cluce Posted May 1, 2007 Share Posted May 1, 2007 I am trying to prevent the logon and previous buttons from logging in a user. Even after they log out. can someone me any suggestions on how to disable this?? What code or functions could I use?? Link to comment https://forums.phpfreaks.com/topic/49452-how-to-make-a-logon-page-more-secure/ Share on other sites More sharing options...
redarrow Posted May 1, 2007 Share Posted May 1, 2007 sorry what? Link to comment https://forums.phpfreaks.com/topic/49452-how-to-make-a-logon-page-more-secure/#findComment-242365 Share on other sites More sharing options...
trq Posted May 1, 2007 Share Posted May 1, 2007 Try using the header function to prevent caching. eg; <?php header("Cache-Control: no-cache, must-revalidate"); header("Expires: Mon, 01 Jan 1900 00:00:00 GMT"); ?> Link to comment https://forums.phpfreaks.com/topic/49452-how-to-make-a-logon-page-more-secure/#findComment-242370 Share on other sites More sharing options...
taith Posted May 1, 2007 Share Posted May 1, 2007 on the pages that are secured by user, just put the if_empty($_SESSION[yoursessvar]) header(direct me away); or whatnot... Link to comment https://forums.phpfreaks.com/topic/49452-how-to-make-a-logon-page-more-secure/#findComment-242371 Share on other sites More sharing options...
cluce Posted May 1, 2007 Author Share Posted May 1, 2007 I was talking about on the internet browsers.........I am trying to prevent the user from logging on with the next and previous buttons on the browser. Even after they log out. can someone me any suggestions on how to disable this?? What code or functions could I use?? thanks for your replies. I will check it out. Link to comment https://forums.phpfreaks.com/topic/49452-how-to-make-a-logon-page-more-secure/#findComment-242393 Share on other sites More sharing options...
cluce Posted May 1, 2007 Author Share Posted May 1, 2007 here is the code I am using .......can someone tell me how to modify this on how I can do this..... <?php //check for required fields from the form if ((!isset($_POST["username"])) || (!isset($_POST["password"]))) { header("Location: userlogin.html"); exit; } //connect to server and select database $mysqli = mysqli_connect("localhost", "root", "", "test"); //create and issue the query $sql = "SELECT f_name, l_name FROM auth_users WHERE username = '".$_POST["username"]."' AND password = PASSWORD('".$_POST["password"]."')"; $result = mysqli_query($mysqli, $sql) or die(mysqli_error($mysqli)); //get the number of rows in the result set; should be 1 if a match if (mysqli_num_rows($result) == 1) { //if authorized, get the values of f_name l_name while ($info = mysqli_fetch_array($result)) { $f_name = stripslashes($info['f_name']); $l_name = stripslashes($info['l_name']); } //set authorization cookie setcookie("auth", "1", 0, "/", "yourdomain.com", 0); //directs authorized user header("Location: logon.php"); //prevents cache of logon info header("Cache-Control: no-cache, must-revalidate"); header("Expires: Mon, 01 Jan 1900 00:00:00 GMT"); } else { //redirect back to login form if not authorized header("Location: registration.html"); exit; } ?> <html> Link to comment https://forums.phpfreaks.com/topic/49452-how-to-make-a-logon-page-more-secure/#findComment-242413 Share on other sites More sharing options...
taith Posted May 1, 2007 Share Posted May 1, 2007 you cannot disable the back/forward buttons, however if you turn off your cache, and verify if the user is logged in on all of your "secured" spots... if they press back, it'd redirect them to a different page... Link to comment https://forums.phpfreaks.com/topic/49452-how-to-make-a-logon-page-more-secure/#findComment-242415 Share on other sites More sharing options...
cluce Posted May 1, 2007 Author Share Posted May 1, 2007 well how do you tunr off the cache? The code that was posted didn't seem to work. at least in the places where I coded. Link to comment https://forums.phpfreaks.com/topic/49452-how-to-make-a-logon-page-more-secure/#findComment-242504 Share on other sites More sharing options...
taith Posted May 1, 2007 Share Posted May 1, 2007 header("Cache-Control: no-store, no-cache, must-revalidate"); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); there goes any/all forms of cache Link to comment https://forums.phpfreaks.com/topic/49452-how-to-make-a-logon-page-more-secure/#findComment-242648 Share on other sites More sharing options...
cluce Posted May 1, 2007 Author Share Posted May 1, 2007 cool; thanks. if you can tell me . but where do I put that code in my page? Link to comment https://forums.phpfreaks.com/topic/49452-how-to-make-a-logon-page-more-secure/#findComment-242798 Share on other sites More sharing options...
pocobueno1388 Posted May 1, 2007 Share Posted May 1, 2007 If you have a header file, it would be best to put it at the top of that script. Then it will be in effect on every page the users click. Or if you are just worried about your "logout" page...put it at the top of the logout script... Link to comment https://forums.phpfreaks.com/topic/49452-how-to-make-a-logon-page-more-secure/#findComment-242915 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.