I don't what went but I think it is in the auth.php that keeps the code from going back into the dashboard I tried different solutions in here. But none of that works. Here is my code: logout.php
<?php
session_start();
session_destroy();
unset($_SESSION);
header("location: login.php");
?>
the login.php is:
<div class="card-body">
<form action = "" method = "POST">
<div class="form-floating mb-3">
<input class="form-control" name="email" id="inputEmail" type="email"
placeholder="name@example.com" required="required"/>
<label for="inputEmail">Email address</label>
</div>
<div class="form-floating mb-3">
<input class="form-control" name="password" id="inputPassword" type="password"
placeholder="Password" required="required"/>
<label for="inputPassword">Password</label>
</div>
<div class="d-flex align-items-center justify-content-between mt-4 mb-0">
<input class="btn btn-primary" name="loginBtn" value="Login" type="submit"></input>
</div>
</form>
</div>
Here is the auth.php that checks the user account:
<?php
include 'assets/conn/db-connect.php';
session_start();
if (isset($_POST['loginBtn'])){
$email = mysqli_real_escape_string($con,$_POST['email']);
$password = mysqli_real_escape_string($con,$_POST['password']);
$res = mysqli_query($con,"SELECT * FROM admin_account WHERE email = '$email'");
$row=mysqli_fetch_array($res,MYSQLI_ASSOC);
if ($row['password'] == $password){
$_SESSION['email'] = $row['email'];
header("Location: dashboard.php");
}else {
?>
<script type="text/javascript">
alert("Incorrect Credentials");
window.location = "login.php";
</script>
<?php
}
}
?>
the logout button is set as this:
<a class="dropdown-item" href="logout.php">Logout<i class="fas fa-sign-out-alt" style="margin-
left: 60px;"></i></a>
CodePudding user response:
add this code in your dashboard.
if(empty($_SESSION['email'])) {
header("Location: login.php");
}
to check if there's still a session.
or you can add $_SESSION['isLoggedIn'];
if ($row['password'] == $password){
$_SESSION['isLoggedIn'] = true;
$_SESSION['email'] = $row['email'];
header("Location: dashboard.php");
}
and check it in your dashboard like this:
if(!$_SESSION['isLoggedIn']) {
header("Location: login.php");
}
CodePudding user response:
you can just check for the session exists of not there.
if(!isset( $_SESSION['email'])){
header("Location: login.php");
}
you can check the email for blank or null as well --
if(!isset( $_SESSION['email']) || $_SESSION['email'] == ""){
header("Location: login.php");
}
CodePudding user response:
You can use this method to prevent browser back button click after logout .
<script>
window.history.pushState(null, "", "");
window.onpopstate = function(event) {
if(event){
window.location.href = 'loginpageurl';
}
}
</script>
CodePudding user response:
This will be your "index.php" for your login page:
Set your form action to "login.php" and add session to it, to check whether session is already set or not.
<?php
session_start();
if(isset($_SESSION['email'])){
header("location:your_dashboard.php");
}
?>
<div class="card-body">
<form action="login.php" method="POST"> <!-- set your form action to login.php -->
<div class="form-floating mb-3">
<input class="form-control" name="email" id="inputEmail" type="email"
placeholder="name@example.com" required="required"/>
<label for="inputEmail">Email address</label>
</div>
<div class="form-floating mb-3">
<input class="form-control" name="password" id="inputPassword" type="password"
placeholder="Password" required="required"/>
<label for="inputPassword">Password</label>
</div>
<div class="d-flex align-items-center justify-content-between mt-4 mb-0">
<input class="btn btn-primary" name="loginBtn" value="Login" type="submit"></input>
</div>
</form>
</div>
Then this will be your "login.php" to check user credentials, if entered credential is correct then set the SESSION and redirect to your dashboard else prompt incorrect credentials.
<?php
include 'assets/conn/db-connect.php';
session_start();
if(isset($_POST['loginBtn'])){
$email = mysqli_real_escape_string($con,$_POST['email']);
$password = mysqli_real_escape_string($con,$_POST['password']);
$res = mysqli_query($con,"SELECT * FROM admin_account WHERE email='$email' AND password='$password' ")or trigger_error(mysqli_error($conn));
if(mysqli_num_rows($res)){ //check if corrent credentials
while($res = mysqli_fetch_array($res)){
$_SESSION['email'] = $res['email']; //set session id
header("location:your_dashboard.php")
}
}
else{
echo "<script>window.alert('Incorrect Email or Password. Please try again!')</script>";
echo "<script>window.location.href='index.php'</script>"; //your index for login page
}
}
?>
Furthermore, you can put this session validation and "logout button" to your dashboard:
<?php
session_start();
if(!isset($_SESSION['email'])){
header("location:index.php"); //your index for login page
}
?>
<a class="dropdown-item" href="logout.php" onclick="return confirm('Are you sure you want to logout?')">Logout<i class="fas fa-sign-out-alt" style="margin-left: 60px;"></i></a>
Lastly, this will be your logout.php
<?php
session_start();
session_destroy();
unset($_SESSION['email']);
header("location: index.php");
?>