Login Problem

#1
newphpcoder

Posted 08 September 2010 - 09:12 PM

Programming Professional

Members
479 posts

Good day!

I have an index.php or a login page.The scenario on my webpage is when i successfully login and i accidentally press the back button the login page appear again and when i try to login again i could login again, which is not good.
here is my code:


<?php  

session_start(); 

 if(isset($_SESSION['USER_ID'])){


exit("you can't login in again when your all ready logged!");


} 

//require_once 'conn.php';  

$db_name="dspi"; 


mysql_connect("localhost", "root", "") or die("Cannot connect to server");

mysql_select_db("$db_name")or die("Cannot select DB");   



        $department = mysql_real_escape_string($_POST['department']);   

        $username = mysql_real_escape_string($_POST['username']); 


        $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error()); 

        $ct = mysql_num_rows($sql); 

     

        if($ct == 1) { 

            $row = mysql_fetch_assoc($sql);  

         

            if($row['Department']=='Accounting') { 

                header('location: Company.php'); 

            } elseif($row['Department']=='Engineering') { 

                header('location: Company.php'); 

            } elseif($row['Department']=='Finishing_Goods') { 

                header('location: Company.php'); 

            } elseif($row['Department']=='HRAD') { 

                header('location: Company.php'); 

            } elseif($row['Department']=='MIS') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='Packaging_and_Design') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='Production') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='Purchasing_Logistic') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='QA_and_Technical') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='Supply_Chain') { 

                header('location:Company.php'); 

            } 

            else {

				header('location:index.php');

				echo"Incorrect Username or Department"; 

				

	        	}  

	}

?>

#2
matrob

Posted 09 September 2010 - 07:13 AM

Newbie

Members
12 posts

Why is it bad that you can log in again?
One thing I did on my site to change this was place a couple lines of code at the beginning of my login.php that check if the user is already logged in. If they are, they are logged out and the login form is loaded.

<?php

	session_start();

	if (isset($_SESSION['user'])) {

		unset($_SESSION['user']);

		session_destroy();

		header('location: login.php');

	}

?>

#3
Orjan

Posted 09 September 2010 - 03:49 PM

Writes binary right handed and hex left handed

Moderators
3,299 posts

Hmm.. you don't start the session, you don't set the session variables, how should your page then know that the user is logged in? What your code do now, is to verify that the username is valid in the context of the department, and if so, forwards the user to the next page with a location-header. See the php tutorial section, there is a register/login/logout tutorial there which would give you lots to think about.

__________________________________________
I study Information Systems at Karlstad University when I'm not on CodeCall

#4
newphpcoder

Posted 12 September 2010 - 07:45 PM

Programming Professional

Members
479 posts

newphpcoder said:


<?php  

session_start(); 

 if(isset($_SESSION['USER_ID'])){


exit("you can't login in again when your all ready logged!");


} 

//require_once 'conn.php';  

$db_name="dspi"; 


mysql_connect("localhost", "root", "") or die("Cannot connect to server");

mysql_select_db("$db_name")or die("Cannot select DB");   



        $department = mysql_real_escape_string($_POST['department']);   

        $username = mysql_real_escape_string($_POST['username']); 


        $sql=mysql_query("SELECT `Department`, `Username` FROM `tbllogin` WHERE `Department` = '{$department}' AND Username = '{$username}'") or die(mysql_error()); 

        $ct = mysql_num_rows($sql); 

     

        if($ct == 1) { 

            $row = mysql_fetch_assoc($sql);  

         

            if($row['Department']=='Accounting') { 

                header('location: Company.php'); 

            } elseif($row['Department']=='Engineering') { 

                header('location: Company.php'); 

            } elseif($row['Department']=='Finishing_Goods') { 

                header('location: Company.php'); 

            } elseif($row['Department']=='HRAD') { 

                header('location: Company.php'); 

            } elseif($row['Department']=='MIS') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='Packaging_and_Design') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='Production') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='Purchasing_Logistic') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='QA_and_Technical') { 

                header('location:Company.php'); 

            } elseif($row['Department']=='Supply_Chain') { 

                header('location:Company.php'); 

            } 

            else {

				header('location:index.php');

				echo"Incorrect Username or Department"; 

				

	        	}  

	}

?>

Thank you for the code you suggested, i try it and the output is the user can login again even she is already login..I have no idea why the session was not work...