0

Dear Php Experts

I created few php file :
Login Page - loginform.php
this page takes user id and password and fetch department from database then it post them to :
Checking File - userchek.php
where session is created if id password and every think goes fine other wise login failed message displayed. And if it is valid user then they goes to:
Main Page - member.php
Every thing is OK. My problem is
But if user click on back button of browser then it goes back to login page and again if user click on browser forward button it comes back to Main page without verification. Now I want help to manage these two bowser buttons.
Means after login if user go back then they should not get the Main page without login.

How can I do this Can any one guide me.

Thank you for your guidence in advance
Please see the attached file for code

Attachments
<?php
require_once('connection.php');
//mysql_connect("localhost", "root", "") or die(mysql_error());
//mysql_select_db("navy") or die(mysql_error()); 

$query = "SELECT * FROM depatment"; 
$result = mysql_query($query); ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Form</title>
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
<script type="text/javascript">
function sle()
{
     document.loginForm.select.disabled=true;
}
function ss(niit)
{
     document.loginForm.select.disabled = (niit != "3"); // why make it complicated?
}
</script>
</head>
<body onLoad="sle()">
<p>&nbsp;</p>
<form id="loginForm" name="loginForm" method="post" action="userchek.php">
<hr />
  <table width="315" border="0" align="center" cellpadding="2" cellspacing="0">
  <tr>
  <td colspan="3"><label>
    <input name="radiobutton" type="radio" id="1" onclick="ss(this.id)" value="Administrator" />
    Administrator </label>| 
    <label><input name="radiobutton" type="radio" value="Store Keeper" id="2" onclick="ss(this.id)" />
    Store Keeper </label> |
    <label><input name="radiobutton" type="radio" value="User" id="3" onclick="ss(this.id)" />
    User </label></td>
  </tr>
  <tr>
    <td colspan="4"><label><span class="err">User Department</span>&nbsp;&nbsp;
        <select name="select">
          <option>Select</option>
          <?php while($row = mysql_fetch_array($result))
		{ 
		echo "<option>$row[Dept_Name]</option>";
		}?>
        </select>
    </label></td>
  </tr>
    <tr>
      <td width="113"><b>Login</b>
      <td colspan="2"><input name="login" type="text" class="textfield" id="login" /></td>
    </tr>
    <tr>
      <td><b>Password</b></td>
      <td colspan="2"><br />
        <input name="password" type="password" class="textfield" id="password" />
      <br /></td>
    </tr>
    <tr>
      <td><input type="submit" name="Submit"  value="     LOGIN     " /></td>
      <td width="118"><input type="submit" name="Submit2" value="Forgot Password" /></td>
      <td width="72"><input type="submit" name="Submit3" value="New User" /></td>
    </tr>
  </table>
  <hr />
</form>
</body>
</html>
<?php
	require_once('security.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Member Index</title>
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
.style3 {color: #FF6600; font-weight: bold; }
.style4 {color: #3366CC}
-->
</style>
</head>
<body>
<h1>Welcome <font color="#FF6600"><?php echo $_SESSION['loginname'];?></font></h1>| <a href="logout.php">Logout</a>
<p>This is a password protected area only accessible to members. </p>
<?php include('show.php'); ?>

<p>&nbsp;</p>
</body>
</html>
<?php
	//Start session
	session_start();
	//Check whether the session variable SESS_MEMBER_ID is present or not
	if(!isset($_SESSION['loginname']) || (trim($_SESSION['loginname']) == ''))
	{
		header("location: access-denied.php");
		exit();
	}
?>
<?php
session_start();

$login = $_POST['login'];
$pass = $_POST['password'];
$dept = $_POST['radiobutton'];

require_once('connection.php');

//mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die(mysql_error());
//mysql_select_db(DB_DATABASE) or die(mysql_error()); 
$qry = "SELECT user_id FROM login_table WHERE user_name='$login' AND password='$pass' AND user_type='$dept'"; 
$result = mysql_query($qry); 
	
	//Check whether the query was successful or not
	if($result) {
	if(mysql_num_rows($result) == 1)
		 {
		 	session_regenerate_id();
			$member = mysql_fetch_assoc($result);
			$_SESSION['loginname'] = $member['user_id'];
			session_write_close();
			header("location: member.php");
			exit();
		}
		else 
		{
			echo "login Failed";		
		}
	}
	else
	{
		die("Query failed");
	}
	
	
?>
3
Contributors
10
Replies
11
Views
7 Years
Discussion Span
Last Post by vishalonne
Featured Replies
  • m really sorry i didnt read ur problem completely... When u hit "back" button... the page is loaded from the cache of your browser. To avoid this, include these lines to your restricted pages(ie which can be viewed only after login) [CODE]header(“Pragma: no-cache”); header(“cache-Control: no-cache, must-revalidate”); // HTTP/1.1 header(“Expires: Mon, … Read More

0

Dear Php Experts

I created few php file :
Login Page - loginform.php
this page takes user id and password and fetch department from database then it post them to :
Checking File - userchek.php
where session is created if id password and every think goes fine other wise login failed message displayed. And if it is valid user then they goes to:
Main Page - member.php
Every thing is OK. My problem is
But if user click on back button of browser then it goes back to login page and again if user click on browser forward button it comes back to Main page without verification. Now I want help to manage these two bowser buttons.
Means after login if user go back then they should not get the Main page without login.

How can I do this Can any one guide me.

Thank you for your guidence in advance
Please see the attached file for code

Its pretty simple task to achieve..
In ur login page... before u show anything just check for existence of session for user, and if one exists use header() function to lead him to main.php page directly...
Similarly in the main page check for existence and if session is not present head him back to login.php
Hope this helps...
Cheers!!

0

Its pretty simple task to achieve..
In ur login page... before u show anything just check for existence of session for user, and if one exists use header() function to lead him to main.php page directly...
Similarly in the main page check for existence and if session is not present head him back to login.php
Hope this helps...
Cheers!!

Dear Venkat
Can you help me to clear my doubt what you instructed...!
When any user go back or leave the Main page then do I need to end his session, if so, please tell me how to do this and where to embed the code...!
Please see the security.php I already attached with this thread
Thanx once agin for last solution.. I am waiting for this

0

Dear Venkat
Can you help me to clear my doubt what you instructed...!
When any user go back or leave the Main page then do I need to end his session, if so, please tell me how to do this and where to embed the code...!
Please see the security.php I already attached with this thread
Thanx once agin for last solution.. I am waiting for this

Sorry if i didnt make myself clear in the last post..
What i am trying to tell you is dont clear the session unless user clicks on logout..
on clicking logout u can do something like..

unset($_SESSION['loginname']);

your security.php is exactly what i was trying to tell you.
just include that file on top of every page that u want only logged in users to access. U can also modify header to point to login.php instead of accessdenied page.
A similar kind of script is needed in ur login.php which does just the reverse of this ie if the session is set, the user is redirected directly to main page without showing the login page.
Did i make it clearer this time?

1

m really sorry i didnt read ur problem completely...
When u hit "back" button... the page is loaded from the cache of your browser.
To avoid this, include these lines to your restricted pages(ie which can be viewed only after login)

header(“Pragma: no-cache”);
header(“cache-Control: no-cache, must-revalidate”); // HTTP/1.1
header(“Expires: Mon, 26 Jul 1997 05:00:00 GMT”); // Date in the past

The previous method i mentioned should be used in conjunction with this.
Cheers!!

0

write like this in logout page.

<?
session_start();
$_SESSION['loginname']=' ';
if($_SESSION['loginname']==' ')
{
header('location:index.php');
}

and also write every page like below.

if($_SESSION['loginname']==' ')
{
header('location:index.php');
}
0

write like this in logout page.

<?
session_start();
$_SESSION['loginname']=' ';
if($_SESSION['loginname']==' ')
{
header('location:index.php');
}

and also write every page like below.

if($_SESSION['loginname']==' ')
{
header('location:index.php');
}

Thats essentially what i suggested him initially but u did the same mistake as i did... even if u clear the session, when a user hits "back" button after he logs out, he can still see the previous page as its saved in ur browser's cache..
This solution is fine but it needs to be coupled up with headers to instruct the browser not to store any page in cache..
Hope this will resolve the issue.
Cheers!!

0

m really sorry i didnt read ur problem completely...
When u hit "back" button... the page is loaded from the cache of your browser.
To avoid this, include these lines to your restricted pages(ie which can be viewed only after login)

header(“Pragma: no-cache”);
header(“cache-Control: no-cache, must-revalidate”); // HTTP/1.1
header(“Expires: Mon, 26 Jul 1997 05:00:00 GMT”); // Date in the past

The previous method i mentioned should be used in conjunction with this.
Cheers!!

Hi Venkat
I wrote the code in member.php between <? php ?> tag at top of the page. But nothing happened still I can use back and forward button of browser

0

Hi Venkat
I wrote the code in member.php between <? php ?> tag at top of the page. But nothing happened still I can use back and forward button of browser

Dear Venkat
I was waiting for your reply for the problem I told you..
You suggested some solution but not worked
Do you have solution for the problem

0

Dear Venkat
I was waiting for your reply for the problem I told you..
You suggested some solution but not worked
Do you have solution for the problem

Well thats all i can think of :X... may b some experts can help u out here...
or else try lookin for a solution in google...

0

Well thats all i can think of :X... may b some experts can help u out here...
or else try lookin for a solution in google...

OK Venkat
Thanx any way for lots of your cooperation and guidence

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.