hello,
i made a login script. the problem is that when i click Logout (see code below - logout.php) then press Back button on the browser, i can still see the restricted page…
here are the codes:
//_checklogin.php
<?php
session_start();
**//_checklogin.php**
include "_functions.inc.php";
$_SESSION['userok'] = checkuser($_SESSION['username'], $_SESSION['password']);
if (!$_SESSION['userok'])
{
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
$_SESSION['userok'] = checkuser($_POST['username'],$_POST['password']);
$_SESSION['user_status'] = $_SESSION['userok'][3];
$_SESSION['fname'] = $_SESSION['userok'][1];
$_SESSION['lname'] = $_SESSION['userok'][2];
//$_SESSION['login'] = "ok";
if(!$_SESSION['userok'])
{
//echo "please login";
header('Location: loginForm.php');
}
}
/*
* checkuser()
* returns an array if username is found with correct password
$query_data[] => username, fname, lname, status
*/
function checkuser($username,$password)
{
global $database, $user_table;
$link_id = db_connect($database);
$query = "SELECT username, fname, lname, status FROM $user_table WHERE username = '$username' AND password = '$password'";
$result = mysql_query($query);
if (!($result)) {
sqlError();
}
else {
$query_data = mysql_fetch_row($result);
return $query_data;
}
}
?>
_logout.php
<?php
session_start();
// Unset all of the session variables.
$_SESSION = array();
// Finally, destroy the session.
session_destroy();
header('Location: index.php');
?>
any help would be appreciated… .
thanks guys
