Jump to content


Photo

Having trouble with sessions


  • Please log in to reply
6 replies to this topic

#1 Imothep

Imothep
  • Members
  • PipPip
  • Member
  • 15 posts

Posted 25 July 2006 - 12:16 PM

Hello folks im a PHP noob and im having trouble with sessions.

<?php session_start();

$host="xxxxxx";
$username="xxxxxx";
$password="xxxxx";

$database="XXXXX";

$larfuser=$_POST['email'];
$larfpass=$_POST['password'];



mysql_connect($host, $username, $password) or die("Could not connect to the server");
mysql_select_db($database) or die("Could not connect to the database");

	$sql=mysql_query("SELECT * FROM larf_users WHERE email='$larfuser' AND password='$larfpass'");
	
	if (mysql_num_rows($sql)==0) {
		
		echo"Could not log you in.";
		exit;
	}else{
		session_register("username");
		$_SESSION['welcome'] = "Welcome to your control panel $larfuser";
		header("location:http://www.pixelpeople.org/larf/usernames.php");
		}		
		?>

This site does what it is supposed to.. it takes me to the usernames.php if the usrname and pw corresponds to the information in the mysql db. However, when i try to logout on the usernames page and i try to press back in the browser i can still access usernames.php.

This is my code for logout.php

<? session_unset("username");
header("location:http://www.pixelpeople.org/larf/");
echo "Successfully logged out";
die;?>


Please do not laugh.. i started doing PHP 2 weeks ago and im enjoying it :)
Can anyone give me a noobfriendly explanation to what is wrong here and how i can correct it? Tips and Tricks are most welcome... hehe

Thank you very much folks!

#2 Imothep

Imothep
  • Members
  • PipPip
  • Member
  • 15 posts

Posted 25 July 2006 - 12:32 PM

Hello folks im a PHP noob and im having trouble with sessions.

<?php session_start();

$host="xxxxxx";
$username="xxxxxx";
$password="xxxxx";

$database="XXXXX";

$larfuser=$_POST['email'];
$larfpass=$_POST['password'];



mysql_connect($host, $username, $password) or die("Could not connect to the server");
mysql_select_db($database) or die("Could not connect to the database");

	$sql=mysql_query("SELECT * FROM larf_users WHERE email='$larfuser' AND password='$larfpass'");
	
	if (mysql_num_rows($sql)==0) {
		
		echo"Could not log you in.";
		exit;
	}else{
		session_register("username");
		$_SESSION['welcome'] = "Welcome to your control panel $larfuser";
		header("location:http://www.pixelpeople.org/larf/usernames.php");
		}		
		?>

This site does what it is supposed to.. it takes me to the usernames.php if the usrname and pw corresponds to the information in the mysql db. However, when i try to logout on the usernames page and i try to press back in the browser i can still access usernames.php.

How can i prevent that ?

This is my code for logout.php

<? session_unset("username");
header("location:http://www.pixelpeople.org/larf/");
echo "Successfully logged out";
die;?>


Please do not laugh.. i started doing PHP 2 weeks ago and im enjoying it :)
Can anyone give me a noobfriendly explanation to what is wrong here and how i can correct it? Tips and Tricks are most welcome... hehe

Thank you very much folks!



#3 king arthur

king arthur
  • Members
  • PipPipPip
  • Advanced Member
  • 335 posts
  • LocationUK HQ

Posted 25 July 2006 - 12:54 PM

Try adding a session_destroy() to your logout script, that may do the trick.
Sir Isaac Newton said "If I have seen farther, it is by standing on the shoulders of giants". But it is not recorded as to whether he said it before or after he was hit on the head by a falling apple.

#4 Imothep

Imothep
  • Members
  • PipPip
  • Member
  • 15 posts

Posted 25 July 2006 - 01:26 PM

i tried adding session_destroy to my code

<? session_destroy("username");
header("location:http://www.pixelpeople.org/larf/");
echo "Successfully logged out";
die;?>

but it still doesnt work :S

#5 Imothep

Imothep
  • Members
  • PipPip
  • Member
  • 15 posts

Posted 25 July 2006 - 01:29 PM

Warning: Wrong parameter count for session_destroy() in /home/1/p/pixelpeople/www/larf/logout.php on line 1

Warning: Cannot modify header information - headers already sent by (output started at /home/1/p/pixelpeople/www/larf/logout.php:1) in /home/1/p/pixelpeople/www/larf/logout.php on line 2
Successfully logged out

that is the error i get

#6 king arthur

king arthur
  • Members
  • PipPipPip
  • Advanced Member
  • 335 posts
  • LocationUK HQ

Posted 25 July 2006 - 01:37 PM

session_destroy() does not take a parameter.

The problem is that when you hit the back button, your browser will re-send the $_POST vars, so the $_POST['email'] and $_POST['password'] will be available in the script again. The browser would normally warn you about this. You should have a $_SESSION['loggedin'] variable that, if not present, causes the script to ask for the username and password, by destroying the session any such variable will be deleted. Don't just rely on whether the username is present in the $_POST vars.
Sir Isaac Newton said "If I have seen farther, it is by standing on the shoulders of giants". But it is not recorded as to whether he said it before or after he was hit on the head by a falling apple.

#7 Imothep

Imothep
  • Members
  • PipPip
  • Member
  • 15 posts

Posted 25 July 2006 - 01:42 PM

Ok thank you King Arthur.. can you show me an example of how to do that using my script ? I would be very greatfull..

Thanks again




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users