stackoom
  简体   繁体   中英

After logging out and pressing back button the same page is showing in PHP

 原文  2018-05-13 05:59:02       javascript/ php/ html/ ajax

Question

I m using php with session. after logging out it is redirecting to the login page but after pressing back button it is again showing me the page without login . how can I solve this problem. Thanks in advance

index.php 

<form style="padding-left: 50px; padding-right: 50px;" action="func.php" method="post">
  <label for="uname" style="color:white;"><b>Username</b></label>
  <input type="text" placeholder="Enter Username" name="uname" style="border-radius: 10px;" required>

  <label for="psw" style="color:white;"><b>Password</b></label>
  <input type="password" placeholder="Enter Password" name="psw" style="border-radius: 10px;" required>

  <button type="submit" name="login_submit" class="b1">Login</button>
</form>

func.php 

<?php                                                        
session_start();  
$con=mysqli_connect("localhost","root","","forestdb"); 
if(isset($_POST['login_submit'])){                     
$username=$_POST['uname'];                           
$password=$_POST['psw'];                                       
$query="select * from login where username='$username' and password='$password';";                        
$result=mysqli_query($con,$query); 
if(mysqli_num_rows($result)==1)
{
    $_SESSION['username']=1;
    header("Location:create_journal.php");
}
else{
    echo "<script>alert('Enter Correct Details!!')</script>";
    echo "<script>window.open('index.php', '_self')</script>";
}
}
?>

create_journal.php 

<li><a href="logout.php" style="color:white;"  onmouseover='this.style.color="#08367f"' onmouseout='this.style.color="white"'><span class="glyphicon glyphicon-log-out"></span> Logout</a></li>

logout.php 

<?php                                                        
session_start();                                           
session_destroy();                              
header("Location:index.php");                                               
?>

2 answers

solution1
 1  2018-05-13 06:08:59

First and foremost, your code is very succeptible to SQL injection, use prepared statements and read what is said here .

Second it appears that you are not checking if the $_SESSION['username'] is set, which means that, if you know the url you want to go to, you can get to the page without having to log in, which in turn means that you can go back one page and you will see the exact same thing.

solution2
 1  2018-05-13 06:56:46

For that, you must have to use a session tag in your code.

with the login your session must be start with 

// start the session 
session_start();

and your session destroy with the logout. 

// destroy the session 
session_destroy();

with the use of this you can resolve your problem.

You can better understand from: https://www.w3schools.com/php/php_sessions.asp

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to prevent user loging in after log out on pressing back button After logging off, a user should not able to see the pages by pressing back button of the browser Modal appearing after pressing browser back button Page with ajax update does not remember state after pressing browser back button Unable to read the selected drop down list value on page load after pressing browser back button Scroll position won't reset when go to other page after pressing back button Pressing back button does not place the vertical cursor where it was left after the page is rendered using ajax Page title not showing up with infinite-scroll after back button Page not secured after log out and click back button Ajax “POST” is showing form entries in URL when pressing back button
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM