PHP - 按Back按钮后的Session_Destroy

时间:2013-01-25 20:36:25

标签: php session refresh back destroy

这是我的问题:

我有一个名为login.php的登录页面(不包含HTML代码)。当用户正确输入他的凭证时,他被重定向到特定页面;我们将为此示例说test.php。该页面上唯一的链接注销当前会话,并将用户返回到index.html。

我的问题是,如果用户按下后退按钮,它会返回login.php,你会得到一个空白页面。如果您离开该空白页面,则无法返回test.php,因此无法注销该会话。

我最初的想法是使用Javascript禁用后退按钮导航。最终我发现这不起作用,因为如果用户找到了一种离开该页面而没有注销的方法,那么它们将被卡在该会话中并且login.php将是空白的。

如果按下后退按钮,有没有办法结束当前会话?或者如果重新加载login.php?我不太熟悉PHP,所以非常感谢详细解释。

以下是登录页面的代码:

    <?php
    /**
     * The idea of this application is to secure any page with one link. I know some of the professionals
     * will agree with me considering the way it has been done, usually you wouldnt put any other information such as
     * HTML/CSS with a class file but in this case its unavoidable. This is to make it easier for the non techys to use.
     * @author John Crossley <john@suburbanarctic.com>
     * @version Version 2
     **/

            // Turn off error reporting.
            error_reporting(0);

            # Start a new session, regenerate a session id if needed.
            session_start();
            if (!isset($_SESSION['INIT'])) {
                session_regenerate_id();
                $_SESSION['INIT'] = TRUE;
            }

            class JC_fsl {

        public static $_init;
        protected $_users = array();
        # Script configuration
        protected static $_script_name;
        protected static $_admin_email;
        protected static $_admin_name;
        private static $_version = '{Version 2.0.1}';

        protected function __construct() {

            if (!isset($_SESSION['LOGIN_ATTEMPTS']))
                $_SESSION['LOGIN_ATTEMPTS'] = 0;

            // Default user admin added.
            $this->_users = array(
                array(
                    'USERNAME' => 'admin', 
                    'PASSWORD' => 'master13', 
                    'EMAIL' => 'seth@procstaff.com', 
                    'LOCATION' => 'master.php')
                );
        }

        public function __toString() {
            return 'SCRIPT NAME :: ' . self::$_script_name . "<br />" .
            ' ADMIN EMAIL :: ' . self::$_admin_email . "<br />" .
            ' ADMIN NAME :: ' . self::$_admin_name . "<br />" .
            ' FSL VERSION :: ' . self::$_version;
        }

        /**
         * This method allows you to peek inside the users list, so you can view their information.
         **/
        public function peek() {
            var_dump($this->_users);
        }

        protected function ready_array($username, $password, $email, $location = 'index.html', $access = false) {
            return array('USERNAME' => $username, 'PASSWORD' => $password, 'EMAIL' => $email, 'LOCATION' => $location);
        }


        public function add($username, $password, $email, $location = 'index.html') {
            $add = $this->ready_array($username, $password, $email, $location);
            $this->_users[] = $add;
        }

        public static function logout() {
            if (isset($_SESSION['LOGGED_IN'])) {
        if (session_destroy()) 
                    header('Location: index.html');
            }
        }

        /**
         * This method increments or returns login attempts.
         * @param <bool> true to increment by 1 and false to return.
         */
        public static function attempts($add = false) {
            if ($add === true)
                $_SESSION['LOGIN_ATTEMPTS'] += 1;
            else
                return $_SESSION['LOGIN_ATTEMPTS'];
        }

        public function site_name() {
            return self::$_script_name;
        }

        public function validate($un, $pw) {
            # Check all of the arrays for the user
            for ($i=0;$i<count($this->_users);$i++) {
                if (array_key_exists('USERNAME', $this->_users[$i])) {
            if ($this->_users[$i]['USERNAME'] == $un) {
                # We have found the user check to see if there password matches also.
                $info = $this->_users[$i];
                if ($info['USERNAME'] == $un && $info['PASSWORD'] == $pw) {
                    # We have a match redirect the user.
                    $_SESSION['LOGGED_IN'] = TRUE;
                    $_SESSION['LOGIN_ATTEMPTS'] = 0;
                    $_SESSION['USERNAME'] = $info['USERNAME'];
                    $_SESSION['EMAIL'] = $info['EMAIL'];
                    header('Location: ' . $info['LOCATION']);
                    return;
                }
            }
                }
            }
            echo '<h2 class=\'error\'>Incorrect username and or password, try again!</h2>';
            self::attempts(true);
        }

        /**
         * Forgot password? not a problem call this method with the correct username
         * and the user will be sent a password reminder. Please note that not of these passwords
         * are hashed meaning this is not a good idea to store personal information behind this script!
         * @param <string> The users email address.
         * @return <bool> Returns true upon success. 
         */
        public function forgot($email) {
            for ($i=0;$i<count($this->_users);$i++) {
                if (array_key_exists('EMAIL', $this->_users[$i])) {
                    if ($this->_users[$i]['EMAIL'] == $email)
                        $info = $this->_users[$i];
                } else return false;
            }
    if (isset($info) && is_array($info)) {
        # Send the user their password
        $to = $info['EMAIL'];
        $subject = 'You recently forgot your password | ' . self::$_script_name;
        $message = 'Hi ' . $info['USERNAME'] . ', ' . "\n\n";
        $message .= 'You recently requested your password for ' . self::$_script_name . ' if you didn\'t not to worry just ignore this ';
        $message .= 'email. Anyway you can find your email below, should you require anymore assistance then please contact us ';
        $message .= 'at ' . self::$_admin_email . ".\n\n";
        $message .= 'Username: ' . $info['USERNAME'] . "\n";
        $message .= 'Password: ' . $info['PASSWORD'];
        $message .= "\n\n" . 'Best Regards, ' . "\n" . self::$_admin_name;
        $headers = 'From: ' . self::$_admin_email . "\r\n" .
            'Reply-To: ' . self::$_admin_email . "\r\n" .
            'X-Mailer: PHP/' . phpversion();

                # Uncomment for final version
                if (mail($to, $subject, $message, $headers)) return true;
            }
        }

        /**
         * The secure method, simply call this to lock any page down it's as simple as that.
         * @param <string> Name of the script EG: John's Script
         * @param <string> Email of the administrator EG: john@suburbanarctic.com
         * @param <string> Admin name EG: John Crossley
         * @return <object> Returns an instanciated object of this class.
         */
        public static function secure($s_name = '', $a_email = '', $a_name = '') {

            self::$_script_name = $s_name;
            self::$_admin_email = $a_email;
            self::$_admin_name = $a_name;

            if (!self::$_init instanceof JC_fsl) {
                self::$_init = new JC_fsl();
            }
            return self::$_init;
        }
    }

    # You may edit me
    $secure = JC_fsl::secure();

    ##########################################################################
    ########################## YOUR EDITING BLOCK ###########################

    $secure->add('mbhaynes', 'mbhaynes13', 'seth@procstaff.com', 'mbhaynes.php');
    $secure->add('emory', 'emory13', 'seth@procstaff.com', 'emory.php');
    $secure->add('ehg', 'ehg13', 'seth@procstaff.com', 'redirect.html');
    $secure->add('dhgriffin', 'dhgriffin13', 'seth@procstaff.com', 'dhgriffin.php');
    $secure->add('neo', 'neo13', 'seth@procstaff.com', 'neo.php');
    $secure->add('first', 'first13', 'seth@procstaff.com', 'first.php');
    $secure->add('test', 'test', 'seth@procstaff.com', 'test.php');

    ##########################################################################
    ##########################################################################


    ############ FORM PROCESSING ############
    if (isset($_POST['username']) && isset($_POST['password'])) {
        $secure->validate($_POST['username'], $_POST['password']);
    }
    if (isset($_GET['logout'])) $secure->logout();

    if (isset($_POST['forgot_password_button']) && isset($_POST['email'])) {
        // We need to send the user their password.
        if ($secure->forgot($_POST['email'])) {
            echo '<h2 class=\'success\'>Your password has been sent to your email address!</h2>';
        } else {
            echo '<h2 class=\'error\'>I\'m sorry but that email address has no record on this site.</h2>';
        }
    }

    ?>
    <?php if(!isset($_SESSION['LOGGED_IN'])): ?>
        <style type='text/css'>
            #fslv2-main{
        font-family:HelveticaNeue-Light, "Helvetica Neue Light", "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;font-weight:300;font-size:14px;line-height:1.6;
        margin-left:auto;
        margin-right:auto;
        width: 300px;
        padding: 10px 10px 10px 10px;
            }
            fieldset { border: none; margin: 0; padding: 0;}
            .fslv2 .input { 
        border: 1px solid #b9b9b9; 
        padding: 5px;
        width: 225px;
        outline: none;
        font-size: 13px;
            }
            .fslv2 label {
        float: left;
        width: 72px;
        line-height: 28px;
            }
            h3 { font-weight: normal; }
            a { color: #4a6a81; text-decoration: none; }
            a:hover { color: #4a6a81; text-decoration: underline; }
            .button {
        border: 1px solid #233d4f;
        border-bottom: 1px solid #233d4f;
        background-color: #4a6a81;
        border-radius: 2px;
        padding: 6px 5px;
        color: #ffffff;
        text-shadow: 0 1px rgba(0, 0, 0, 0.1);
        margin-left:auto;
        margin-right:auto;
        top: 5px;
        width: 100px;
        min-width: 100px;
        cursor: pointer;
        font-size: 13px;
        box-shadow: rgba(0,0,0,0.2);
        -webkit-box-shadow: rgba(0,0,0,0.2);
        -moz-box-shadow: rgba(0,0,0,0.2);
            }
            .input:focus {
        -moz-box-shadow: inset 0 0 3px #bbb;
        -webkit-box-shadow: inset 0 0 3px #bbb;
        box-shadow: inner 0 0 3px #bbb;
            }
            .fsl p.la { text-align: center; }
            .success {
        margin: 2em auto 1em auto;
        border: 1px solid #337f09;
        padding: 5px;
        background-color: #dd4b39;
        width: 400px;
        text-align: center;
        -webkit-border-radius: 5px;
        -moz-border-radius: 5px;
        border-radius: 5px;
        font-weight: normal;
        font-family:HelveticaNeue-Light, "Helvetica Neue Light", "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;font-weight:300;font-size:14px;line-height:1.6;
            }
            .error {
        margin: 2em auto 1em auto;
        border: 1px solid #233d4f;
        padding: 5px;
        background-color: #8bafc5;
        width: 400px;
        text-align: center;
        -webkit-border-radius: 5px;
        -moz-border-radius: 5px;
        border-radius: 5px;
        font-weight: normal;
        font-family:HelveticaNeue-Light, "Helvetica Neue Light", "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;font-weight:300;font-size:14px;line-height:1.6;
            }
        </style>
        <div id="fslv2-main">
        <?php if($secure->attempts() > 5): ?>
            <!-- Show the login form -->
            <p>Too many failed attempts, please try again later.</p>
        <?php elseif(isset($_GET['forgot_password'])): ?>
            <fieldset class="fslv2">
            <form method="post" action="#">
                <p>
                    <label for='email'>Email: </label>
                    <input type='text' name='email' class='input'/>
                </p>
                <p><input type='submit' name='forgot_password_button' class='button' value='Send!' /></p>
            </form>
        </fieldset>
        <small><a href="index.html">Cancel</a></small>
        <?php else: ?>
        <fieldset class="fslv2">
        <legend><?php echo $secure->site_name(); ?></legend>
    <form method="post" action="#">
                <p>
                    <label for='username'>Username: </label>
                    <input type='text' name='username' class='input'/>
                </p>
                <p>
                    <label for='password'>Password: </label>
                    <input type='password' name='password' class='input'/>
                </p>
                <p><input type='submit' name='login' class='button' value='Login' /></p>
            </form>
        </fieldset>
        <?php endif; ?>
        </div><!-- #fslv2-main -->
    <?php exit(); endif; ?>

3 个答案:

答案 0 :(得分:3)

如果您在登录后返回主页面,请尝试刷新页面,如果会话设置正确,则刷新后您将自动登录或显示已登录状态,否则会有破坏主页中所有会话的东西?我会选择第一个条件,因为这发生在我身上很多次,最好在同一页面上显示logIn表单,在那里你要显示注册用户的内容,登录后快速将它们重定向到同一页面,这样所有会话工作正常,后退按钮不会在您将它们重定向到同一页面时产生问题....

编辑: 它不会影响具有单独页面的用户,因为整个logIn表单将在登录后由该用户内容更改。

试试这个:

if(isset($_SESSION['LOGGED_IN'])){
   //User is logged-In check for existence of its name file,
  $user = $_SESSION["LOGGED_IN"]."php";
If(file_exists($user)){
 //User's named file exists now include it.
  include("yourfolder/$user");
}else{
 //He was loggedIn in but file wasn't found...
 echo"Sorry nothing for you :P";
 }
}else{
   //Show the logIn form
}

答案 1 :(得分:2)

如果他们已经登录,为什么不将他们从login.php重定向到他们?如果他们已经对他们的帐户进行了身份验证,他们就不需要访问该页面:

<强>的login.php

session_start();

//If the user is already logged in, they have no business being here.
if(isset($_SESSION['LOGGED_IN'])){
     header('Location: logged_in_homepage.php');
     exit;
}

//User isn't logged in. Process login.

答案 2 :(得分:0)

您也可以通过在您的head标签中添加此代码来做到这一点

<script language="javascript" type="text/javascript"> window.history.forward(); </script>

这将阻止用户回来。