Hi all,
I am using the following script to authenticate a user and give them the option to log out. However after logging out, simply pressing the back button takes them to the stage where they were logged in again. As this is unsecure can somebody help me as to how to make the previous page expire ?
Thanks in advance for your help !
if ($_POST['Submitted'] == "True") {
// If the username and password match up, then continue...
if ($POST['Username'] == $Username && $POST['Password'] == $Password) {
// Username and password matched, set them as logged in and set the
// Username to a session variable.
$SESSION['Logged_In'] = 'True';
$SESSION['Username'] = $_Username;
}
}
// If they are NOT logged in then show the form to login...
if ($SESSION['Logged_In'] != "True") {
?> <h1>Please Login to use Admin Section</h1><br><br><table width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><?
echo "<form method=\"post\" action=\"" . $SERVER['PHP_SELF'] . "\">
<td width=\"10%\">Username: </td><td><input type=\"textbox\" name=\"Username\"></td></tr>
<tr><td>Password: </td><td><input type=\"password\" name=\"Password\"></td></tr>
<tr><td colspan=\"2\"><input type=\"hidden\" name=\"Submitted\" value=\"True\"></td></tr>
<tr><td> </td><td> </td></tr>
<tr><td colspan=\"2\"><input type=\"Submit\" name=\"Submit\"></td></tr>
</form></table>";
}
else
{
echo "You are logged in as: <b>" . $_SESSION['Username'] . "</b><br><br>";
if ($_GET['mode'] == "logout") {
// Start the session
session_start();
// Put all the session variables into an array
$_SESSION = array();
// and finally remove all the session variables
session_destroy(); ?>
