If the user hits their browser's Back button directly after logging into my Codeigniter web app they're taken back to the login form. Instead I'd like the user to be directed to the homepage.
Also, when the user logs out, I'd like to prevent access to the Account page, but I have no idea how to do this either.
Any suggestions?
I have attached my login model below.
Controller:
class Account extends CI_Controller{
public function __construct()
{
parent::__construct();
$this->load->model('masterentry_model');
$this->load->model('account_model');
// Your own constructor code
}
public function index()
{
if($this->session->userdata('logged_in') != TRUE){//checking loged in
$this->load->view('signin');
}else{
$data['location'] = $this->masterentry_model->getLocation();
$data['activeUser'] = $this->masterentry_model->userActive();
$data['flag'] = "home";
$this->load->view('home', $data);
//redirect('account');
}
}
//login process
public function loginsum(){
$this->load->library('form_validation');
$this->form_validation->set_rules('password', 'password', 'required|callback_check_exists');
if($this->form_validation->run() == true){
if($this->session->userdata('logged_in') == TRUE)
{
//$path = get_redirect_path();
redirect('account');
}
}
else{
if($this->session->userdata('logged_in') != TRUE)
{
$this->load->view('signin');
}
else
{
redirect('account');
}
}
}
//check email and password with database correct or not
public function check_exists($password){
$email = $this->input->post('email');
$result = $this->account_model->logincheck($email, $password);
if($result == 0)
{
$this->form_validation->set_message('check_exists', 'Email (or) Password incorrect');
return false;
}
else
{
return true;
}
}
//logout process
public function logout(){
$session_array = array(
'email' => "",
'user_id' => "",
'logged_in' => FALSE
);
$this->session->unset_userdata($session_array);
$this->index();
}
}
Model:
class Account_model extends CI_Model{
function __construct(){
parent::__construct();
}
public function logincheck($email, $password){
//echo "SELECT * FROM `account` WHERE email = '$email' AND password = '$password)'";
$query = $this->db->query("SELECT * FROM `account` WHERE email = '$email' AND password = '".md5($password)."'");
//checking row existes
if($query->num_rows() == 1){
$row = $query->row();
$session_array = array(
'email' => $row->email,//storing email in session
'user_id' => $row->id,//storing userid in session
'logged_in' => TRUE
);
$this->session->set_userdata($session_array);
return 1;
}else{
return 0;
}
}
}
Include these headers in the constructor function of the controller to prevent the caching of previous page
$this->output->set_header('Last-Modified:'.gmdate('D, d M Y H:i:s').'GMT');
$this->output->set_header('Cache-Control: no-store, no-cache, must-revalidate');
$this->output->set_header('Cache-Control: post-check=0, pre-check=0',false);
$this->output->set_header('Pragma: no-cache');