Zubrag.com
October 23, 2018, 07:09:04 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: Logout NOT working  (Read 10617 times)
garyv
Newbie
*
Posts: 9


« on: July 22, 2010, 12:41:58 AM »

I am getting really frustrated. This appears to be a great script that DOES log in very well. The logout link does take me to the page it should so the link does work. However, once I arrive at that page, I can always hit the back button and get back in, without the script asking for credentials. So while the link works the FUNCTIONALITY does not. This is not secure and a real issue.

Also, I have my welcome page protected. However, I have numerous folders with index.php files. If I know the URL of those pages (which presumably Google bots will find) I can get into my site with no password. However, if I password protect them, I have to enter u/n and p/w every new index.php page I get to.

I have confirmed this on Firefox and Safari on a Mac. Everything else is OK. In order for this to work, it NEEDS to work! Any suggestions? Please advise.

-Gary

Logged
cms16
Newbie
*
Posts: 1


« Reply #1 on: July 27, 2010, 12:59:28 AM »

I am also getting an error. If i setup the links in the html as shown n the instructions when the logout button is pressed i get this error

You have reached this web page by typing "example.com", "example.net", or "example.org" into your web browser.

These domain names are reserved for use in documentation and are not available for registration. See RFC 2606, Section 3.

Also if i change that to another page then it works however then as mentioned above I can easily go back as long as the tab/window is not closed.
Logged
zubrag
Administrator
Hero Member
*****
Posts: 788


WWW
« Reply #2 on: July 27, 2010, 07:04:32 AM »

Page displayed on logout and back button - browser cache issue.  Ctrl+F5 (i.e. force page refresh) will prove it.  Maybe i'll find some solution to that

password_protect cannot protect folders. So you'll have to add protection string (the one you've got from "password_ptotect.php?help") to all php files you'd like to be protected from direct access. It should only ask password once. If it asks every time - cookie problem (script cannot set cookie).

Code:
You have reached this web page by typing "example.com", "example.net", or "example.org" into your web browser.
let the script know where to redirect after logout. Update this according to your needs in password_protect.php:

define('LOGOUT_URL', 'http://www.example.com/');
Logged
garyv
Newbie
*
Posts: 9


« Reply #3 on: July 27, 2010, 01:23:22 PM »

Zubrag,

Thanks for the reply. However, whether these issues are browser related or not, it makes the pages insecure. I would think there should be some code to prevent the back button issue so a logout is a true logout. FYI it happens with BOTH FIrefox and Safari. Also, I originally had the code on every php page and it asked me for credentials every time I went to the page. This is secure but not a good interface that users will accept.

I'd really like to use the script but these two items will prevent me from doing so. The website owner (as well as me as the sirte designer) would never accept this as it currently works. Is there any way you can help? Many others are having the same issue from what I have read on your site so you'd make many people happy if you could fix these problems.

G
Logged
garyv
Newbie
*
Posts: 9


« Reply #4 on: July 28, 2010, 01:36:35 AM »

I just added the code to each page and this time it appears to work in both Safari and Firefox. I can go to any protected page on the site and it requests credentials but only once so it appears the cookie is set.

Now if we could come up with a solution for the logout/back button issue we would be home free. I  know a lot of knowledgeable coders/scripters come here....can you advise on what you did to solve this if you have? Please?

Gary
Logged
zubrag
Administrator
Hero Member
*****
Posts: 788


WWW
« Reply #5 on: July 29, 2010, 05:51:43 AM »

There are 2 lines of code in password_protect.php which define cache rules, they start with "<META"

Try replacing those two lines with following

<meta http-equiv="cache-control" content="no-cache, must-revalidate">
<META HTTP-EQUIV="Expires" CONTENT="Thu, 29 Nov 2007 16:18:42 GMT">
<META HTTP-EQUIV="Last-Modified" CONTENT="Mon, 27 Jul 2015 02:28:12 GMT">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<meta http-equiv="If-Modified-Since" content="01 Jan 1970 00:00:00 GMT">

Note: Firefox seems to completely ignore these tags. Not sure why. Maybe it is only on my pc

OR try following instead of what was written above:
- remove two rows starting with "<META" from password protect.
- find this line "// show usage example"
- insert following before that line

    header("Expires: Sat, 1 Jan 2005 00:00:00 GMT");
    header("Last-Modified: ".gmdate( "D, d M Y H:i:s")."GMT");
    header("Cache-Control: no-cache, no-store, must-revalidate");
    header("Pragma: no-cache");
Logged
garyv
Newbie
*
Posts: 9


« Reply #6 on: July 30, 2010, 12:33:26 PM »

Zubrag

There is no "<META...." in my password_protect.php file.
There is no "// show usage example" in my password_protect.php file.

I just downloaded the file within the last 2 weeks. Why am I not seeing something that should (??) be in the code and is not?

Gary
Logged
zubrag
Administrator
Hero Member
*****
Posts: 788


WWW
« Reply #7 on: July 30, 2010, 01:28:18 PM »

Strange, that code should be there. Where did you download it?
Logged
garyv
Newbie
*
Posts: 9


« Reply #8 on: July 30, 2010, 01:48:45 PM »

From your site.
Logged
garyv
Newbie
*
Posts: 9


« Reply #9 on: July 30, 2010, 01:49:49 PM »

If you send me a note I will send the file to you as I do not want to post it here...
What line was it supposed to be on?
Logged
garyv
Newbie
*
Posts: 9


« Reply #10 on: August 01, 2010, 11:42:58 PM »

I take what I said back zubrag. I did find the code when I looked again. For some reason search did not find it last time.

Tried your second suggestion first and it did NOT work.
Tried the first suggestion and it did NOT work.
Again, to be clear, it goes to the logout page that I have specified but when I hit the back button it lets me back in no problem.

I did notice in the code for password_protect.php that it suggests this as the VERY first line (did I copy this correctly?):

<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');
}


Mine is different - I in pasted in the code that I was told to when I used the .../?help command. The two are different. The latter works and asks me for credentials but the first one does not. Which is correct and does this have anything to do with the logout issue? I would REALLY like to make this work. Can you help me? I know you have suggested a few things but neither worked  Sad

Gary
Logged
Peter_hauritz
Newbie
*
Posts: 3


« Reply #11 on: October 14, 2010, 11:52:47 PM »

I just downloaded the file within the last 2 weeks. Why am I not seeing something that should (??) be in the code and is not?
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC