PHP SESSION注销错误

时间:2012-11-23 14:18:23

标签: php session login

很多人可能会将PHP mySQL功能用于网站的登录部分

我正在尝试使用此代码;

在每个内容页面上 - 检查是否已登录(在每个内容页面的标题中)

<?php
session_start();
if(! isset($_SESSION["myusername"]) ){
header("location:main_login.php");
}
?>
<html>
<body>
Page Content Here
</body>
</html>

登录脚本(我的main_login.php页面引用)

<?php

ob_start();
$host="ClubEvents.db.9606426.hostedresource.com"; // Host name 
$username="ClubEventsRead"; // Mysql username 
$password="Pa55word!"; // Mysql password 
$db_name="ClubEvents"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>

退出代码 

<?
session_start();
session_destroy();

header("location:main_login.php");
exit();
?>

MAIN_LOGIN.php 

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<?php
phpinfo()
?>

但是有些东西不能正常工作,只有登录时才能访问页面login_success.php,因此注销无法正常工作,或者,login_success.php检查无法正常工作。但是我不知道怎么说,我试过和他们一起玩,而且还没有进一步前进

此致

亨利

4 个答案:

答案 0 :(得分:1)

  • session_register() 已弃用从PHP 4.1.0开始,首选使用$ _SESSION

    $_SESSION["myusername"] = $myusername;

  • 尝试 session_destroy() ,而不是 session_unset()

  • 你的IF语句也错了:

    isset($_SESSION[$myusername]更改为 isset($_SESSION["myusername"]

这就是我管理登录的方式:

<?php session_start();

    require_once('../header.php');

    $sql = "SELECT ID, username, FROM users WHERE username='$_POST[username]' AND password='$_POST[password]'";
    $result = query($sql);

    //If nothing is returned from the DB then the credentials are wrong.
    if (!$row = mysql_fetch_array($result)) {
        header( 'Location: ../index.php' );
        die();
    }
    else {
        $user= $row;
    }

    //All user values ( id_user, username, password, firstname, lastname, avatar ) are saved in $_SESSION for later use.
    $_SESSION['ID'] = $user['ID'];                  
    $_SESSION['username'] = $user['username'];
    //This variable is used later to verify if a used is still logged in and proceed with loading a profile.
    $_SESSION['isLoggedIn'] = 1;

    header( 'Location: ../index.php' );
?>

这是我管理注销的方式:

<?php session_start();

    require_once('../header.php');

    //Session data is destroyed so as to prevent the user from accessing any profiles after disconnection.
    session_destroy(); 
    mysql_close($connection);

    header( 'Location: ../index.php' );
?>

这是我管理页面内容的方式,具体取决于用户是否登录。

<?php session_start();

    echo "Page Content";

    if (@$_SESSION['isLoggedIn'] != 1) {
        showLogin();
    }
    else {
        showHome();
    }
?>

答案 1 :(得分:1)

我从未遇到过以下问题:

unset($_SESSION[$myusername]);

这里的优点是您只清除会话中的会话,并且可以在会话中自由存储其他信息,因为session_destroy()将清除所有会话数据。

编辑:查看您的代码,如果设置了用户名会话,它总是将用户发送到登录页面。

变化:

<?php
session_start();
if( isset($_SESSION[$myusername]) ){
header("location:main_login.php");
}
?>

to(注意!之前的isset)。您只想在未设置会话时重定向到登录页面。

<?php
session_start();
if(! isset($_SESSION[$myusername]) ){
header("location:main_login.php");
}
?>

评论摘要:

Session[$myusername]已更改为Session['myusername']isset检查已更改为!isset。这表明会议没有首先确定。

答案 2 :(得分:0)

尝试session_destroy();必须帮助..

手册:http://php.net/manual/en/function.session-destroy.php

答案 3 :(得分:0)

您的退出代码应如下所示:

<?php
session_start();
$_SESSION = array();
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
        setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}
session_destroy();
header("Location: main_login.php"); exit;
?>

区分大小写

相关问题
最新问题