I really don’t know how to a stop this after logging in users can go back to the login screen and log back in as another I want to stop this. For example once you log in to facebook we can’t go back to the login interface it keeps us in the home page at all time I want to do this went through tone sites but none of them helped me actually non of them showed how to do it.
So can some one please help me all the other stuff are working and I can manage but this I’m just blank.
Does that mean your users can have multiple login ids? I would base your site on users having one email associated with the id. That should cut down on a lot of that but it won’t stop all of it.
Also, you could base it on IP address BUT they can still abuse it with proxies.
Maybe someone else has a better solution.
Buddy
No not that when user press the back button on the browser it takes him back to the login page and he could user another ID to log back I just want to keep them in the same login with out letting them to go back.
So after they login they are still on the login page?
No, I think sand12 means that once the user has filled out the form on the login page and got to the protected content, if they then press the ‘back’ button on the browser, he/she doesn’t want the user to get the login page again. Like FB, I guess the only way back to the login page would be by clicking ‘logout’.
I am no expert, but isn’t it a case of setting a cookie or session variable on login, and checking that at the start of the code on the login page? If the variable is set, either go straight back to the protected page, or call whatever ‘logout’ code you have.
It’s generally more a question of how one gets pushed around your site.
You can do it with a dedicated login page that pushes people around via form variables to get them to the right place once they’ve logged in; or you can make the session wrangling/login form an include and have the processing handled by that ‘in-page’, as it were.
that doesn’t help if the browser caches that page and using that instead of re-fetching the requested page.
Browsers shouldnt be caching the login page contents… you can send the headers to tell it not to do so; if it persists in caching the file, then it’s out of your hands.
You can’t prevent someone from using the back button. You need a redirect on your login page or an error message right before the user session is set if they are logged in.
top of php file that contains your login form, and the actual login log if seperate:
if(isset($_SESSION['username'])) {
header("Location: /"); // redirects them to homepage
exit; // for good measure
}
Now if the user presses back, they simply go to the homepage and no logic is run.
if(!isset($_SESSION['username'])) {
include_once("login.php");
exit;
}
you can prevent someone from using the back button by not adding additional entries to their browser history 
Not reliably, and you never want to rely on client side programming when it comes to things like this. Make sure your server side setup will prevent any attempt to login again, after that has been tested and verified, then you can attempt some client side features such as preventing history items in the browser, etc.
That isnt client side programming…
Your method goes from index.php to login.php to index.php, and relies on login.php to redirect (again) if someone pushes the back button on the last page.
Mine goes from index.php to index.php. You push the back button on the last page and you get… index.php again, which still detects you’re logged in.
How exactly do i push the back button and get to the login page, if i’ve never been to a login page? 
It is client side because your relying on something that the client has installed (the browser) to behave as you tell it to.
No i’m not.
User goes to index.php. The SERVER reads the above line. Sees the user is not logged in, sends the user the contents of login.php (which points to index.php [or more specifically, “whatever page you’re currently on”] as it’s processing), then exits.
User fills out form (still on ‘index.php’ as far as the browser is concerned), and then submits form.
Server processes form, reads line again, hey they’re logged in, so dont show the form and keep going.
Nothing client-side about that… at all.
So your relying on AJAX calls or an include of some sort to display the form. Whats to stop me from navigating manually to the form, or doing a curl call to the end point I see in that form?
Thank you guys for the replies.
Let me give you a small idea what this is about what I’m doing is building a back end for a small site where some one can add details with out having to change the full site.
So I use 2 different pages 1. for admin other for user admins can create users and edit anything on the site but user only have options to update the content or to create a model profile.
I did tried to use the session check but due to my 2 page system I can’t get it to work correctly I think I might be able to do it if I could shrink my 2 pages to one.
Also I’m posting my code where I create my sessions (login.php)
<?php
include_once("hostcon.php");
$uName = $_REQUEST["uname"];
$pWord = $_REQUEST["pword"];
$getUser = "SELECT * FROM users WHERE uName = '".$uName."' AND pass = '".md5($pWord)."'";
$trigerQuery = mysql_query($getUser);
$num = mysql_num_rows($trigerQuery);
$row = mysql_fetch_array($trigerQuery);
if($num > 0){
//creating session
$_SESSION["iD"] = $row["uId"];
$_SESSION["uType"] = $row["admin"];
if($row["admin"] == "Yes"){
header("location:admin.php");
exit();
}else{
header("location:user.php");
exit();
}
}else{//if the user details don't match up
header("location:index.php?login=Login Failed! Please Try Again.");
exit();
} ?>
my session check for normal pages in the back end
if(!isset($_SESSION["iD"])){
header("location:index.php?login=Please, Login to the system to use it.");
exit();
}
Use the below session check in my admin pages to check if it’s an admin or not
//Check if the logged in user is correct
if(isset($_SESSION["uType"]) != "Yes"){
header("location:index.php?login= Your not allowed to access this area");
exit();
}
all these things work but when pressed back it loads the login page where user entered in to the system.
P.S: I know the security issue’s guys I will fix it once the system starts working properly.
I’m not relying on AJAX anything.
I personally like segregating the login logic from the page logic, so here’s what i do:
admin.php:
<?php
include_once("login.php")
if($_SESSION["admin"] == "yes") {
//User is a useradmin.
} elseif(isset($_SESSION['username'])) {
//User is logged in but not useradmin
//This else block may be omitted to allow admins to do 'normal user things' as well.
}
?>
login.php:
<?php
session_start();
if(isset($_POST['uname'])) {
//Check form information in post; assuming it's ok, log the user in...
$_SESSION['username'] = $row['username'];
//etc.
}
if(!isset($_SESSION['username'])) {
//Login form code here.
echo "<form method='post' action=''>Some login fields here";
exit;
}
?>
Absolutely no AJAX involved. No client side anything. In other words, my solution to “how do i stop people from going back to login.php after they’ve logged in” is “never send them to login.php in the first place.”
StarLion Again thank you m8 your idea made my day solved my issue had to make some changes shrink 2 pages in to one this might help another I’m posting it here.
Login.php
<?php
/**
* Created by PhpStorm.
* User: SiNUX
* Date: 9/8/14
* Time: 4:30 PM
*/
include_once("hostcon.php");
$uName = $_REQUEST["uname"];
$pWord = $_REQUEST["pword"];
$getUser = "SELECT * FROM users WHERE uName = '".$uName."' AND pass = '".md5($pWord)."'";
$trigerQuery = mysql_query($getUser);
$num = mysql_num_rows($trigerQuery);
$row = mysql_fetch_array($trigerQuery);
if($num > 0){
//creating session
$_SESSION["iD"] = $row["uId"];
$_SESSION["uType"] = $row["admin"];
header("location:admin.php");
exit();
//This part is not used any more
/*if($row["admin"] == "Yes"){
header("location:admin.php");
exit();
}else{
header("location:user.php");
exit();
}*/
}else{//if the user details don't match up
header("location:index.php?login=Login Failed! Please Try Again.");
exit();
}
?>
admin.php
<?php
/**
* Created by PhpStorm.
* User: SiNUX
* Date: 9/8/14
* Time: 7:42 PM
*/
session_start();
include_once('admin_session.php');
$user = $_SESSION["uType"];
?>
<html>
<head>
<title>Admin Management Page</title>
</head>
<body>
<?php if($user == "Yes") {?>
<div style="width: 20%; float: left; height: 100%; margin-right: 10px;" id="menu_bar">
<!-- DO NOT MOVE! The following AllWebMenus linking code section must always be placed right AFTER the BODY tag-->
<!-- ******** BEGIN ALLWEBMENUS CODE FOR menu ******** -->
<script type="text/javascript">var MenuLinkedBy="AllWebMenus [4]",awmMenuName="menu",awmBN="868";awmAltUrl="";</script><script charset="UTF-8" src="menu/menu.js" type="text/javascript"></script><script type="text/javascript">awmBuildMenu();</script>
<!-- ******** END ALLWEBMENUS CODE FOR menu ******** -->
</div>
<?php } else {?>
<div style="width: 20%; float: left; height: 100%; margin-right: 10px;" id="menu_bar">
<!-- DO NOT MOVE! The following AllWebMenus linking code section must always be placed right AFTER the BODY tag-->
<!-- ******** BEGIN ALLWEBMENUS CODE FOR usermenu ******** -->
<script type="text/javascript">var MenuLinkedBy="AllWebMenus [4]",awmMenuName="usermenu",awmBN="868";awmAltUrl="";</script><script charset="UTF-8" src="menu/usermenu.js" type="text/javascript"></script><script type="text/javascript">awmBuildMenu();</script>
<!-- ******** END ALLWEBMENUS CODE FOR usermenu ******** -->
</div>
<?php } ?>
<div style="width= 80%; height: 100%; margin-left: 140px">
<iframe name="content" id="content" style="width: 80%;height: 100%; border: none"></iframe>
</div>
</body>
</html>
admin_session.php (checks admin session)
<?php
//Check if the logged in user is correct
if(isset($_SESSION["uType"]) != "Yes"){
header("location:user.php");
exit();
}
and I’m marking this thread as solved thank you Lion for all the help.