login logout

robinjohn

Hi everyone, just a quick question to do with security, restricting access to a website.

If I use a database to check for the existance of a username and password, how then do I block access if that user decides to quit.

How is it possible to recognise the logout of a user / even to block the viewing of previous browsed web pages.

An example I suppose would highlight what I'm trying to say.

If, once you log out of Hotmail, you press the back button - a login page comes up again. How is this done? Better yet, how should something like this be done using PHP.

I've got a users DB, I can check for the existance of a user, password combination but how can the logout be regcognised?

Any ideas?? Am I making sense?
Thanks for your time,
Robin.

GBahle

you're making sense, and what's better yet, it's quite simple 😉

A very simple scheme would be to use a session (session_start()) on each page you want to protect.
On your login page, you add a new variable to the session ($SESSION["UserID"]) upon successful login.
Now, on each of the following pages, you check
isset($SESSION["UserID"] and, if you want to tailor content to your users, perhaps the value of UserID and if the check is successful, you go on with whatever code you had in mind. If it isnt, you do a header("Location: doLogin.php"); exit; and send the user straight back to the login script.
The logout button simply calls a unset$_SESSION["UserID"] or sth like that.

Hope that helps

<> Gernot <>

robinjohn

Thanks for your help Gernot, it really helps!! I'll give it a whirl,
thanks again,
Robin.

Bunkermaster

add headers so that content will expire.