如何通过结束会话从站点注销

时间:2012-11-23 15:36:46

标签: php mysql sql session

我在退出网站时遇到问题。到目前为止,我已登录,但是,当我创建一个logout.php并包含session_destroy();它似乎不起作用。

这是我每页的代码。

的index.php:

<?php include ("login.php"); ?>

的login.php 

   <?php
session_start();
$_SESSION['loggedin']['user']=$_POST['user'];
if(isset($_SESSION['loggedin'])){
    echo '<h2>Logged in</h2><p style="font-size:14px;">Welcome '.$_SESSION["user"].' you have sucessfully logged in.</p>';
}
else {
     echo '
       <h2>Login</h2>
       <form action="auth.php" method="POST">
       <div class="smallform">
                <p><span>Username:</span><br>
                <input type="text" name="user"></p>
                <p><span>Password:</span><br>
                <input type="password" name="pass"></p>
                <p style="padding-top: 15px"><input type="submit" value="Submit"></p>
        </div>
        </form>';
}
?>

Auth.php:

   <?php
session_start();
$con = mysqli_connect("HOST", "USER", "PASS", "DBNAME");
$user = $_POST["user"];
$pass = $_POST["pass"];
$sql = "SELECT UserID FROM Customer 
        WHERE UserID = \"$user\"
        AND Password = md5(\"$pass\")";

$res = mysqli_query($con, $sql);
?>
<!DOCTYPE>
<html>

<head>
<title>VeloCity</title>
<link href="_stylesheet.css" rel="stylesheet" type="text/css" />
<?php echo '<meta http-equiv="refresh" content="1;URL=index.php" />'; ?>
</head>

<body>
<div align="center">
<?php 
if(mysqli_num_rows($res)==1){
    $_SESSION["user"] = $user;
    $_SESSION["loggedin"] = True;
    echo "You have sucessfully logged in";
}
else{
    echo "You have entered an incorrect password. Please try again";
}
?>
</div>
</body>
</html>

Logout.php 

<?php
session_start();
session_destroy();
?>

在login.php中添加的另一件事我有一个if语句,它是:

if(isset($_SESSION['loggedin'])){
    echo '<h2>Logged in</h2><p style="font-size:14px;">Welcome '.$_SESSION["user"].' you have successfully logged in.</p>';
}

问题是你可以看到它应该显示欢迎“USERNAME”,最初它确实显示它现在不显示欢迎你已成功登录。

我想提前感谢所有人的帮助。谢谢

2 个答案:

答案 0 :(得分:2)

一些注释:

  1. 您的输入未经过清理。
  2. 尽量不要使用mysql_*函数,因为它们已被弃用。请改用PDOmysqli_*

    3. logout.php

    中使用此代码 
    <?php
    session_start();
    // Because you are checking if(isset($_SESSION['loggedin'])), use the below:
    unset($_SESSION['loggedin']);
    $_SESSION = array();
    session_destroy();
?>

答案 1 :(得分:1)

问题是这样,在您定义的登录页面上$_SESSION['loggedin']

$_SESSION['loggedin']['user']=$_POST['user'];

删除它,因为否则,你的:

if(isset($_SESSION['loggedin']))

将始终评估为true并显示欢迎消息,即使用户未登录也是如此。

相关问题
最新问题