Zubrag.com
January 16, 2018, 07:31:48 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: Back Button After Logout Redirect  (Read 8867 times)
that_guy
Newbie
*
Posts: 1


« on: June 13, 2010, 02:22:24 PM »

Love the script. Was wondering if anybody ever came up with a solution to stop being able to use the back button after the logout redirect to still view the protected page?    Thanks

Logged
Traymond
Newbie
*
Posts: 2


« Reply #1 on: June 13, 2010, 05:47:50 PM »


Step 1.

make changes that fit your setup.  copy and paste this into the file you are protecting where you want it to show up on the page.  Make sure it is all on one line after you paste it.

<a href="http://www.yourwebsite.com/vault/secure_data.php?logout=1" onclick="javascript:location.replace(this.href); event.returnValue=false; ">Logout</a>



Step 2.

open the password_protected.php file

Look for the header on the next line. it is not far down from the top of the password_protect.php file.

##################################################################
#  SETTINGS START
##################################################################

You only need to make changes to the following sections. There are other sections in there but they require no changes.

1. change the web address to where you want to redirect the user too when they logout.
    Note: It does not matter what web address  you direct them too.   


// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.example.com');       <---------  change to the web address you want to redirect the user to.


2  make sure the TIMEOUT_MINUTES'   is  1       by default it is usually 0


// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 1);  ,    <-------------  make sure this is 1



3. make sure TIME_OUT_ACTIVITY is set  to false    by default it is usually true

// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', false);   <------   Make sure this is set this to false



Save your changes and upload your new PASSWORD_PROTECT.PHP  file to your webserver.



Logged
garyv
Newbie
*
Posts: 9


« Reply #2 on: July 22, 2010, 12:39:58 AM »

I am getting really frustrated. This appears to be a great script that DOES log in very well. The logout link does take me to the page it should. However, once I arrive at that page, I can always hit the back button and get back in, without the script asking for credentials. This is not secure and a real issue.

Also, I have my welcome page protected. However, I have numerous folders with index.php files. If I know the URL of those pages (which presumably Google bots will find) I can get into my site with no password. However, if I password protect them, I have to enter u/n and p/w every new index.php page I get to.

I have confirmed this on Firefox and Safari on a Mac. Everything else is OK. In order for this to work, it NEEDS to work! Any suggestions? Please advise.

-Gary
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC