Help with logout: when I press log out and go to the login page but the users ca

Question

Help with logout: when I press log out and go to the login page but the users can return to the previous page when they press the back bottom.

This is my code:

====================================================

login.php

<!DOCTYPE html>
<html>
<head>
   <title>Login Page</title>
   <link rel="stylesheet" type="text/css" href="style.css"></link>
</head>
<body>
   <center><br><img src="https://nwhclibrary.files.wordpress.com/2012/06/library-logo.png" width="500" height="100"></center>
   <div class="container">
   <img src="http://blog.wpoven.com/wp-content/uploads/2015/02/Group-icon.png">
       <form action="maintest.php" method="POST">
           <div class = "form-input">
               <input type="text" name="username" placeholder="Enter Username">
           </div>
           <div class = "form-input">
               <input type="password" name="password" placeholder="Enter Password">
           </div>
           <input type="submit" name="submit" value="Login"/>
       </form>
   </div>

</body>
</html>

loginCheck.php

<?php

   function login() {
       $db = new mysqli('localhost', 'kim1','joon2120','kim1_test');
       return $db;
   }
   $db = login();

   //Get values pass from login.php file
   // ref by https://www.youtube.com/watch?v=arqv2YVp_3E&t=51s
   $username = $_POST['username'];
   $password = $_POST['password'];

   $query = "select password from Staff where username = '$username'";
   $stmt = $db->prepare($query);
   // echo $stmt."<br>";

   $stmt->execute();
   $stmt->store_result();
   $stmt->bind_result($pw_from_db);
   $stmt->fetch();

   if ($username and $password and $password == $pw_from_db) {
       // html starts here
   include("mainlibrary.php");
   }
   //else echo "bad password <br>";
else {
   //echo "<script type='text/javascript'>window.onloat = function() alert('ID or Password wrong!')</script>";
   include("login.php");
}
?>
  

imainpage.php

(just the log out bottom)

<form action="logout.php" method="POST">
           <input type="submit" name="logout" value="Logout"/>
       </form>

finally, in the logout.php

<?php
    session_start();
   setcookie(session_name(), '', 100);
   session_unset();
   session_destroy();
   $_SESSION = array();
header("location:login.php");
?>

==================================================

Everytime the user press logout then they can go back and see everything again, like

they are still in the web site.

How can I fix the code, please?

Explanation / Answer

the things done by you at the log out are absolutely correct by unsetting the values.

you have to do one more thing is to check at each page if the user is logged in that can be done using session.

If not we have to prevent user from logging in as follows:

<?php
if(!isset($_SESSION['logged_in'])) :
header("Location: login.php");
?>

This will redirect user to login page.

Include this on each page top.

Now when the user clicks back button you wont be having any session varioable set and then he will be redirected to the login page.

Related Questions

Navigate

• Browse (All)
• Browse H
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.