We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

Prevent of submission or back button after logout from session

How to prevent of submission or back button after logout from session, any example or video link, please? Sory my english is very bad. This is my syntax

public function indexAction(){
    if(isset($_SESSION['auth'])){           
        return $this->dispatcher->forward(
            array(
                "controller" => "admin",
                "action" => "index"

                )
            );
    }
}

public function sessionAction()
{
    if ($this->request->isPost()) {
        $email = $this->request->getPost('email', 'email');
        $password = $this->request->getPost('password');
        $password = sha1($password);
        $user = Users::findFirst("email='$email' AND password='$password'");
        if ($user != false) {
            $this->_registerSession($user);
            $auth = $this->session->get('auth');
            $this->flash->success('Welcome ' . $auth['name']);              
            $this->response->redirect("admin/index");               
        }            
        $this->flash->error('Wrong email/password');    

    }       
    return $this->dispatcher->forward(
        array(
            "controller" => "login",
            "action" => "index"

            )
        );

}

and this is admin/index

public function indexAction()
{       

    $auth = $this->session->get('auth');        
    if($auth == true){
        $user = Users::findFirst($auth['id']);
        if ($user == false) {
            $this->flash->error('Anda tidak diijinkan mengakses laman admin tanpa melalui prosedur yang benar');
            return $this->dispatcher->forward(
            array(
                "controller" => "login",
                "action" => "index"                 
                )
            );

        }
    }
}


9.3k
Accepted
answer
edited Mar '16

What is your primary goal? You want to restrict some of your pages or actions only for logged user and if he logs out, you want do display login form?

Try to utilize controller events, its the easiest way how to check this before other code is executed

https://docs.phalcon.io/en/latest/reference/controllers.html#events-in-controllers

Your AdminController should look like this (it will prevent any action for user without privileges)

class AdminController extends Controller
{
    public function beforeExecuteRoute($dispatcher)
    {
        if ($dispatcher->getControllerName() == 'admin' && empty($this->session->auth)) {
            $this->flash->error("You don't have permission");
            // redirect or forward here
            return false;
        }
    }
}

After user logout, you have to destroy session auth data.

Thank's alot David