PHP/MySQL: Secure logging in on public computers? (solved)

Place for questions and answers for all newcomers and new coders. This is a free for all forum, no question is too stupid and to noob.
Post Reply
jameshutchings
Posts: 8
Joined: Sun Mar 08, 2015 4:18 am

PHP/MySQL: Secure logging in on public computers? (solved)

Post by jameshutchings »

My game checks the user's email and password against its database.

So it might send you to http://www.mygame.com?emailadd=gra33@ya ... rd=green45

If gra33@yahoo.com's password wasn't green45, the page would give an error message.

However, if someone is playing on a public computer and someone else uses the back button on the same computer, they'd be able to get in.

Is there an easy way to stop this?
Last edited by jameshutchings on Wed Apr 22, 2015 3:35 am, edited 1 time in total.
User avatar
vitinho444
Posts: 2825
Joined: Mon Mar 21, 2011 4:54 pm

Re: PHP/MySQL: Secure logging in on public computers?

Post by vitinho444 »

Instead of $_GET use $_POST method, the data exchanged between pages won't be visible on the URL.
My Company Website: http://www.oryzhon.com

Skype: vpegas1234
jameshutchings
Posts: 8
Joined: Sun Mar 08, 2015 4:18 am

Re: PHP/MySQL: Secure logging in on public computers?

Post by jameshutchings »

Thanks- but can you give me an example of how to do that?
User avatar
vitinho444
Posts: 2825
Joined: Mon Mar 21, 2011 4:54 pm

Re: PHP/MySQL: Secure logging in on public computers?

Post by vitinho444 »

Sure.

So in your form (the login form) where the user will type his username and password you should have:

Code: Select all

<form ... method="GET">
change that 'GET' to 'POST'.

Then in the page where you handle the information (the same page that is in the "action" attribute of the form) you simply change $_GET for $_POST like:

You should have:

Code: Select all

$username = $_GET["username"];
You now change to:

Code: Select all

$username = $_POST["username"];

Hope it helps ;)
My Company Website: http://www.oryzhon.com

Skype: vpegas1234
User avatar
Jackolantern
Posts: 10893
Joined: Wed Jul 01, 2009 11:00 pm

Re: PHP/MySQL: Secure logging in on public computers?

Post by Jackolantern »

Also, if the site's content is particularly sensitive (such as college work/grades, medical info, banking info, etc.), it is a pretty common practice to advise the user to close the browser tab after they are done. You can even attempt to close it for them once they log out, but most browsers don't allow you to do that anymore without a confirmation.
The indelible lord of tl;dr
User avatar
vitinho444
Posts: 2825
Joined: Mon Mar 21, 2011 4:54 pm

Re: PHP/MySQL: Secure logging in on public computers?

Post by vitinho444 »

Jackolantern wrote:Also, if the site's content is particularly sensitive (such as college work/grades, medical info, banking info, etc.), it is a pretty common practice to advise the user to close the browser tab after they are done. You can even attempt to close it for them once they log out, but most browsers don't allow you to do that anymore without a confirmation.
What does closing the tab do Jacko?
My Company Website: http://www.oryzhon.com

Skype: vpegas1234
User avatar
Jackolantern
Posts: 10893
Joined: Wed Jul 01, 2009 11:00 pm

Re: PHP/MySQL: Secure logging in on public computers?

Post by Jackolantern »

vitinho444 wrote:
Jackolantern wrote:Also, if the site's content is particularly sensitive (such as college work/grades, medical info, banking info, etc.), it is a pretty common practice to advise the user to close the browser tab after they are done. You can even attempt to close it for them once they log out, but most browsers don't allow you to do that anymore without a confirmation.
What does closing the tab do Jacko?
In all reality, today with Chrome and other major browsers that allow the re-opening of closed tabs, not much. But before that feature existed, it destroyed the state of the browser tab, including the ability to use the back button for a second user on a public computer from backing into the session of the first person who used the computer.
The indelible lord of tl;dr
User avatar
vitinho444
Posts: 2825
Joined: Mon Mar 21, 2011 4:54 pm

Re: PHP/MySQL: Secure logging in on public computers?

Post by vitinho444 »

Oh, I see. But I think that using

Code: Select all

session_destroy()
and then redirecting using a

Code: Select all

header()
they cant go back to the session right?
My Company Website: http://www.oryzhon.com

Skype: vpegas1234
User avatar
Jackolantern
Posts: 10893
Joined: Wed Jul 01, 2009 11:00 pm

Re: PHP/MySQL: Secure logging in on public computers?

Post by Jackolantern »

They can't, correct. I think it was just a precaution against old data being shown that was already downloaded.
The indelible lord of tl;dr
User avatar
vitinho444
Posts: 2825
Joined: Mon Mar 21, 2011 4:54 pm

Re: PHP/MySQL: Secure logging in on public computers?

Post by vitinho444 »

I get it ;)
Thanks
My Company Website: http://www.oryzhon.com

Skype: vpegas1234
Post Reply

Return to “Beginner Help and Support”