The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
I have designed a site with a basic login system, certain pages of my site are for members only and when you try and access this you are asked for a username and password. I have all this working fine, however once they are logged in, the page is cached. So when they log out all they have to do is click back or go to the login page and it will automatically log in without the login box appearing.
I am just usin a basic php script for the log in and I have used all manner of html meta tags to stop it being cached, can anyone help or is the a nice ploy for me to invest in freeola sql database in order to protect access to my site??
extremely frustrated!
I think SSL connections are more likely to enforce it though, as Freeola's log-in doesn't let me back-track once I've logged out.
The settings they have are:
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache, no-cache
Keep-Alive: timeout=15, max=34
... so perhaps try adding to what Garin suggested, with:
header("Expires: Thu, 19 Nov 1981 08:52:00 GMT");
header("Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0");
header("Pragma: no-cache, no-cache");
// logout?
if(isset($_GET['logout'])) {
setcookie("verify", '', $timeout, '/'); // clear password;
header('Location: ' . LOGOUT_URL);
exit();
}
to
// logout?
if(isset($_GET['logout'])) {
setcookie("verify", '', time() - 3600, '/'); // clear password;
header('Location: ' . LOGOUT_URL);
exit();
}
The problem is due to the way you delete the cookie and check it.
have a read of http://uk.php.net/manual/en/function.setcookie.php
It looks like I will be getting sql anyway so I will just create a log in using that, thanks for your help though.
Danny
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Mon, 25 Jul 1974 06:00:00 GMT");
before your include in members.php
I have a php file located in a seperate folder which contains
$LOGIN_INFORMATION = array(
'username' => 'password',
);
// request login? true - show login and password boxes, false - password box
only
define('USE_USERNAME', true);
// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.orderofmasons.com/');
// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 0);
// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);
// show usage example
if(isset($_GET['help'])) {
die('Include following code into every page you would like to protect, at
the very beginning (first line):<br><?php include("' .
str_replace ('\\',' \\\\',__FILE__) . '"); ?>');
}
// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
// logout?
if(isset($_GET['logout'])) {
setcookie("verify", '', $timeout, '/'); // clear password;
header('Location: ' . LOGOUT_URL);
exit();
}
if (!function_exists ('showLoginPasswordProtect')) {
// show login form
function showLoginPasswordProtect($error_msg) {
?>
<html>
<head>
<title>Please enter password to access this page</title>
</head>
<body>
<style>
input { border: 1px solid black; }
</style>
<form method="post">
<h3>Please enter password to access this page</h3>
<font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Login:<br /><input type="input"
name="access_login" /><br />Password:<br />'; ?>
<input type="password" name="access_password" /><p></p><input
type="submit" name="Submit" value="Submit" />
</form>
<br />
<a style="font-size:9px"
<a>Powered by Webpage Password Protect</a>
</body>
</html>
<?php
// stop at this point
die();
}
}
// user provided password
if (isset($_POST['access_password'])) {
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password'];
if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
|| (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) ||
$LOGIN_INFORMATION[$login] != $pass ) )
) {
showLoginPasswordProtect("Incorrect password.");
}
else {
// set cookie if password was validated
setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
// Some programs (like Form1 Bilder) check $_POST array to see if
parameters passed
// So need to clear password protector variables
unset($_POST['access_login']);
unset($_POST['access_password']);
unset($_POST['Submit']);
}
}
else {
// check if password cookie is set
if (!isset($_COOKIE['verify'])) {
showLoginPasswordProtect("");
}
// check if cookie is good
$found = false;
foreach($LOGIN_INFORMATION as $key=>$val) {
$lp = (USE_USERNAME ? $key : '') .'%'.$val;
if ($_COOKIE['verify'] == md5($lp)) {
$found = true;
// prolong timeout
if (TIMEOUT_CHECK_ACTIVITY) {
setcookie("verify", md5($lp), $timeout, '/');
}
break;
}
}
if (!$found) {
showLoginPasswordProtect("");
}
}
?>
and then my webpage I am locking is
?php include("/freeola/users/8/9/sr0779498/ htdocs/protector/password_protect.php"); ?>
Logout
Members Area
you can try it at www.orderofmasons.com/member.php
I have designed a site with a basic login system, certain pages of my site are for members only and when you try and access this you are asked for a username and password. I have all this working fine, however once they are logged in, the page is cached. So when they log out all they have to do is click back or go to the login page and it will automatically log in without the login box appearing.
I am just usin a basic php script for the log in and I have used all manner of html meta tags to stop it being cached, can anyone help or is the a nice ploy for me to invest in freeola sql database in order to protect access to my site??
extremely frustrated!