473,322 Members | 1,421 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Login Problem-using session()

Good day!
I have an index.php or login page, when i login successfully and when i accidentally press the back button the login page appear, then when i try to login again, I could login again which is not correct, I have no idea how can i prevent to login again if the userr is zalready login.

here is my php code:
Expand|Select|Wrap|Line Numbers
  1. <?php  
  2. session_start(); 
  3.  if(isset($_SESSION['USER_ID'])){
  4.  
  5. exit("you can't login in again when your all ready logged!");
  6. $db_name="dspi"; 
  7. mysql_connect("localhost", "root", "") or die("Cannot connect to server");
  8. mysql_select_db("$db_name")or die("Cannot select DB");   
  9.  
  10.  
  11.         $department = mysql_real_escape_string($_POST['department']);   
  12.         $username = mysql_real_escape_string($_POST['username']); 
  13.  
  14.         $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error()); 
  15.         $ct = mysql_num_rows($sql); 
  16.  
  17.         if($ct == 1) { 
  18.             $row = mysql_fetch_assoc($sql);  
  19.  
  20. $Departments=array('Accounting', 'Engineering', 'Finishinh_Goods', 'HRAD', 'MIS', 'Packaging_and_Design', 'Production', 'Purchasing_Logistic', 'QA_and_Technical', 'Supply_Chain');
  21.   if(in_array($row['Department'], $Departments)){
  22.        header('Location:Company.php');
  23.   }else{
  24.        header('Location:index.php');
  25.        echo "Incorrect Username or Department";
  26.       }
  27. }
  28. ?> 
  29.  
Sep 9 '10 #1

✓ answered by TheServant

Well you see it's the browser that controls the back button, so it cannot be controlled by script/code. When you press back, the browser can either request that page again (probably what you would like), or display a cached version (which again you cannot stop). So what you want to look at is Website Cache Control.

Alternatively you can look at hiding or making it difficult to use the back button.

Ultimately as I say, the "back" functionality is a browser thing, not a code thing, so you do rely on the user's browser to behave, and the user to not mind you taking that control away from them... Two things you will never achieve 100%.

4 1544
TheServant
1,168 Expert 1GB
Well you see it's the browser that controls the back button, so it cannot be controlled by script/code. When you press back, the browser can either request that page again (probably what you would like), or display a cached version (which again you cannot stop). So what you want to look at is Website Cache Control.

Alternatively you can look at hiding or making it difficult to use the back button.

Ultimately as I say, the "back" functionality is a browser thing, not a code thing, so you do rely on the user's browser to behave, and the user to not mind you taking that control away from them... Two things you will never achieve 100%.
Sep 9 '10 #2
I have no idea how can prevent that the user can login again when they are already login
Sep 9 '10 #3
Playing with this sort of thing myself, what if you had a page index.php and all it doe's is check to see if session variable user id is set. if itis set then do nothing, if not set then include the page login.php which contains your code from above. If you see what I am getting at?
Sep 9 '10 #4
Ok, been playing around with this and have something that works. May not be the best implementation but here goes, more experienced guys please feel free to point out and inappropriate code etc.

I start with a splash screen where the login form is displayed.
Expand|Select|Wrap|Line Numbers
  1. <?php session_start();?>
  2. <html>
  3. <head>
  4.        <title>Title here!</title>
  5. </head>
  6. <body>
  7. <h1>splash screen</h1>
  8. blah blah...<br>
  9. blah blah...<br>
  10. blah blah...<br>
  11. blah blah...<br>
  12. <?php
  13. if($session["logedin"]!="true")
  14. {
  15.     echo '<form action="login.php" method="post"';
  16.     echo '<input type="text" name="user">username';
  17.     echo '<input type="text" name="pass">password';
  18.     echo'<input type="submit" value="submit">';
  19. }
  20. else { echo 'Already Logged In';}
  21. ?>
  22. </body>
  23. </html>
  24.  
The splash calls the actual login check script.
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  3. //error_reporting(-1);//remove this line if all is well
  4. //ini_set('display_errors', true);// remove this line if all is well
  5. $x= $_POST['user'];
  6. $y= $_POST['pass'];
  7. // make sure we got the values debug only
  8. //echo 'user is '.$x.'   password is  '.$y;
  9. //check user & password against database
  10. // if ok then set $ok to true
  11. $ok="true";// assume login is ok
  12. if($ok=="true")
  13. {    session_regenerate_id();// for security
  14.     $session["logedin"]="true";
  15. }
  16. if($ok=="false"){session_destroy();}
  17. // html or whatever or simply reload splash screen
  18. include("splash.php");
  19. ?>
  20.  
obviously the database check should deterine if $ok is set true or false but try changing it here manually to see that the script works on your server.
If you dont want the actual form on your splash screen it should be easy to replace the form with an active link to a login form on another page.
Sep 9 '10 #5

Sign in to post your reply or Sign up for a free account.

Similar topics

1
by: Nick Whitelegg | last post by:
Hello, I'm having an odd problem with combining an authentication session variable with header() redirection. Basically I have an authentication script which checks a username/password. If the...
9
by: Brian Burgess | last post by:
Hi all, Anyone know of any issues with setting the value of a Session object to the value of a submitted form item via 'Session("mySessionObj")=Request.Form("myFrmElem")' ? In my case the...
2
by: mircu | last post by:
Hi, I need a quick solution to make my application behave correctly when one of these timeouts occurs. I have some logic in session_start but when the authentication cookie timeouts the user is...
1
by: Fabrício de Novaes Kucinskis | last post by:
Hi all, I have an ASP.net application in which I keep the user login in session variables. Today, with two users accessing simultaneously the application (in different sessions, but...
1
by: ijevsk | last post by:
I have asp page of my system and when I click on the link I want to open new login page.If I enter to the system throuth this page my old session is overides. I wont that to have two pages with...
5
by: google | last post by:
I have a website that has a asp secured members only aria that keeps session variables to check if someone is logged in or not (if session variables are not there then redirect to logon screen) but...
3
by: satishknight | last post by:
Hi, Can some one tell me how to change the validation sequence for the code pasted below, actually what I want it when any one enters the wrong login information (already registered users) then it...
1
by: =?Utf-8?B?RGF2ZQ==?= | last post by:
I'm getting this error "Failed to login to session state SQL server for user MyUserAccount" The web.config has: <system.web> <sessionState mode="SQLServer" sqlConnectionString="Data...
14
by: Mangler | last post by:
Can someone explain the how I can make it so that a login ( username ) can only be logged in once to a website if it is possible. What I would like to do is have it so that if dwaldman is logged...
0
by: Cadicus | last post by:
Hello Developers! Thank you for taking the time to read this email. Any insight would be greatly appreciated. I am attempting to log into a website automatically using a PostMethod. I'm having...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.