我想用 PHP 構建一個登錄系統。有5個檔案:
db.php包含資料庫實用程式。user.php用于登錄和注銷功能。login.php是登錄頁面。index.php是主頁。logout.php是一個將用戶注銷并重定向到的頁面login.php。
登錄部分似乎按預期作業(通過檢查資料庫,此處省略),但從login.phpto的重定向index.php似乎不起作用。再次出現相同的登錄頁面。
但是當我洗掉這部分時index.php:
// Must be logged in first
if (!isset($_SESSION['username'])) {
gotoPage('login.php');
}
它重定向成功,然后注銷失敗。
index.php此外,如果用戶注銷并單擊瀏覽器中的撤消按鈕,則會將他帶到他在注銷后不應該看到的主頁 ( )。
我不知道究竟是什么阻止了重定向和注銷。任何幫助(或建議)表示贊賞。
注意:我已經查看了關于 SO 的類似問題,所提供的答案都沒有解決這個問題。
db.php內容:
<?php
function getDBInstance() : PDO
{
static $dbInstance;
if (!$dbInstance) {
return new PDO(
'mysql:host=localhost;dbname=DummyUserAccounts;charset=UTF8',
'dummyuser',
'...',
[PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
);
}
return $dbInstance;
}
function register_user(string $firstname, string $lastname, string $username, string $password): bool
{
// PROC_USER_ADD inserts one user into the User table.
$query = 'CALL PROC_USER_ADD(:firstname, :lastname, :username, :password)';
$statement = getDBInstance()->prepare($query);
$statement->bindValue(':firstname', $firstname, PDO::PARAM_STR);
$statement->bindValue(':lastname', $lastname, PDO::PARAM_STR);
$statement->bindValue(':username', $username, PDO::PARAM_STR);
$statement->bindValue(':password', password_hash($password, PASSWORD_BCRYPT), PDO::PARAM_STR);
return $statement->execute();
}
?>
user.php內容:
<?php
require 'db.php';
function sanitize($field)
{
$field = trim($field);
$field = stripslashes($field);
$field = htmlspecialchars($field);
return $field;
}
function gotoPage(string $page) : void
{
header('Location: ' . $page);
exit;
}
function loginUser(string $username, string $password) : bool
{
// Search for the user in the database
$queryString = 'SELECT username, password FROM user WHERE username = :username';
$statement = getDBInstance()->prepare($queryString);
$statement->bindValue(':username', $username, PDO::PARAM_STR);
$statement->execute();
$user = $statement->fetch(PDO::FETCH_ASSOC);
// Successful login?
if ($user && password_verify($password, $user['password'])) {
// Create a new Session ID
session_start();
// Write session data
$_SESSION['username'] = $username;
return true;
}
return false;
}
function logoutCurrentUser() : void
{
if (isset($_SESSION['username'])) {
unset($_SESSION['username']);
session_destroy();
gotoPage('login.php');
}
}
?>
login.php內容:
<?php
require 'user.php';
// Can't login twice.
if (isset($_SESSION['username'])) {
gotoPage('index.php');
}
$errorMessage = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Check for empty fields
if (empty($_POST['username']) || empty($_POST['password'])) {
$errorMessage = "Both Username and Password are required!";
} else {
// Sanitize fields
$username = sanitize($_POST['username']);
$password = sanitize($_POST['password']);
// Login user
if (!loginUser($username, $password)) {
$errorMessage = "Invalid username and/or password.";
} else {
gotoPage('index.php');
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
</head>
<body>
<form action="login.php" method="post">
<div>
<label>Username</label>
<input type="text" name="username">
</div>
<div>
<label>Password</label>
<input type="password" name="password">
</div>
<div>
<button type="submit">Login</button>
</div>
<div>
<span style="color:red"><?php echo $errorMessage ?></span>
</div>
</form>
</body>
</html>
index.php內容:
<?php
require 'user.php';
// Must be logged in first
if (!isset($_SESSION['username'])) {
gotoPage('login.php');
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Main Page</title>
</head>
<body>
<nav>
<a href="logout.php">Logout</a>
</nav>
<!--Main page goes here-->
</body>
</html>
logout.php內容:
<?php
require 'user.php';
logoutCurrentUser();
gotoPage('login.php');
?>
uj5u.com熱心網友回復:
您將需要session_start()在要訪問$_SESSION變數的每個頁面上。login.php沒有session_start(),所以isset($_SESSION)總會回來false。
轉載請註明出處,本文鏈接:https://www.uj5u.com/yidong/454042.html