you can use
if(isset($_SESSION["username"]))
{
// header to another location
}
// in index
if(isset($_SESSION["username"]))
{
header("Location: login.html");
}
Question
I have a simple login and logout system using PHP in WampServer. Login form is on index.php, which leads to login.php after submission. And login.php has link to log out (logout.php).
index.php
<html>
<head>
</head>
<body>
<form action="login.php" method="POST">
Username:<input name="username" type="text">
<br>
Password:<input type="password" name="password">
<br>
<input type="submit" name="submit" value="login">
</form>
</body>
</html>
login.php
<html>
<head>
</head>
<body>
<?php
define('DB_NAME','db_name');
define('DB_USER','root');
define('DB_PASSWORD','');
define('DB_HOST','localhost');
$link=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD);
if (!$link)
{
die('Failed to connect to MySQL: ' . mysql_error());
}
$query = "CREATE DATABASE IF NOT EXISTS " . DB_NAME;
if(!mysql_query($query)){
die('Error in creating database : <br> ' . mysql_error());
}
$db_selected = mysql_select_db (DB_NAME, $link);
if(!$db_selected) {
die(' Can\'t use ' . DB_NAME . ' : ' . mysql_error() );
}
session_start();
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
if ($username && $password ){
$query = mysql_query("SELECT * FROM login WHERE username='$username'");
$numrows = mysql_num_rows($query);
if($numrows!==0){
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if ($username==$dbusername && $password==$dbpassword) {
echo "You are logged in !";
@$_SESSION['username'] = $username;
}
else{
die("password incorrect");
}
}
else{
die("User does not exist");
}
}
else {
die("Please enter correct username and password");
}
}
?>
<br>
<a href="logout.php">Logout</a>
</body>
</html>
logout.php
<?php
session_start();
unset($_SESSION["username"]);
header("Location: index.html");
?>
Which is working.
Now, I want to prevent the following.
I have tried adding following to login.php to clear cache but it has not worked out.
header('Cache-Control: no-cache, must-revalidate');
header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');
And
header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header ("Pragma: no-cache");
In fact, if I don't write any of above 2 code snippets, browser asks for form resubmission. But if I do write it, it directly shows pages by going back without preventing anything.
I have seen this question on this site but could not understand how to apply it. Can anyone could please explain how to clear the cache or use any other method in php to do it?
La solution
you can use
if(isset($_SESSION["username"]))
{
// header to another location
}
// in index
if(isset($_SESSION["username"]))
{
header("Location: login.html");
}