Hi all,
I've written a login/logout code. It does what it's supposed to do but
the problem is when I logout and press browser's back button (in
Firefox), I get to the last login page. In IE, when I press back
button, I get to the page that says "Page has Expired" but Firefox does
not do this.
I think it's something to do with sessions not properly unset or
something like that but I haven't been able to figure it out. I am
attaching my codes and database structure below. If you need more info,
please email me. I really want this to be fixed asap. I've played with
this long enough. Thanks!
Login class:
-----------------
class Login {
//var $loginflag;
//var $db_connect;
function Login() {
//$this ->db_connect = $db_connect;
if (!isset($_SESSI ON['uid']) || $_SESSION['uid'] == 0) {
$this->set_session_de faults();
echo "inside login class<br />";
}
}
function check_login($us ername, $password) {
global $db;
$link=$db->connectDB();
if ($_SESSION['logged']) {
$this->check_session( );
echo "logged...< br />";
return true;
} else {
$username = mysql_escape_st ring($username) ;
$query = "SELECT * FROM users WHERE username = '$username' AND
AES_DECRYPT(pas sword, 'dreamfilmslogi n438ismbtsx') = '$password'";
$result = mysql_query($qu ery, $link) or die("Could not select");
if (mysql_num_rows ($result)) {
$this->set_session($u sername = mysql_fetch_ass oc($result), true);
return $username['username'];
} else {
$this->failed = true;
session_destroy ();
return false;
}
}
}
function check_session() {
global $db;
$link=$db->connectDB();
$username = mysql_escape_st ring($_SESSION['username']);
$token = mysql_escape_st ring($_SESSION['token']);
$session = mysql_escape_st ring(session_id ());
$ip = mysql_escape_st ring($_SERVER['REMOTE_ADDR']);
$query = "SELECT * FROM users WHERE username='{$use rname}' AND
token='{$token} ' AND session='{$sess ion}' AND ip='{$ip}'";
$result = mysql_query($qu ery, $link) or die("Could not select");
echo "check session:<br />";
print_r($result );
echo "<br />";
if ($result != false) {
} else {
$this->logout();
}
}
function set_session_def aults() {
//session_start() ;
////session_registe r("logged", "uid", "username") ;
$_SESSION['logged'] = false;
$_SESSION['uid'] = 0;
$_SESSION['username'] = '';
}
function set_session($re sult,$init = true) {
global $db;
$link=$db->connectDB();
if ($init) {
//session_start() ;
$session = mysql_escape_st ring(session_id ());
$ip = mysql_escape_st ring($_SERVER['REMOTE_ADDR']);
$result['token'] = $this->token(); // generate a new token
$query = "UPDATE users SET session='{$sess ion}',
token='{$result['token']}', ip='{$ip}' WHERE uid='{$result['uid']}'";
mysql_query($qu ery, $link) or die("Could not select");
$_SESSION['logged'] = true;
$_SESSION['uid'] = $result['uid'];
$_SESSION['username'] = $result['username'];
echo "set session:<br />";
print_r($result );
echo "<br />";
echo "session: ".$session. "<br />";
echo "ip: ".$ip."<br />";
}
}
function token() {
// generate a random token
for($i=1;$i<33; $i++) {
$seed .= chr(rand(0,255) );
}
return md5($seed);
}
function logout() {
global $db;
$link=$db->connectDB();
$query = "UPDATE users SET session='', token='', ip='' WHERE
uid='{$_SESSION['uid']}'";
mysql_query($qu ery, $link) or die("Could not select");
mysql_close($li nk);
unset($_SESSION['username']);
unset($_SESSION['logged']);
unset($_SESSION['uid']);
// kill session variables
$_SESSION = array(); // reset session array
session_destroy ();
/**$this->set_session_de faults();
session_destroy ();*****/
echo "logged out...<br />";
return true;
}
} // end class Login
DBAccess class
-------------------------
class DBAccess {
var $_login;
// Constructor
function DBAccess() {
$this -_login = array();
$this -_login['db_loginid'] = "testuser";
$this -_login['db_password'] = "";
$this -_login['hostname'] = "localhost" ;
$this -_login['db_name'] = "dblogin";
}
function connectDB() {
if (!($link = @mysql_connect( $this->_login['hostname'],
$this->_login['db_loginid'], $this->_login['db_password']))) {
echo "<strong>Co uld not connect: </strong>".mysql_ error()."<br
/><hr size='1' /><br />";
} else if (!@mysql_select _db($this->_login['db_name'],$link)) {
echo "Could not select database";
}
if ($link) {
return $link;
}
} // end connectDB()
} // end class DB_Access
database structure
----------------------------
CREATE TABLE `users` (
`uid` int(11) NOT NULL auto_increment,
`username` varchar(20) NOT NULL default '',
`password` varchar(50) NOT NULL default '',
`token` varchar(100) NOT NULL default '',
`session` varchar(100) NOT NULL default '',
`ip` varchar(20) NOT NULL default '',
PRIMARY KEY (`uid`),
UNIQUE KEY `username` (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT= 2 ;
25  3313 
In article <11************ **********@i42g 2000cwa.googleg roups.com>,
<cr*********@ya hoo.comwrote:
Hi all,
I've written a login/logout code. It does what it's supposed to do but
the problem is when I logout and press browser's back button (in
Firefox), I get to the last login page. In IE, when I press back
button, I get to the page that says "Page has Expired" but Firefox does
not do this.
I think it's something to do with sessions not properly unset or
something like that but I haven't been able to figure it out. I am
attaching my codes and database structure below. If you need more info,
please email me. I really want this to be fixed asap. I've played with
this long enough. Thanks!
Just curious what happens if you add these headers to the previous
pages?
( code from docs )
<?php
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires : Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
?>
And this for the destruction of the session:
<?php
$_SESSION = array();
// Note: This will destroy the session, and not just the session data!
if ( isset( $_COOKIE[session_name()] ) )
setcookie( session_name(), '', time() - 42000, '/' );
// Finally, destroy the session.
session_destroy ();
?>
--
Koncept <<
"The snake that cannot shed its skin perishes. So do the spirits who are
prevented from changing their opinions; they cease to be a spirit." -Nietzsche
>Koncept wrote:
Just curious what happens if you add these headers to the previous
pages?
( code from docs )
<?php
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires : Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
?>
And this for the destruction of the session:
<?php
$_SESSION = array();
// Note: This will destroy the session, and not just the session data!
if ( isset( $_COOKIE[session_name()] ) )
setcookie( session_name(), '', time() - 42000, '/' );
// Finally, destroy the session.
session_destroy ();
?>
No, still the same. I don't have any cookies set. I've only used
sessions in my code but anyway I tried all the above you have suggested
but there is no difference in the outcome. I hope someone can help me
with this.
If you want the codes, I can even email you the codes. Just let me know
by email. I really need to get this fixed.
Thanks cr*********@yah oo.com wrote:
Hi all,
I've written a login/logout code. It does what it's supposed to do but
the problem is when I logout and press browser's back button (in
Firefox), I get to the last login page. In IE, when I press back
button, I get to the page that says "Page has Expired" but Firefox does
not do this.
I think it's something to do with sessions not properly unset or
something like that but I haven't been able to figure it out. I am
attaching my codes and database structure below. If you need more info,
please email me. I really want this to be fixed asap. I've played with
this long enough. Thanks!
No, Firefox has most probably pulled this from its cache. Disable the
cache (set to 0) and your problem will go away.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
Koncept wrote:
In article <11************ **********@i42g 2000cwa.googleg roups.com>,
<cr*********@ya hoo.comwrote:
>>Hi all,
I've written a login/logout code. It does what it's supposed to do but
the problem is when I logout and press browser's back button (in
Firefox), I get to the last login page. In IE, when I press back
button, I get to the page that says "Page has Expired" but Firefox does
not do this.
I think it's something to do with sessions not properly unset or
something like that but I haven't been able to figure it out. I am
attaching my codes and database structure below. If you need more info,
please email me. I really want this to be fixed asap. I've played with
this long enough. Thanks!
Just curious what happens if you add these headers to the previous
pages?
( code from docs )
<?php
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires : Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
?>
And this for the destruction of the session:
<?php
$_SESSION = array();
// Note: This will destroy the session, and not just the session data!
if ( isset( $_COOKIE[session_name()] ) )
setcookie( session_name(), '', time() - 42000, '/' );
This line will never do anything. The session_name is the value of the
cookie, not the name. The cookie name is set in the php.ini file
(default: PHPSESSID).
// Finally, destroy the session.
session_destroy ();
?>
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
In article <nb************ *************** ***@comcast.com >, Jerry
Stuckle <js*******@attg lobal.netwrote:
// Note: This will destroy the session, and not just the session data!
if ( isset( $_COOKIE[session_name()] ) )
setcookie( session_name(), '', time() - 42000, '/' );
This line will never do anything. The session_name is the value of the
cookie, not the name.
That's incorrect. session_name() will return the key (*PHPSESSID* )
which is then used as a key in the $_COOKIE superglobal to point to the
current session id. http://php.net/session_destroy
You will notice that the code I provided you is directly from the PHP
docs and it is *not* incorrect.
As you can see from the example below, each time I start a new browser
session, I can, in fact, echo out what you suggest to be superfluous.
Perhaps the answer to your problem lies in this simple oversight unless
you have altered the value of "session.use_co okies" in your ini file.
<?php
session_start() ;
if(isset($_COOK IE[session_name()])){
echo $_COOKIE[session_name()];
}
// 72728376dfdd7f3 de60f75111ace5a 6e (first session - browser one)
// 1ce309fbb3bbdd0 d34ed2b73be8cbe 5b (first session - browser two)
?>
--
Koncept <<
"The snake that cannot shed its skin perishes. So do the spirits who are
prevented from changing their opinions; they cease to be a spirit." -Nietzsche
Koncept wrote:
In article <nb************ *************** ***@comcast.com >, Jerry
Stuckle <js*******@attg lobal.netwrote:
>>>// Note: This will destroy the session, and not just the session data!
if ( isset( $_COOKIE[session_name()] ) )
setcookie( session_name(), '', time() - 42000, '/' );
This line will never do anything. The session_name is the value of the
cookie, not the name.
That's incorrect. session_name() will return the key (*PHPSESSID* )
which is then used as a key in the $_COOKIE superglobal to point to the
current session id.
http://php.net/session_destroy
You will notice that the code I provided you is directly from the PHP
docs and it is *not* incorrect.
As you can see from the example below, each time I start a new browser
session, I can, in fact, echo out what you suggest to be superfluous.
Perhaps the answer to your problem lies in this simple oversight unless
you have altered the value of "session.use_co okies" in your ini file.
<?php
session_start() ;
if(isset($_COOK IE[session_name()])){
echo $_COOKIE[session_name()];
}
// 72728376dfdd7f3 de60f75111ace5a 6e (first session - browser one)
// 1ce309fbb3bbdd0 d34ed2b73be8cbe 5b (first session - browser two)
?>
My mistake. But I'm not the one having the problem. And this code
doesn't solve his real problem - which is page caching in Firefox.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
| Koncept <<
| "The snake that cannot shed its skin perishes. So do the spirits who are
| prevented from changing their opinions; they cease to be a
pirit." -Nietzsche
so, does this mean the absense of an opinion or the inability to change an
opinion make an apple cease to be an apple?
In article <11************ *@newsfe06.lga> , Steve <no****@example .com>
wrote:
so, does this mean the absense of an opinion or the inability to change an
opinion make an apple cease to be an apple?
*Assertion* *1*: The absence of opinion makes an apple cease to be an
apple.
*Assertion* *2*: The inability to change opinion makes an apple cease
to be an apple.
*Answer*
If the apple were capable of formulating opinion in the first place,
then to lose such a noble quality would certainly make the apple less
distinguished amongst its peers; however, considering that the apple
never had such talent, it will simply continue to maintain its status
as an object neither capable of opinion, nor of spiritual nature.
Truth be told, I'd still eat it regardless!
Remember ... An • a day keeps the doctor away.
--
Koncept <<
"The snake that cannot shed its skin perishes. So do the spirits who are
prevented from changing their opinions; they cease to be a spirit." -Nietzsche
In article <Fb************ *************** ***@comcast.com >, Jerry
Stuckle <js*******@attg lobal.netwrote:
My mistake. But I'm not the one having the problem.
And it was my mistake (realized after posting the reply ) that you were
the original author. Sorry 'bout that.
--
Koncept <<
"The snake that cannot shed its skin perishes. So do the spirits who are
prevented from changing their opinions; they cease to be a spirit." -Nietzsche This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Rod Carrol |
last post by:
Hi!
After you all gave me some good advice recently, I'm back for more :o)
On my web site, I want to display a 'log out' icon with some text
underneath, ("Log out"), which, when clicked, will end a session.
This is the simple code I'm using for the icon:
<a href="<?php echo $_SERVER; ?>?action=log_out">
|
by: mikelostcause |
last post by:
Is there anyway to hold the base.WndProc(ref m) until after the Logout()
function finishes loading a webpage??
I'm working on shutting down an app that runs in the system tray, I have no
problems shutting down, but I have problems saving data first.
if the base.WndProc(ref m) is placed at the top, it closes, but the system
does not continue to shutdown and it does not save the data via the Logout()
funtion.
If the base.WndProc(ref m)...
|
by: Judy Ward |
last post by:
I need to implement a login/logout feature (for a school assignment). I am using forms authentication. I have an index.html with frames: "top", "side", "main", "bottom". The top frame has a navigation bar with an asp hyperlink. I would like the text for this link to change from "Login" to "Logout" when the user logs in. So I put this code in the Page_Load of Top.aspx:
If User.Identity.IsAuthenticated Then
lnkLogin.Text = "Logout"
Else...
|
by: Jon Natwick |
last post by:
I'm trying to add a dynamically created logout link on my pages.
The link to the logout page will show if the user is logged in.
I put a placeholder on the aspx page and then dynamically create the link,
if the user is logged.
So far, so good. It's working.
Aspx
|
by: JMUApache |
last post by:
Hi:
I have got a problem with FromsAuthentication for many days.
I use "Forms" Authentication in my ASP.NET Web Froms, and I find
that I can't singout....
Some Code Here:
//In my Logon.aspx, I got the username and password
| | |
by: chaos |
last post by:
How to do logout alert message when i press on the logout image
<a href="../logout.php" target="_top" onClick="return logout()" "MM_nbGroup('down','group1','logout','',1)""MM_nbGroup('down','group1','logout','../button_images/logout_button_down.png',1)" onMouseOver="MM_nbGroup('over','logout','../button_images/logout_button_down.png','../button_images/logout_button_down.png',1)" onMouseOut="MM_nbGroup('out')" ><img name="logout"...
|
by: Kandiman |
last post by:
Hiya, i made a asp page, and one of my divs (as a include) is as below. the problem is if the main page is resubmitted, i get logged out again?...
heres the code.. i think its on the value=true for the hidden textbox on the logout sub.. but how do i get round this? can i not change the value onclick?
<div id=Rightbody>
<!--<form id="RightBodyForm" name="RightbodyForm" method="post" action="Guestbook2.asp">-->
<%
Response.Expires...
|
by: Thiago Macedo |
last post by:
I could not find on the web a complete solution for this task.
This is not the perfect solution, because it's doesn't have the
ability to log the logout if browser crash or user leave it open while
the session time out expires.
So, any improvement would be apreciated.
1. Make the system frameable, by creating a frameset page with an
unique frame - the system. So the user could navigate through the
pages without "leave" the website.
|
by: gradinafrica |
last post by:
I'm trying to create a log out button that uses AJAX to call a php file which ends the current session:
//logout.php
<?php
if (!session_start());
session_destroy(); //Destroys the session
echo "success";
?>
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
