[code]<? session_unset("username");
header("location:http://www.pixelpeople.org/larf/");
echo "Successfully logged out";
die;?>[/code]


Please do not laugh.. i started doing PHP 2 weeks ago and im enjoying it :)
Can anyone give me a noobfriendly explanation to what is wrong here and how i can correct it? Tips and Tricks are most welcome... hehe

Thank you very much folks!
Link to comment
https://forums.phpfreaks.com/topic/15575-having-trouble-with-sessions/
Share on other sites
Imothep Newbie

Imothep

Posted
  • Author
Posted
[quote author=Imothep link=topic=101785.msg403116#msg403116 date=1153829775]
Hello folks im a PHP noob and im having trouble with sessions.

[code]<?php session_start();

$host="xxxxxx";
$username="xxxxxx";
$password="xxxxx";

$database="XXXXX";

$larfuser=$_POST['email'];
$larfpass=$_POST['password'];



mysql_connect($host, $username, $password) or die("Could not connect to the server");
mysql_select_db($database) or die("Could not connect to the database");

$sql=mysql_query("SELECT * FROM larf_users WHERE email='$larfuser' AND password='$larfpass'");

if (mysql_num_rows($sql)==0) {

echo"Could not log you in.";
exit;
}else{
session_register("username");
$_SESSION['welcome'] = "Welcome to your control panel $larfuser";
header("location:http://www.pixelpeople.org/larf/usernames.php");
}
?>[/code]

This site does what it is supposed to.. it takes me to the usernames.php if the usrname and pw corresponds to the information in the mysql db. However, when i try to logout on the usernames page and i try to press back in the browser i can still access usernames.php.

How can i prevent that ?

This is my code for logout.php

[code]<? session_unset("username");
header("location:http://www.pixelpeople.org/larf/");
echo "Successfully logged out";
die;?>[/code]


Please do not laugh.. i started doing PHP 2 weeks ago and im enjoying it :)
Can anyone give me a noobfriendly explanation to what is wrong here and how i can correct it? Tips and Tricks are most welcome... hehe

Thank you very much folks!
[/quote]
Imothep Newbie

Imothep

Posted
  • Author
Posted
Warning: Wrong parameter count for session_destroy() in /home/1/p/pixelpeople/www/larf/logout.php on line 1

Warning: Cannot modify header information - headers already sent by (output started at /home/1/p/pixelpeople/www/larf/logout.php:1) in /home/1/p/pixelpeople/www/larf/logout.php on line 2
Successfully logged out

that is the error i get
king arthur Member

king arthur

Posted
Posted
session_destroy() does not take a parameter.

The problem is that when you hit the back button, your browser will re-send the $_POST vars, so the $_POST['email'] and $_POST['password'] will be available in the script again. The browser would normally warn you about this. You should have a $_SESSION['loggedin'] variable that, if not present, causes the script to ask for the username and password, by destroying the session any such variable will be deleted. Don't just rely on whether the username is present in the $_POST vars.
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.