问题描述:

i tried to write php script for log in and log out. log in works fine but the problem is after i logged out when i hit back button it gets back to homepage.

<?php

//Start session

session_start();

//Include database connection details

require_once('connection.php');

//Array to store validation errors

$errmsg_arr = array();

//Validation error flag

$errflag = false;

//Function to sanitize values received from the form. Prevents SQL injection

function clean($str) {

$str = @trim($str);

if(get_magic_quotes_gpc()) {

$str = stripslashes($str);

}

return mysql_real_escape_string($str);

}

//Sanitize the POST values

$username = clean($_POST['username']);

$password = clean($_POST['password']);

//Input Validations

if($username == '') {

$errmsg_arr[] = 'Username missing';

$errflag = true;

}

if($password == '') {

$errmsg_arr[] = 'Password missing';

$errflag = true;

}

//If there are input validations, redirect back to the login form

if($errflag) {

$_SESSION['ERRMSG_ARR'] = $errmsg_arr;

session_write_close();

header("location: login.php");

exit();

}

//Create query

$qry="SELECT * FROM users WHERE username='$username' AND password='$password'";

$result=mysql_query($qry) or die (mysql_error());

//Check whether the query was successful or not

if($result) {

if(mysql_num_rows($result) > 0) {

//Login Successful

session_regenerate_id();

$member = mysql_fetch_assoc($result);

$_SESSION['EmpId'] = $member['EmployeeId'];

$_SESSION['username'] = $member['username'];

$_SESSION['password'] = $member['password'];

session_write_close();

header("location: ../MyInfo.php");

//echo 'You are loged in';

exit();

}else {

//Login failed

$errmsg_arr[] = 'user name and password not found';

$errflag = true;

if($errflag) {

$_SESSION['ERRMSG_ARR'] = $errmsg_arr;

session_write_close();

header("location: login.php");

exit();

}

}

}else {

die("Query failed");

}

?>

<?php

session_start(); // start a session first, else you cannot destroy/unset it

session_unset();

session_destroy(); // destroy all sessions

header('location:login.php'); // redirect

?>

i hope u will help me thanks

网友答案:

Can you try this, added some key value in header header('location:login.php?_k'.md5(tim()));

    <?php
        session_start(); // start a session first, else you cannot destroy/unset it
        session_unset();
        session_destroy(); // destroy all sessions
        header('location:login.php?_k'.md5(tim())); // redirect   
    ?>
网友答案:

At the top of each php page, check to see if the user is logged in. If not, they should be redirected to a login page:

<?php 
      if(!isset($_SESSION['logged_in'])) : 
      header("Location: login.php");  
?>
网友答案:

Are you checking if the sessions are valid?

From your code I would do

function checkIfLoggedIn()
{
   if (isset($_SESSION['username'])){ 
     header("Location:index.php");
   } else{
     header("Location:login.php");
   }
}

have that function right at the top of every page

相关阅读:
Top