phpQuestioner Posted March 13, 2007 Share Posted March 13, 2007 I first created this script using sessions and now I have changed it to cookies. The problem I am still having either way is that once the end user logouts and is redirected to the login page, they can still click the browser back button, hit page reload/refresh and then still be logged in. I have included my script below; please tell me what is wrong with it, if you could - thanks. Login Page: <html> <head> <title>Welcome Guest</title> </head> <body> <span style="font-family:arial bold;font-size:100%;color:red"><?php echo $_GET['em']; ?></span> <form action="main.php" method="post"> Username:<br><input type="text" name="username" value="<?php echo $_COOKIE['username']; ?>"> <br><br>Password:<br><input type="password" name="password" value="<?php echo $_COOKIE['password']; ?>"> <br><br><input type="submit" name="submit"> <input type="reset"> </form> </body> </html> </body> </html> Main Page: <?php if (!isset($_POST['username']) AND !isset($_POST['password'])) { header("Location: login.php?em=Please+Enter+Your+Login+Information"); } else { @$username=stripslashes($_POST['username']); @$password=stripslashes($_POST['password']); $letementer="ok"; if ( strcmp($username, "John") != 0) { $letementer = "notok"; } if ( strcmp($password, "Doe") != 0) { $letementer = "notok"; } if ($letementer=="notok") { header("Location: login.php?em=Your+Username+And+Password+Do+Not+Match;+Please+Try+Again"); exit; } if ($letementer=="ok") { echo "<html>\n<head>\n\n <title>Welcome $POST['username'];</title>\n\n<style>\na.type1:link {color:white}\na.type1:visited {color:white}\n</style>\n\n</head>\n\n<body bgcolor=\"gray\">\n\n<a class=\"type1\"href=\"logout.php\" style=\"font-size:12px;float:right\" onclick=\"return confirm('Are You Sure You Want To Log Out?')\">Log Out</a>\n\n\n</body>\n</html>"; } } ?> Logout Page: <?php // delete cookie setcookie("username", NULL, mktime() - 3600, "/"); setcookie("password", NULL, mktime() - 3600, "/"); header("Location: login.php?em=$username+You+Have+Been+Logged+Out"); ?> Link to comment https://forums.phpfreaks.com/topic/42466-need-help-with-my-loginlog-out-script/ Share on other sites More sharing options...
JasonLewis Posted March 13, 2007 Share Posted March 13, 2007 i havnt used cookies much before but looking at this: setcookie("username", NULL, mktime() - 3600, "/"); setcookie("password", NULL, mktime() - 3600, "/"); i didn't realize you used mktime() i always thought you used time() with that sort of thing as mktime() requires parameters. try changing the mktime() to time() to see if that makes a difference. Link to comment https://forums.phpfreaks.com/topic/42466-need-help-with-my-loginlog-out-script/#findComment-206037 Share on other sites More sharing options...
phpQuestioner Posted March 13, 2007 Author Share Posted March 13, 2007 ProjectFear, That did not help; still doing the same thing. End user still would be logged in if they clicked browser back button and page reload (if even needed - some times they don't even have to reload the page; they just have to hit browser back button). Link to comment https://forums.phpfreaks.com/topic/42466-need-help-with-my-loginlog-out-script/#findComment-206042 Share on other sites More sharing options...
only one Posted March 13, 2007 Share Posted March 13, 2007 use sessions -.- Link to comment https://forums.phpfreaks.com/topic/42466-need-help-with-my-loginlog-out-script/#findComment-206049 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.