Home > OS >  How can I allow the user to not go back into the dashboard after logging out?
How can I allow the user to not go back into the dashboard after logging out?

Time:10-08

I don't what went but I think it is in the auth.php that keeps the code from going back into the dashboard I tried different solutions in here. But none of that works. Here is my code: logout.php

<?php
  session_start();
  session_destroy();
  unset($_SESSION);
  header("location: login.php");

?>

the login.php is:

<div class="card-body">
    <form action = "" method = "POST">  
    <div class="form-floating mb-3">
         <input class="form-control" name="email" id="inputEmail" type="email" 
           placeholder="name@example.com" required="required"/>
         <label for="inputEmail">Email address</label>
    </div>
    <div class="form-floating mb-3">
       <input class="form-control" name="password" id="inputPassword" type="password" 
        placeholder="Password" required="required"/>
     <label for="inputPassword">Password</label>
    </div>
    <div class="d-flex align-items-center justify-content-between mt-4 mb-0">
       <input class="btn btn-primary" name="loginBtn" value="Login" type="submit"></input>
    </div>
  </form>
</div>

Here is the auth.php that checks the user account:

<?php 
   include 'assets/conn/db-connect.php';
   session_start();

   if (isset($_POST['loginBtn'])){
     $email = mysqli_real_escape_string($con,$_POST['email']);
     $password  = mysqli_real_escape_string($con,$_POST['password']);
     $res = mysqli_query($con,"SELECT * FROM admin_account WHERE email = '$email'");
     $row=mysqli_fetch_array($res,MYSQLI_ASSOC);


  if ($row['password'] == $password){
     $_SESSION['email'] = $row['email'];
     header("Location: dashboard.php");
   }else {
?>
  <script type="text/javascript">
  alert("Incorrect Credentials");
  window.location = "login.php";
  </script>
  <?php
  }
  }
?>

the logout button is set as this:

<a class="dropdown-item" href="logout.php">Logout<i class="fas fa-sign-out-alt" style="margin- 
  left: 60px;"></i></a>

CodePudding user response:

add this code in your dashboard.

if(empty($_SESSION['email'])) {
  header("Location: login.php");
}

to check if there's still a session.

or you can add $_SESSION['isLoggedIn'];

  if ($row['password'] == $password){
     $_SESSION['isLoggedIn'] = true;
     $_SESSION['email'] = $row['email'];
     header("Location: dashboard.php");
  }

and check it in your dashboard like this:

if(!$_SESSION['isLoggedIn']) {
  header("Location: login.php");
}

CodePudding user response:

you can just check for the session exists of not there.

if(!isset( $_SESSION['email'])){
   header("Location: login.php");
}

you can check the email for blank or null as well --

if(!isset( $_SESSION['email']) ||  $_SESSION['email'] == ""){
   header("Location: login.php");
}

CodePudding user response:

You can use this method to prevent browser back button click after logout .

<script>
window.history.pushState(null, "", "");
window.onpopstate = function(event) {
    if(event){
          window.location.href = 'loginpageurl';
    }
}
</script>

CodePudding user response:

This will be your "index.php" for your login page:

Set your form action to "login.php" and add session to it, to check whether session is already set or not.

<?php
session_start();
if(isset($_SESSION['email'])){
header("location:your_dashboard.php");
}
?>
<div class="card-body">
<form action="login.php" method="POST"> <!-- set your form action to login.php -->
<div class="form-floating mb-3">
     <input class="form-control" name="email" id="inputEmail" type="email" 
       placeholder="name@example.com" required="required"/>
     <label for="inputEmail">Email address</label>
</div>
<div class="form-floating mb-3">
   <input class="form-control" name="password" id="inputPassword" type="password" 
    placeholder="Password" required="required"/>
 <label for="inputPassword">Password</label>
</div>
<div class="d-flex align-items-center justify-content-between mt-4 mb-0">
   <input class="btn btn-primary" name="loginBtn" value="Login" type="submit"></input>
</div>
</form>
</div>

Then this will be your "login.php" to check user credentials, if entered credential is correct then set the SESSION and redirect to your dashboard else prompt incorrect credentials.

<?php 
include 'assets/conn/db-connect.php';
session_start();

if(isset($_POST['loginBtn'])){
 $email = mysqli_real_escape_string($con,$_POST['email']);
 $password  = mysqli_real_escape_string($con,$_POST['password']);

 $res = mysqli_query($con,"SELECT * FROM admin_account WHERE email='$email' AND password='$password' ")or trigger_error(mysqli_error($conn));
 if(mysqli_num_rows($res)){ //check if corrent credentials
    while($res = mysqli_fetch_array($res)){
    $_SESSION['email'] = $res['email']; //set session id
    header("location:your_dashboard.php")
   }
 }
 else{
  echo "<script>window.alert('Incorrect Email or Password. Please try again!')</script>";
  echo "<script>window.location.href='index.php'</script>"; //your index for login page
 }
}
?>

Furthermore, you can put this session validation and "logout button" to your dashboard:

<?php
session_start();
if(!isset($_SESSION['email'])){
header("location:index.php"); //your index for login page
}
?>

<a class="dropdown-item" href="logout.php" onclick="return confirm('Are you sure you want to logout?')">Logout<i class="fas fa-sign-out-alt" style="margin-left: 60px;"></i></a>

Lastly, this will be your logout.php

<?php
session_start();
session_destroy();
unset($_SESSION['email']);
header("location: index.php");
?>
  •  Tags:  
  • php
  • Related