The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
Please someone help me
I have designed a site with a basic login system, certain pages of my site are for members only and when you try and access this you are asked for a username and password. I have all this working fine, however once they are logged in, the page is cached. So when they log out all they have to do is click back or go to the login page and it will automatically log in without the login box appearing.
I am just usin a basic php script for the log in and I have used all manner of html meta tags to stop it being cached, can anyone help or is the a nice ploy for me to invest in freeola sql database in order to protect access to my site??
extremely frustrated!
I have designed a site with a basic login system, certain pages of my site are for members only and when you try and access this you are asked for a username and password. I have all this working fine, however once they are logged in, the page is cached. So when they log out all they have to do is click back or go to the login page and it will automatically log in without the login box appearing.
I am just usin a basic php script for the log in and I have used all manner of html meta tags to stop it being cached, can anyone help or is the a nice ploy for me to invest in freeola sql database in order to protect access to my site??
extremely frustrated!
Caching commands can be a bit of a pest because you're relying on the web browser to enforce them, so I don't think there is a 100% safe way of doing so. Using MySQL in place of a flat file won't cause the web browser to drop it's catch, as once the web page is downloaded to the users computer, the browser is in control of the document.
I think SSL connections are more likely to enforce it though, as Freeola's log-in doesn't let me back-track once I've logged out.
The settings they have are:
... so perhaps try adding to what Garin suggested, with:
I think SSL connections are more likely to enforce it though, as Freeola's log-in doesn't let me back-track once I've logged out.
The settings they have are:
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache, no-cache
Keep-Alive: timeout=15, max=34... so perhaps try adding to what Garin suggested, with:
header("Expires: Thu, 19 Nov 1981 08:52:00 GMT");
header("Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0");
header("Pragma: no-cache, no-cache"); 
Not sure how thats going to help? As long as the cookie contents are blank, the login shouldnt validate anyway I think?
Try changing
to
The problem is due to the way you delete the cookie and check it.
have a read of http://uk.php.net/manual/en/function.setcookie.php
// logout?
if(isset($_GET['logout'])) {
setcookie("verify", '', $timeout, '/'); // clear password;
header('Location: ' . LOGOUT_URL);
exit();
}
to
// logout?
if(isset($_GET['logout'])) {
setcookie("verify", '', time() - 3600, '/'); // clear password;
header('Location: ' . LOGOUT_URL);
exit();
}
The problem is due to the way you delete the cookie and check it.
have a read of http://uk.php.net/manual/en/function.setcookie.php
MySQL isnt going to make any difference with this. Your problem is essentially with your browser and the methodology with which you store user information isnt going to change that.
I placed that code at the very beginning in member.php but I am afraid it still does not work.
It looks like I will be getting sql anyway so I will just create a log in using that, thanks for your help though.
Danny
It looks like I will be getting sql anyway so I will just create a log in using that, thanks for your help though.
Danny
Try putting
before your include in members.php
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Mon, 25 Jul 1974 06:00:00 GMT");before your include in members.php
Thanks for replying, I am very new to this so a lot of my code I have only learnt or have just put together.
I have a php file located in a seperate folder which contains
and then my webpage I am locking is
?php include("/freeola/users/8/9/sr0779498/ htdocs/protector/password_protect.php"); ?>
Logout
Members Area
you can try it at www.orderofmasons.com/member.php
I have a php file located in a seperate folder which contains
$LOGIN_INFORMATION = array(
'username' => 'password',
);
// request login? true - show login and password boxes, false - password box
only
define('USE_USERNAME', true);
// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.orderofmasons.com/');
// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 0);
// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);
// show usage example
if(isset($_GET['help'])) {
die('Include following code into every page you would like to protect, at
the very beginning (first line):<br><?php include("' .
str_replace ('\\',' \\\\',__FILE__) . '"); ?>');
}
// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
// logout?
if(isset($_GET['logout'])) {
setcookie("verify", '', $timeout, '/'); // clear password;
header('Location: ' . LOGOUT_URL);
exit();
}
if (!function_exists ('showLoginPasswordProtect')) {
// show login form
function showLoginPasswordProtect($error_msg) {
?>
<html>
<head>
<title>Please enter password to access this page</title>
</head>
<body>
<style>
input { border: 1px solid black; }
</style>
<form method="post">
<h3>Please enter password to access this page</h3>
<font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Login:<br /><input type="input"
name="access_login" /><br />Password:<br />'; ?>
<input type="password" name="access_password" /><p></p><input
type="submit" name="Submit" value="Submit" />
</form>
<br />
<a style="font-size:9px"
<a>Powered by Webpage Password Protect</a>
</body>
</html>
<?php
// stop at this point
die();
}
}
// user provided password
if (isset($_POST['access_password'])) {
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password'];
if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
|| (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) ||
$LOGIN_INFORMATION[$login] != $pass ) )
) {
showLoginPasswordProtect("Incorrect password.");
}
else {
// set cookie if password was validated
setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
// Some programs (like Form1 Bilder) check $_POST array to see if
parameters passed
// So need to clear password protector variables
unset($_POST['access_login']);
unset($_POST['access_password']);
unset($_POST['Submit']);
}
}
else {
// check if password cookie is set
if (!isset($_COOKIE['verify'])) {
showLoginPasswordProtect("");
}
// check if cookie is good
$found = false;
foreach($LOGIN_INFORMATION as $key=>$val) {
$lp = (USE_USERNAME ? $key : '') .'%'.$val;
if ($_COOKIE['verify'] == md5($lp)) {
$found = true;
// prolong timeout
if (TIMEOUT_CHECK_ACTIVITY) {
setcookie("verify", md5($lp), $timeout, '/');
}
break;
}
}
if (!$found) {
showLoginPasswordProtect("");
}
}
?>
and then my webpage I am locking is
?php include("/freeola/users/8/9/sr0779498/ htdocs/protector/password_protect.php"); ?>
Logout
Members Area
you can try it at www.orderofmasons.com/member.php
Difficult to help without more information. Can we see the code and it in action?
Please someone help me
I have designed a site with a basic login system, certain pages of my site are for members only and when you try and access this you are asked for a username and password. I have all this working fine, however once they are logged in, the page is cached. So when they log out all they have to do is click back or go to the login page and it will automatically log in without the login box appearing.
I am just usin a basic php script for the log in and I have used all manner of html meta tags to stop it being cached, can anyone help or is the a nice ploy for me to invest in freeola sql database in order to protect access to my site??
extremely frustrated!
I have designed a site with a basic login system, certain pages of my site are for members only and when you try and access this you are asked for a username and password. I have all this working fine, however once they are logged in, the page is cached. So when they log out all they have to do is click back or go to the login page and it will automatically log in without the login box appearing.
I am just usin a basic php script for the log in and I have used all manner of html meta tags to stop it being cached, can anyone help or is the a nice ploy for me to invest in freeola sql database in order to protect access to my site??
extremely frustrated!