Skip to content
Advertisement

solving problems in session? [closed]

I have created two pages , one is index.php and admin.php . In the first page or index.php , i have created a loggin form so that i can access the admin.php page trough the loggin or like this enter image description here

Now by logging in i go to admin.php page. Here is the question what i want to ask about that now when ever i click the back button or next button in the chrome. I am returning to the admin.php page . I have tryed the session_start() and the if(!isset($password) || !isset($user)){}. But this code for obvious reasons doesnt work . So can someone help me out with this ?

The code for the example is here index.php

<?php 
session_start();



?>
<!DOCTYPE html>
<html lang="en">
<head>

    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link rel="stylesheet" href="style.css">
    
    <title>Admin</title>
    </head>
<body>
    





<a href="reset.php">Reset</a>

    
    
    


    <div class="image">

        <img src="img/adi.png" alt="image">                                         <!-- image -->

    </div>



    
    
    
    
    
    
    <form action="inc/login.php" method="POST"><br>
        
        <p class="title">Log In</p>
    
        <label for="Username">User :</label>
            <input type="text" name="username"             id="user"> <br>            <!--username  -->
        
            
        <label for="Password">Password :</label>
            <input type="password" name="password"         id="password"    ><br><br>        <!-- password  --> 


        <label for="showpassword" class="showpassword">Show Password</label>   
            
            
            <input type="checkbox" name="checkbox"   id="chk" ><br><br>               <!-- checkbox -->
        
        
        <input type="submit" name="submit" value="Log in" >                       <!--  enter -->

        
       
    
    </form>
    
    <?php
    
    if(!isset($_GET['Login'])){
            exit();
        }else{

            $check=$_GET['Login'];
        
        
            if($check=="userEmpty"){
                
                echo "<p class='class_login'>user is empty</p> ";
            
            }elseif($check=="passwordEmpty"){
                
                echo "<p class='class_login'>password is empty</p> ";
            
            }elseif($check=="wrongUser"){
                
                echo "<p class='class_login'>user is wrong</p> ";
            
            }elseif($check=="Password"){
                
                echo "<p class='class_login'>password is wrong</p> ";
            
            };
    
    
        } ;
    ?>

 <script src="js/main.js"></script>

</body>
</html>

and the code for the admin.php is this one :

<?php
session_start();

if(!isset($username) || !isset($password)){

    header("location:index.php?data=closed");
    exit();
}


?>

<!DOCTYPE html>
<html lang="en">
<head>
    
    <script>
        window.history.forward();
    </script>

    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link rel="stylesheet" href="style.css">
    <title>Document</title>
</head>
<body>

    <div class="top">
        <a href="inc/logout.php">Log Out</a>
    </div>
    
</body>
</html>

Advertisement

Answer

Besides using of session_start you need to store something in the session, using something like this:

$_SESSION['userId'] = <value>;

which must be set in your login.php and checked by your admin.php if user has access rigths to visit secured page. I.e. you need to check:

if (isset($_SESSION['userId']) && $_SESSION['userId'] == <value>) {
  // access granted
}
User contributions licensed under: CC BY-SA
6 People found this is helpful
Advertisement