Hi everyone, I have been almost finished (well i thought i finished) writing this login page in php. Everything works fine when the user enter in the details and presses the login button.
But after the user logins once they are able to use the forward and back buttons on the browser to go between the 2 pages.
Is there a way to stop this from happening? Basically when there are at the login page they shouldn't be able to forward through to the next page.
(1st Page, the Login Page.)
<form method="post" action="selectQuery.php">
<table width="768" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="118" height="34">Name:</td>
<td width="650"><select name="username" id="username">
<option value="fredk">Fred</option>
<option value="arbonk">Arbon</option>
<option value="arsalana">Arsalan</option>
<option value="minhn">Minh</option>
<option value="nathanielg">Nathaniel</option>
</select></td>
</tr>
<tr>
<td height="33">Password:</td>
<td><input name="password" type="password" value="password" maxlength="16" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" value="Login" /></td>
</tr>
</table>
</form>
(2nd Page)
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$referer = $_SERVER['HTTP_REFERER'];
#connection to server
$connection = @mysql_connect ( "***.***.**.*" , "****", "*******") or die ("Could not connect to server");
#connection to database
$rs = @mysql_select_db ( "one", $connection ) or die ("Could not connect to Database");
#the sql query
$sql = "SELECT * FROM `users` WHERE user_name = \"$username\" AND password = \"$password\"";
#executing the query
$results = mysql_query( $sql, $connection ) or die ("Could not connect to Database");
#counts the no of rows that much the query
$row = mysql_num_rows($results);
##$rows = count(row);
#checks to see if password field is left blank
#if so it will return the user back to the login page
#if there is a match then we assume that the login is authenticated
if (empty($password) || $row == 0)
{
header( "Location:$referer" ); exit();
}
else
{
if ($username == 'fredk')
{ $fname = 'Fred'; }
else if ($username == 'arbonk')
{ $fname = 'Arbon'; }
else if ($username == 'arsalana')
{ $fname = 'Arsalan'; }
else if ($username == 'minhn')
{ $fname = 'Minh'; }
else if ($username == 'nathanielg')
{ $fname = 'Nathaniel'; }
$msg = "Hi $fname, your login was successfull. <p></p>";
echo($msg);
}
?>
The code on page 2 should check whether the login is correct, if all is good i have some additional code (a form and another Database query) which becomes visible to the user.