Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New to the CF scene
    Join Date
    Dec 2006
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    security problem after logout

    Hi
    after the user logged out and we press backward again and again
    the browser warns some thing like "Postdata expires ,would you like to resend again" and if we press OK the loggeout user automatically logged again.
    What should i do to rectify this.Shall i check sessid,if so how?

    login script

    <?php
    session_start();
    require_once('gk_fns.php');
    $_SESSION['valid _email']=$_POST['email'];
    $password=$_POST['password'];
    html_header('');


    if (!filled_out($_POST))
    {
    echo 'Please fill all fields';
    do_html_footer();
    exit;
    }
    $email=$_SESSION['valid _email'];

    $conn=mysql_connect (","","") or die ('cannot connect to the database because: ' . mysql_error());
    mysql_select_db ("",$conn);

    $query="select * from login where email='$email' and password='$password'";
    $result=mysql_query($query,$conn);
    if(!$result)
    {
    do_html_heading('Problem:');
    echo 'Login failed.Please try again';
    html_footer();
    exit;
    }
    else
    {
    $result=mysql_num_rows($result);
    if(!$result>0)
    {
    do_html_heading('Problem:');
    echo 'Login failed.The login id or password incorrect.Please <a href ="login.htm">login</a> again';
    html_footer();
    exit;
    }
    else
    {
    do_html_heading('Login Successful:');
    echo '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
    echo '<a href=logout.php>[Logout]</a>';

    //echo 'login succssful';
    // $_SESSION['valid _email'] = $email;
    if(isset($_SESSION['valid _email']))
    {
    $user_details=explode('@',$_SESSION['valid _email']);
    $user=$user_details[0];
    echo '<br /><br />Hi ';

    ?>
    <b><font color="#FF0000"><?php echo $user ?></font></b>
    <?php
    echo ',welcome back.<br /> <br />';
    echo '<a href=inbox.php>Go to your inbox</a>';

    }
    else
    {
    echo 'you are not logged in';
    }
    }
    }
    html_footer();

    ?>






    logoutscript

    <?php
    session_start();
    $_SESSION = array();
    session_destroy();
    header("Location: login.htm");
    ?>


    can anyone help me?


    thanks

  • #2
    Senior Coder whizard's Avatar
    Join Date
    Jan 2005
    Location
    Philadelphia, PA, USA
    Posts
    1,662
    Thanks
    14
    Thanked 76 Times in 76 Posts
    Put

    header("Cache-control: Private");

    after "session_start();"

    on every page.

    HTH,
    Dan
    PHP Tip: If you want to use short tags (<? or <?=$var) then make sure short_open_tag is set to "1". It really helps.

    Don't forget to save everyone time and mark your thread as Resolved :)

    "Also note that it is your responsibility to die() if necessary."

    DON'T USE THE MYSQL_ EXTENSION


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •