1

I'm a beginner in making a website and I'm still practising in making a website using PHP lounge.

This is the problem that I'm facing, if I click back button I'm still on the login page, how can i remove login form?

Here is the image

my php code for login from my database 

    $member_email = $_POST["member_email"];
    $member_password = md5($_POST["member_password"]);

    require_once("db_open.php");
    $sql = "SELECT * FROM members WHERE member_email='".$member_email."' AND member_password='".$member_password."'";
    $result = $conn->query($sql) or die($conn->error);
    if ($result->num_rows > 0) {
        while($row = $result->fetch_assoc()) {
            session_start();
            $_SESSION["member_id"] = $row["member_id"];
            $_SESSION["member_email"] = $row["member_email"];
            $_SESSION["member_full_name"] = $row["member_full_name"];
        }
    } else {
        header("Location: login_form.php");
        exit();
    }
    require_once("db_close.php");

    header("Location: index.php");

?>

Code for my checking for my login 

<?php

    if (!isset($_SESSION["member_id"])) {
        exit("<h3>Please <a class='btn btn-primary' href='login_form.php'>login</a> first.</h3>");
    }

?>

Here is my html and login form

<?php
    session_start();
?>

<!DOCTYPE html>

<html>


<head>
    <title>All Members</title>
    <link rel="stylesheet" href="bootstrap.min.css" />
</head>


<body>

<?php require_once("top_nav.php"); ?>

<div class="container">

    <h1>Login</h1>

    <form method="POST" action="login_db.php">
        <div class="form-group">
            <label for="member_email">Email:</label>
            <input type="text" name="member_email" id="member_email" class="form-control" />
        </div>
        <div class="form-group">
            <label for="member_password">Password:</label>
            <input type="password" name="member_password" id="member_password" class="form-control" />
        </div>
        <button type="submit" class="btn btn-success btn-lg">Login</button>
    </form>
</div>

</body>


</html>
Nehal
  • 1,542
  • 4
  • 17
  • 30
newbie
  • 59
  • 7
  • 3
    Add a check if logged in, then redirect accordingly. – Sougata Bose Feb 09 '16 at 07:58
  • Does index.php have `session_start();` before you check? – Hanky Panky Feb 09 '16 at 08:04
  • '_if i click back_' is it browser's go back button ? and after clicking and refreshing what page opens, are you still in login page or any other ? – Niklesh Raut Feb 09 '16 at 08:11
  • 1
    **Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Feb 09 '16 at 08:19
  • yes still in login form – newbie Feb 09 '16 at 08:20
  • 1
    **Danger**: You are using [an unsuitable hashing algorithm](http://php.net/manual/en/faq.passwords.php) and need to [take better care](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) of your users' passwords. – Quentin Feb 09 '16 at 08:20

0 Answers0