Here is a new one.... I think (but I hope not)
I have been learning PHP for a few months now... I built a site. THe site has a user join form, and a login page (username and password) Now everything has been rolling along just great... Except....
I had a user tell me that when he used his back button instead of a link he could accidentally log in as the site owner, I tried to duplicate this but was never successful until this evening... When I use the back button on the browser it actually changes the username I am logged in under. Has anyone ever seen this before?
I will be more than happy to post any code needed, but I'm not sure where to start as the site has various levels of checking and double checking.
Basicaly the user control panel is loaded like this...
<?php
//error reporting here just incase I need it
//error_reporting(E_ALL & ~E_NOTICE);
session_start();
include_once 'header.inc';
include_once 'check_status.inc';
include_once 'db.php';
$contlist=mysql_query(
"SELECT * FROM memlist WHERE username='$_SESSION[username]'");
while ($all = mysql_fetch_array($contlist)) {
$userid = $all['userid'];
$membertype = $all['membertype'];
$userlevel = $all['userlevel'];
$signup_date = $all['signup_date'];
}
if (($membertype != 8) or ($userlevel != 6)){
echo "<br><center><font face='arial' color='red' size='3'><b>You are not authourized to veiw this page!
</font></b></center><br>";
exit();
}
//Jumps back to HTML after php closes below
?>
Now the include file check_status is as follows:
<?php
if(!$_SESSION['username']){
include_once 'header.inc';
echo "<center><font face='arial'><b>You are not currenly logged in. Please log in below</b></font></center>";
include 'login_form.php';
exit();
}
?>
Well I did say I am learning PHP, so any feedback that is constructive is VERY welcome!
