I am using the Codeigniter redirect() to redirect the page after user logouts on my website http://www.theindianclassified.com.
When user goes to the url http://www.theindianclassified.com/logout he is redirected to the home page after he is logged out of the system. But if the user login and again click logout user is not logged out but he is redirected to the home page. I think the redirect using the Codeigniter redirect() method is cached by browser.
Please help me, how the implementation happen in the above scenario. I want the browser not to cache the redirect.
Log out function is below.
function logout() {
$this->session->sess_destroy();
redirect('');
}
You should check your login function to make sure the fault isn't there. If I were to guess it'll be there. If that doesn't work try 'unsetting' the session variables one-by-one.
Related
Imagine I have a page called index.php and several other pages that are linked to it. Any link on index.php requires logging in to access it. All the links on index.php should redirect me to another page but only after a successful login.
How can I go to any link I clicked automatically after I log in successfully. An example is, when I click on xxxxxxxxxxx.php, it takes me to the login page first and, after I successfully login, I would prefer it takes me to xxxxxxxxxxx.php for that instance.
you can achieve this in two method
while redirecting to login page add current link as get parameter like
redirect to login.php?from=xxxxxxxxxxx.php
or using $_SERVER['HTTP_REFERER'] from login page it will give the the priovious page url
Here is the solution i got based on your requirements:
in any page you don't want a user to access unless he is logged in you must do the following
<?php
if(!isset($_SESSION['activeUser'])){
echo "please login to view this page";
header("refresh:3; url=login.php"); // you can set how many seconds you want before redirecting the user
die();
}
?>
in your login page, you need to setup a session named for example $_SESSION['activeUser'], in which you can validate where a user can and can not enter.
Side note, users should not be able to see links that you don't want them to click on unless they are logged in. my answer above is for validating when a user tries to access a page in your website from the url.
I came up with a solution and it works. I'm not quite sure how safe it is but check it out
First, if the person is not logged in I redirect to the login page with the requested page set to $_SERVER['PHP_SELF'];.
if (!isset($_SESSION['user_id'])) {
header('Location: ../login?next='.$_SERVER['PHP_SELF']);
$db = null;
die();
}
Then is the person logs in successfully I set the requested page to the header() if it exists else I proceed to the dashboard.
if (isset($_GET['next'])) {
$location_redirect = $_GET['next'];
} else {
$location_redirect = "member/dashboard";
}
header("location: $location_redirect");
I've got a working login page for my Laravel program. Now, if the user logs in successfully he/she must be redirected to a different page (instead of the "home" page as they normally would have been). This will be the 2FA page.
My question is:
I know how to redirect the user after validating their credentials, but how can I set it so that once the user is redirected to the 2FA page that they cannot instantly access any other part of the website as they would after logging in normally? (Also, they should only be able to access the 2FA page if they've been authenticated successfully) And then only allow them access to the full content of the website only after they've passed the 2FA page?
My login function in my AuthController looks something like this:
if (Auth::attempt(['username' => $request->username, 'password' => $request->password])) {
return redirect()->route('home');
} else {
session()->flash('errormessage','Invalid password.');
return redirect()->back();
}
As far as I know, "Auth::attempt" immediately logs the user in when True is returned. One way I was thinking of doing it is I instantly log the user out as soon as they're logged in, save their UserID to their session, then redirect them to the 2FA page, the 2FA page checks their UserID in their session and loads, otherwise redirects them back to the login page. And once they've passed the 2FA page just log them in again using their UserID which is saved in their session.
Any better suggestions would be welcome.
Add this function to your login controller which overrides the redirectTo property
public function redirectPath()
{
if(some condition)
{
$this->redirectPath=route("some where");
}else{
$this->redirectPath=route("some other where");
}
return $this->redirectPath;
}
I have simple application in codeigniter. I have login and logout in it. When I logged in.
member page is opened as in below screenshot. But when I click on back browser as arrow indicate, then it goes to login page. similar is the case when I logged out, login page is opened, but when I clicked on back browser as arrow indicate in below screenshot, then it goes to member page.
I want to validate it. I means it should be only in login page or member page, when I don't logged out or I don't logged in. when I press back browser arrow.
Session is used for this, or something else, but I don't know should I do it. Proper code for it is needed. Please help me friends. Thanks in advance.
You should make session control in login controller. You can use the code below:
if (!$this->session->userdata())
{
//put your login controller content here
}
else
{
redirect('your_dashboard_url');
}
You should use session in login controller
See below code:
public function __construct()
{
parent::__construct();
if (!$this->session->userdata('logged_in')){
redirect('login');
}
}
I hope it will work for you.
you can use session in codeigniter.check below link
https://www.codeigniter.com/user_guide/libraries/sessions.html?highlight=session
I try the following code,but still page is go back.
public function members()
{
if($this->session->userdata('is_logged_in'))
{
$this->load->view('admin/members');
}
else
{
redirect('main/login');
}
}
main is the controller's name and login and members are functions.
I have this problem in YII Once you log in you are redirected to index.php, but if you go to
http://staging.xxxxxxxx.com/
without the index.php it shows the login form again.
I dont know what to do to make it go to index.php when logged in.. I hope someone could help me.. Im really new to yii
You can check if user logged in or not by use this code :
if(Yii::app()->user->isGuest){ // not logged in
$this->redirect(array('controller/action')); /// redirect to target page
}
else{
$this->redirect(array('controller/action')); /// redirect to target page
}
I'm currently learning the basics of MVC using codeigniter as my framework and I created a login page. Now I already redirected a user after he logged in and stored a session data but the problem is after I log in (where in I redirected into another page) then pressed the back button the login page still displays unless I highlight the URL in the address bar and pressed enter wherein I go back again to the redirected page. Well I'm aware that this is because of the session check I've made but I need a solution on how I can solve it for the user to not go back again to login page unless he logged out. Same thing for logged out user not to go back to a certain page unless he/she logs in again.
To give a more details what exactly I wanted to happen is just like in facebook login wherein after you logged in and clicked the back button on browser the facebook will still redirect you to your homepage and not on the login page. samething goes to logout.
Well here's my controller so far I think this explains it all. Please do correct me if I made some redundancies in my code and understand that I'm a newbie on this. :)
public function index()
{
$data['error'] = null;
$username = $this->input->post('username');
$password = $this->input->post('password');
$data['login'] = $this->login_model->get_login_credentials($username,$password);
$data['session'] = $this->login_model->get_session($username);
//CHECK IF THE $PAGE VIEW IS EXISTING
if ( ! file_exists('application/views/pages/login.php'))
{
// IF PAGE DOESN'T EXISTS SHOW 404 ERROR
show_404();
}
if(($this->input->post('login')=='Login'&&$data['login']==1)||($username==$data['session']['username'])){
//SUCCESS LOGIN
$this->load->helper('url');
redirect('news');
}
if($this->input->post('login')=='Login'&&$data['login']!=1){
//LOGIN FAILED
$data['error'] = "Invalid login credentials.";
}
//FOR THE TITLE PART
$data['title'] = ucfirst('login');
$this->load->view('pages/login/login', $data);
$this->load->view('templates/footer', $data);
}
First for checking session data you can use :
$this->session->userdata('item');
here
$username==$data['session']['username'])
And perhaps you can SET 1 check at the start of your index as :
if($this->session->userdata('username'))
redirect('news');
Dont forget to load all helpers and libs required before callign those functions..
For sessions check http://codeigniter.com/user_guide/libraries/sessions.html
If you don't want to to go to login page after successful login, you can test the session in login page and redirect into some other page if session is set. Try this code.
if ($data['session']['username']) != NULL) {
redirect('home_page','refresh');
}
This question is already solved here: Clear cache on back press to prevent going back on login page or previous page after logout by Hashem Qolami Same question but in different perspective.