I have created two pages , one is index.php and admin.php . In the first page or index.php , i have created a loggin form so that i can access the admin.php page trough the loggin or like this enter image description here
Now by logging in i go to admin.php page. Here is the question what i want to ask about that now when ever i click the back button or next button in the chrome. I am returning to the admin.php page . I have tryed the session_start() and the if(!isset($password) || !isset($user)){}. But this code for obvious reasons doesnt work . So can someone help me out with this ?
The code for the example is here index.php
<?php session_start();?><!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="style.css"> <title>Admin</title> </head><body> <a href="reset.php">Reset</a> <div class="image"> <img src="img/adi.png" alt="image"> <!-- image --> </div> <form action="inc/login.php" method="POST"><br> <p class="title">Log In</p> <label for="Username">User :</label> <input type="text" name="username" id="user"> <br> <!--username --> <label for="Password">Password :</label> <input type="password" name="password" id="password" ><br><br> <!-- password --> <label for="showpassword" class="showpassword">Show Password</label> <input type="checkbox" name="checkbox" id="chk" ><br><br> <!-- checkbox --> <input type="submit" name="submit" value="Log in" > <!-- enter --> </form> <?php if(!isset($_GET['Login'])){ exit(); }else{ $check=$_GET['Login']; if($check=="userEmpty"){ echo "<p class='class_login'>user is empty</p> "; }elseif($check=="passwordEmpty"){ echo "<p class='class_login'>password is empty</p> "; }elseif($check=="wrongUser"){ echo "<p class='class_login'>user is wrong</p> "; }elseif($check=="Password"){ echo "<p class='class_login'>password is wrong</p> "; }; } ; ?> <script src="js/main.js"></script></body></html> and the code for the admin.php is this one :
<?phpsession_start();if(!isset($username) || !isset($password)){ header("location:index.php?data=closed"); exit();}?><!DOCTYPE html><html lang="en"><head> <script> window.history.forward(); </script> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="style.css"> <title>Document</title></head><body> <div class="top"> <a href="inc/logout.php">Log Out</a> </div> </body></html>Advertisement
Answer
Besides using of session_start you need to store something in the session, using something like this:
$_SESSION['userId'] = <value>;which must be set in your login.php and checked by your admin.php if user has access rigths to visit secured page. I.e. you need to check:
if (isset($_SESSION['userId']) && $_SESSION['userId'] == <value>) { // access granted}