phpQuestioner Posted March 8, 2007 Share Posted March 8, 2007 I have created script with a single user login validation within php page. I have tried to use sessions to create a log-out page, but when a user clicks the link to the log-out page and is redirected; if the click the browser back button and click reload, the page will still have them logged in. My script is below, any help would be very gr8t - Thanks HTML Form Page <html> <head> <title>Login</title> </head> <body> <form action="login.php" method="post"> Username:<br><input type="text" name="username" size="25"><br><br> Password:<br><input type="password" name="password" size="25"><br><br> <input type="submit" value="Login"> </form> </body> </html> PHP Login Page <?php @$username = stripslashes($_POST['username']); @$password = stripslashes($_POST['password']); $letementer = "ok"; // strcmp = Case Sensitive // strcasecmp = Not Case Sensitive if ( strcmp($username, "John") != 0) { $letementer = "notok"; } if ( strcmp($password, "Doe") != 0) { $letementer = "notok"; } if ($letementer=="notok") { echo "You Do Not Have Premission To View This Page"; exit; } if ($letementer=="ok") { session_start(); session_register('username'); echo "<a href=\"logout.php?un=$username\" style=\"float:right\">Log Out</a><br><br><br>You Have Premisson To View This Page"; } ?> PHP Log-Out Page <?php //start the session session_start(); //check to make sure the session variable is registered if(session_is_registered('username')){ //session variable is registered, the user is ready to logout session_unset(); session_destroy(); echo "<script>\nalert(\"$un You Have Successfully Been Logged Out\");\n</script>"; } else{ //the session variable isn't registered, the user shouldn't even be on this page header("Location: login.html"); } ?> Quote Link to comment Share on other sites More sharing options...
jscix Posted March 9, 2007 Share Posted March 9, 2007 Try, unset($username); session_destroy(); Quote Link to comment Share on other sites More sharing options...
Snooble Posted March 9, 2007 Share Posted March 9, 2007 best thing'd be to (at the top of your pages you want only logged in users to see have this: if(!isset($_SESSION['username'])){ header("Location: pleaselogin.php"); } If the user has logged out and trys to go back it will take the user to "pleaselogin.php" No problem Snooble Quote Link to comment Share on other sites More sharing options...
phpQuestioner Posted March 9, 2007 Author Share Posted March 9, 2007 So I tried to do like jscix said to do and I replaced this: session_unset(); session_destroy(); in the PHP Log-Out Page for this: unset($username); session_destroy(); but this did not do the trick; when browser back button was clicked and page reloaded; log-in session still existed. Next I tried Snooble advice and put this: if(!isset($_SESSION['username'])){ header("Location: login.html"); } in the very top part of my PHP Login Page and then tried to login with the correct username and password, but the script kept on redirecting me back to the html page; even when the username and password is correct. Does anyone else have any ideas about this? Quote Link to comment Share on other sites More sharing options...
Eiolon Posted March 9, 2007 Share Posted March 9, 2007 This is what I have in my secured page called main.php and works fine: <?php # main.php // Start the session. session_start(); // Check for the session value. if (isset($_SESSION['username'])) { echo '<p>Welcome back, '.$_SESSION['username'].'.</p>'; } else { // Quit the script and redirect to login page. header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname ($_SERVER['PHP_SELF']) . "login.php"); exit(); } ?> Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted March 9, 2007 Share Posted March 9, 2007 session_start(); must be at top of script, very top use $_SESSION['username'] to declare session vars instead of session_register, register_globals is off by default and on its way out of the php picture for destroying session, try $_SESSION = array(); session_destroy; to keep it from relogging in, use header("Cache-Control: private, no-cache, must-revalidate"); Quote Link to comment Share on other sites More sharing options...
phpQuestioner Posted March 11, 2007 Author Share Posted March 11, 2007 So I tried this below, but I am still having the same problem. Once the user logs out, clicks the browser back button and then reload; they are still logged in. So what do I need to correct? PHP Login Page <?php session_start(); $_SESSION['username']; header("Cache-Control: private, no-cache, must-revalidate"); @$username = stripslashes($_POST['username']); @$password = stripslashes($_POST['password']); $letementer = "ok"; // strcmp = Case Sensitive // strcasecmp = Not Case Sensitive if ( strcmp($username, "John") != 0) { $letementer = "notok"; } if ( strcmp($password, "Doe") != 0) { $letementer = "notok"; } if ($letementer=="notok") { echo "You Do Not Have Premission To View This Page"; exit; } if ($letementer=="ok") { session_start(); session_register('username'); echo "<a href=\"logout.php?un=$username\" style=\"float:right\">Log Out</a><br><br><br>You Have Premisson To View This Page"; } ?> PHP Log-Out Page <?php //start the session session_start(); //check to make sure the session variable is registered if(session_is_registered('username')){ //session variable is registered, the user is ready to logout $_SESSION = array(); session_destroy(); echo "<script>\nalert(\"$un You Have Successfully Been Logged Out\");\n</script>"; } else{ //the session variable isn't registered, the user shouldn't even be on this page header("Location: login.html"); } ?> Quote Link to comment Share on other sites More sharing options...
phpQuestioner Posted March 11, 2007 Author Share Posted March 11, 2007 Does anyone know how I can correct this script? Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted March 11, 2007 Share Posted March 11, 2007 when they logout re-direct them to a new page that tells them they have been logged out. Quote Link to comment Share on other sites More sharing options...
redarrow Posted March 12, 2007 Share Posted March 12, 2007 <?php session_start(); if($_SESSION['username']){ unset($_SESSION['username']); session_destroy(); echo "<script>\nalert(\"$un You Have Successfully Been Logged Out\");\n</script>"; exit; }else{ header("Location: login.html"); exit; } ?> Quote Link to comment Share on other sites More sharing options...
redarrow Posted March 13, 2007 Share Posted March 13, 2007 try it all this way ok. <?php session_start(); if($_SESSION['username']){ unset($_SESSION['username']); session_destroy(); echo "<script>\nalert(\"$un You Have Successfully Been Logged Out\");\n</script>"; exit; }else{ header("Location: login.html"); exit; } ?> <?php session_start(); header("Cache-Control: private, no-cache, must-revalidate"); @$username = stripslashes($_POST['username']); @$password = stripslashes($_POST['password']); $letementer = "ok"; // strcmp = Case Sensitive // strcasecmp = Not Case Sensitive if ( strcmp($username, "John") != 0) { $letementer = "notok"; } if ( strcmp($password, "Doe") != 0) { $letementer = "notok"; } if ($letementer=="notok") { echo "You Do Not Have Premission To View This Page"; exit; } if ($letementer=="ok") { $_SESSION['username']=$username; echo "<a href=\"logout.php?un=$username\" style=\"float:right\">Log Out</a><br><br><br>You Have Premisson To View This Page"; } ?> Quote Link to comment Share on other sites More sharing options...
phpQuestioner Posted March 15, 2007 Author Share Posted March 15, 2007 redarrow, I tried the code just the way you gave an example of, but the end user is still logged in, when back button is click and refresh button is clicked. I do not know why it is doing this. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.