0

Pls I need help on this validation script. Even after logout and without login, I can access the assigned webpage. What might be wrong??

<?php
	//Start session
	session_start();
	
	//Check whether the session variable SESS_MEMBER_ID is present or not
	if(!isset($_SESSION['login']) xor (trim($_SESSION['login']) == '')) {
		header("location: login.php");
		exit();
	}
?>

Edited by Narue: Added code tags

6
Contributors
15
Replies
16
Views
5 Years
Discussion Span
Last Post by nagarjunrajen
Featured Replies
  • 1
    diafol 3,669   5 Years Ago

    [CODE]if(!isset($_SESSION['login']) || trim($_SESSION['login']) == '') { header("location: login.php"); exit(); }[/CODE] ? Although I couln't see anything wrong with your code. :( Read More

0

Have you dumped the session variable to the screen to see if it really does contain a value? Maybe it is there from a previous signon.

Instead of comparing the session variable to '' try the empty() function.

0

Can you please help rewrite the correct code cos i don't know wat else to do cos all variable i use seems nt to work out.

1
if(!isset($_SESSION['login']) || trim($_SESSION['login']) == '') {
		header("location: login.php");
		exit();
	}

?

Although I couln't see anything wrong with your code. :(

Edited by diafol: n/a

Votes + Comments
Nice One! Will redirect the User when the Session is null!
0

Make sure you are either destroying or unsetting your session variable on user logout. If not, they will still be able to access that page after they have logged in once.

<?
//In your logout.php script
session_start();
unset($_SESSION['login']);
header("location: login.php");
?>

Or you can destroy the current session:

<?php
session_start();
session_destroy();
header( "location: login.php" ) ;
?>

Edited by ctaylo21: n/a

0

@Ardav..

It didn't work out inside it toke me back to login.php. OMG I really need to get this done.

0

@ctaylo21...

Here is my logout script...and they can still view the page even without login...

<?php
//Start session
session_start();

//Unset the variables stored in session
unset($_SESSION['login']);
unset($_SESSION['login']);
unset($_SESSION['login']);


?>

Edited by peter_budo: Keep It Clear - Do use code tags when posting any code

0

@ctaylo21...

Here is my logout script...and they can still view the page even without login...

<?php
//Start session
session_start();

//Unset the variables stored in session
unset($_SESSION);
unset($_SESSION);
unset($_SESSION);


?>

Why are you unsetting the session variable three times? Try adding the re-direct to login.php after you unset the session variable. If you don't, they might still be able to hit back on the browser menu and see the page.

0

@ctaylo21...

Even after login out...wen i click the back button, you can still access the page. So in that case, can you help me look into the page user validation??/

0

@ctaylo21...

Even after login out...wen i click the back button, you can still access the page. So in that case, can you help me look into the page user validation??/

That may be the problem. Like I said before, if you haven't already, change your logout.php to this:

<?php
//Start session
session_start();

//Unset the variables stored in session
unset($_SESSION['login']);

//Redirect use to login page
header("location: login.php");

?>

This should fix the problem of being able to hit back on the browser and see a page you shouldn't be able to see after logging out. If the user validation code you are referring to is the code you first posted, I don't see anything wrong with that particular section. So try the code above and let me know if that helps or not.

0

I did but it can still view the page without login with the

<php
if(!isset($_SESSION['login']) || trim($_SESSION['login']) == '') {
		header("location: login.php");
		exit();
?>

on the page....

Edited by peter_budo: Keep It Clear - Do use code tags when posting any code

0

Even with the logout out script, wen i hit the back button, I can still view the page without login. What might be the problem? Is the user validation on the page wrong?

if(!isset($_SESSION['login']) || trim($_SESSION['login']) == '') {
		header("location: login.php");
		exit();
	}

Or wat do u suggest?

Edited by peter_budo: Keep It Clear - Do use code tags when posting any code

0

Dear octaylo...

I still can hit the back button and gain access to the webpage. Just so stressed out and confused. It didn't work.

0

I dont' see anything wrong with your validation so you will need to post more code for me to try find the problem. Can you post your complete login/logout code and the page you are trying to keep login protected?

0

try my code..its working..

<?php

session_start();

$con = mysql_connect("localhost:3306","user","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
//echo'Connected Successfully';

mysql_select_db("userdetails", $con);


$userid=$_POST['username'];
$password=$_POST['password'];

$userid=mysql_real_escape_string($userid);
$password=mysql_real_escape_string($password);

if($rec=mysql_fetch_array(mysql_query("SELECT * FROM userdetails.data WHERE userid='$userid' AND password = '$password'"))){
	
if(($rec['userid']==$userid)&&($rec['password']==$password)){
	 
	echo "Login Successful..!!";
}
}	
else if(($rec['userid']!=$userid)||($rec['password']!=$password)){

	echo "UserID or Password incorrect.Try again..!!";
	session_unset();
}

?>

Edited by peter_budo: Keep It Clear - Do use code tags when posting any code

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.