我為我的畫廊網站創建了注冊和登錄系統。當用戶嘗試登錄系統時,會檢查他們的用戶和密碼以及管理員權限。如果成功,用戶名會出現在主頁的左上角,登錄變為注銷。問題是當我重繪 頁面時,用戶已注銷。
login.php 代碼:
<?php
session_start();
class User
{
public function CheckUser()
{
require "../app/core/database.php";
if (isset($_POST['username']) && isset($_POST['pass'])) {
$username = $_POST['username'];
$password = $_POST['pass'];
//to prevent sql injection
$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysqli_real_escape_string($connection, $username);
$password = mysqli_real_escape_string($connection, $password);
$sql = "SELECT * FROM signup WHERE username = '$username' and password = '$password'";
$sql2 = "SELECT 'admin' FROM signup";
$log_result = mysqli_query($connection, $sql);
$count = mysqli_num_rows($log_result);
if ($count == 1) {
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
$_SESSION['is_admin'] = mysqli_query($connection, $sql2);
header("Location: ../home/index");
} else {
echo "<script>Invalid()</script>";
}
}
}
}
?>
<script>
function Invalid() {
alert("Invalid user/password");
}
</script>
主頁代碼的一部分(index.php):
<?php
error_reporting(E_ALL);
ini_set('display_errors', TRUE);
include "../app/model/loadImages.php";
include "../app/core/config.php";
include "../app/model/login.php";
?>
<body>
<nav>
<?php while ($row = $result2->fetch_assoc()) {
$rows[] = $row ?>
<div class="logo">
<a href="index.php"><?php echo $row['header_1'] ?> <em><?php echo $row['header_2'] ?></em></a>
<span style="font-weight: normal; color:white;">
<label>
<?php
if (isset($_SESSION['loggedin']) && isset($_SESSION['username'])) {
echo $_SESSION['username'];
} ?>
</label>
</span>
</div>
<div class="menu-icon">
<span></span>
</div>
</nav>
<section class="overlay-menu">
<div class="container">
<div class="row">
<div class="main-menu">
<ul>
<li>
<?php
if (!isset($_SESSION['loggedin']) && !isset($_SESSION['username'])) {
echo "<a href='/MyProject/public/login/index.php'>LogIn</a>";
} else {
echo "<a href='' action='EndSession();'>Logout</a>";
echo "<li>";
echo "<a href='/MyProject/public/admin/index'>Admin Area</a>";
echo "</li>";
} ?>
</li>
<li>
<a href="about.html">About Us</a>
</li>
<li>
<a href="blog.html">Blog Entries</a>
</li>
<li>
<a href="single-post.html">Single Post</a>
</li>
</ul>
<?php foreach ($rows as $row) { ?>
<p><?php echo $row['message_1'] ?></p>
<?php } ?>
</div>
</div>
</div>
</section>
<script>
function EndSession() {
<?php session_unset(); ?>
}
</script>
用于登錄頁面的 index.php:
<?php
include "../app/core/config.php";
include "../app/model/login.php";
$login = new User();
$login->CheckUser();
?>
<body>
<div class="limiter">
<div class="container-login100" style="background-image: url('../../app/views/login/images/bg-01.jpg');">
<div class="wrap-login100 p-l-55 p-r-55 p-t-65 p-b-54">
<form class="login100-form validate-form" method="POST">
<span class="login100-form-title p-b-49">
Login
</span>
<div class="wrap-input100 validate-input m-b-23" data-validate = "Username is reauired">
<span class="label-input100">Username</span>
<input class="input100" type="text" name="username" placeholder="Type your username">
<span class="focus-input100" data-symbol=""></span>
</div>
<div class="wrap-input100 validate-input" data-validate="Password is required">
<span class="label-input100">Password</span>
<input class="input100" type="password" name="pass" placeholder="Type your password">
<span class="focus-input100" data-symbol=""></span>
</div>
<div class="text-right p-t-8 p-b-31">
<a href="#">
Forgot password?
</a>
</div>
<div class="container-login100-form-btn">
<div class="wrap-login100-form-btn">
<div class="login100-form-bgbtn"></div>
<button class="login100-form-btn">
Login
</button>
</div>
</div>
<div class="txt1 text-center p-t-54 p-b-20">
<span>
Or Sign Up Using
</span>
</div>
<div class="flex-c-m">
<a href="#" class="login100-social-item bg3">
<i class="fa fa-google"></i>
</a>
</div>
<div class="flex-col-c p-t-155">
<span class="txt1 p-b-17">
Or Sign Up Using
</span>
<a href="<?php echo $root ?>/public/signup/index.php" class="txt2">
Sign Up
</a>
</div>
</form>
</div>
</div>
</div>
我該如何解決這個問題?
uj5u.com熱心網友回復:
我復制了這個問題。該session_unset當你重繪 頁面的JS函式內部被呼叫,除了它是一個JS函式內。
洗掉該功能,然后創建一個名為 logout.php 的新檔案:
<?php
session_unset();
header("Location: ../home/index.php");
?>
修改home/index.php 中的a標簽:
<a href='logout.php'>Logout</a>
旁注:考慮使用session_destroy()而不是 session_unset() 進行注銷
uj5u.com熱心網友回復:
你必須創建 session 和 setcookie ,我希望這個方法可以幫助你
首先選擇驗證用戶:如果您使用 bcrypt 演算法存盤密碼,則 password_verify 函式有效
<?php
if(isset($_POST["username"])) {
$u = $dbmysqli->real_escape_string($_POST['username']);
$p = $_POST['p'];
$sql = $dbmysqli->prepare('SELECT username, password FROM users WHERE username = ?');
$sql->bind_param("s", $u);
$sql->execute();
$sql->store_result();
}
if ($sql->num_rows > 0) {
$sql->bind_result($db_id, $db_username, $db_pass_str);
$sql->fetch();
if (password_verify($p, $db_pass_str)) {
// Verification success! User has logged-in!
// Create sessions, so we know the user is logged in, they basically act like cookies but remember the data on the server.
session_regenerate_id(TRUE);
$_SESSION['userid'] = $db_id;
$_SESSION['username'] = $db_username;
$_SESSION['password'] = $db_pass_str;
setcookie("id", $db_id, strtotime(' 30 days'), "/", "", "", TRUE);
setcookie("user", $db_username, strtotime(' 30 days'), "/", "", "", TRUE);
setcookie("pass", $db_pass_str, strtotime(' 30 days'), "/", "", "", TRUE);
echo $db_username;
exit();
} else {
// Incorrect password
echo 'login_failed';
}
}
?>
然后,您必須像這樣創建一個檢查登錄狀態 file.php(如果您希望用戶保持登錄狀態,請將其包含在每個頁面中):
<?php
$user_ok = FALSE;
$log_id = "";
$log_username = "";
$log_password = "";
function evalLoggedUser($dbmysqli,$id,$u,$p){
$sql = $dbmysqli->prepare('SELECT email FROM users WHERE id = ? AND uname = ? AND pswd = ?');
$sql->bind_param("sss", $id,$u,$p);
$sql->execute();
$sql->store_result();
$numrows = $sql->num_rows;
if($numrows > 0){
return true;
}
}
if(isset($_SESSION["userid"]) && isset($_SESSION["username"]) && isset($_SESSION["password"])) {
$log_id = preg_replace('#[^0-9]#', '', $_SESSION['userid']);
$log_username = preg_replace('#[^a-z0-9]#i', '', $_SESSION['username']);
$log_password = $_SESSION['password'];
//$log_password = preg_replace('#[^a-z0-9$./]#i', '', $_SESSION['password']);
$user_ok = evalLoggedUser($dbmysqli,$log_id,$log_username,$log_password);
} else if(isset($_COOKIE["id"]) && isset($_COOKIE["user"]) && isset($_COOKIE["pass"])){
$_SESSION['userid'] = preg_replace('#[^0-9]#', '', $_COOKIE['id']);
$_SESSION['username'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['user']);
$_SESSION['password'] = $_COOKIE['pass'];
//$_SESSION['password'] = preg_replace('#[^a-z0-9$./]#i', '', $_COOKIE['pass']);
$log_id = $_SESSION['userid'];
$log_username = $_SESSION['username'];
$log_password = $_SESSION['password'];
$user_ok = evalLoggedUser($dbmysqli,$log_id,$log_username,$log_password);
if ($user_ok == TRUE);
}
?>
最后是 logout.php :
<?php
session_start();
$_SESSION = array();
if(isset($_COOKIE["id"]) && isset($_COOKIE["user"]) && isset($_COOKIE["pass"])) {
setcookie("id", '', strtotime( '-5 days' ), '/');
setcookie("user", '', strtotime( '-5 days' ), '/');
setcookie("pass", '', strtotime( '-5 days' ), '/');
}
session_destroy();
if(isset($_SESSION['username'])){
header("location: message.php?msg=Error:_Logout_Failed");
} else {
header("location: login.php");
exit();
}
?>
轉載請註明出處,本文鏈接:https://www.uj5u.com/yidong/312457.html
上一篇:.netcore會話變數始終為空