我有一个角色创建表单,您可以在其中输入角色的名称,然后按提交。然后它会显示一个成功页面。但是,我不希望用户能够使用他们的后退按钮返回角色创建页面,所以在角色创建页面上,如果检测到引用页面是成功页面,我会重定向到主菜单页面。但是,当它显示主菜单页面时,它显示的信息已过期。您必须刷新页面才能反映最新的更改。这几乎就像重定向正在提出页面的缓存版本....
为什么最新的更改没有显示在重定向上的任何想法?
<?php
// First we execute our common code to connection to the database and start the session
define('MyConst', TRUE);
include('database.class.php');
include('table.class.php');
include('user.class.php');
include('loginattempts.class.php');
include('timer.class.php');
include('functions.php');
include('loginf.php');
include('character.class.php');
include('playercharacter.class.php');
$dbo = database::getInstance();
$dbo -> connect("***********", "********", "*********", "********", array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'));
secSessionStart();
// At the top of the page we check to see whether the user is logged in or not
if(empty($_SESSION['user']))
{
// If they are not, we redirect them to the login page.
header("Location: login.php");
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
die("Redirecting to login.php");
}
// Everything below this point in the file is secured by the login system
if($_SERVER['HTTP_REFERER'] == "success.php") {
// If they are not, we redirect them to the login page.
header("Location: mainmenu.php");
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
die("Redirecting to mainmenu.php");
}
if(!empty($_POST)) {
$character = new character();
$data = array("character_name" => $_POST['charactername'], "health" => 0, "money" => 1500, "exp" => 0, "rank" => 0, "points" => 0);
$character -> bind($data);
$character -> store();
$character_id = $dbo -> getConnection() -> lastInsertId();
$playercharacter = new playercharacter();
$data = array("character_id" => $character_id, "user_id" => $_SESSION['user']['user_id']);
$playercharacter -> bind($data);
$playercharacter -> store();
$query = "SELECT * FROM playercharacter WHERE character_id = :character_id";
try {
$stmt = $dbo->getConnection()->prepare($query);
$result = $stmt->execute(array(':character_id'=>$row['character_id']));
}
catch(PDOException $ex) {
die("Failed to run query4: " . $ex->getMessage());
}
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$_SESSION['playercharacter'] = $row;
// If they are not, we redirect them to the login page.
header("Location: success.php");
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
die("Redirecting to success.php");
}
?>
<!DOCTYPE HTML>
<head>
<meta http-equiv="content-type" content="text/html" />
<meta name="author" content="lolkittens" />
<title>Untitled 5</title>
</head>
<body>
<h1>Create Character</h1>
<form action="createcharacter.php" method="post">
Enter name:<br />
<input type="text" name="charactername" value="" />
<br /><br />
<input type="submit" value="Create" />
</form>
</body>
createcharacter.php
<?php
// First we execute our common code to connection to the database and start the session
define('MyConst', TRUE);
include('database.class.php');
include('table.class.php');
include('user.class.php');
include('loginattempts.class.php');
include('timer.class.php');
include('functions.php');
include('loginf.php');
$dbo = database::getInstance();
$dbo -> connect("*************", "*********", "**********", "***********", array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'));
secSessionStart();
// At the top of the page we check to see whether the user is logged in or not
if(empty($_SESSION['user']))
{
// If they are not, we redirect them to the login page.
header("Location: login.php");
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
die("Redirecting to login.php");
}
// Everything below this point in the file is secured by the login system
// We can display the user's username to them by reading it from the session array. Remember that because
// a username is user submitted content we must use htmlentities on it before displaying it to the user.
?>
<!DOCTYPE html>
<html>
<head>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js">
</script>
</head>
<body>
<a href="mainmenu.php">Success!</a></a>
</body>
</html>
success.php
<?php
// First we execute our common code to connection to the database and start the session
define('MyConst', TRUE);
include('database.class.php');
include('table.class.php');
include('user.class.php');
include('loginattempts.class.php');
include('timer.class.php');
include('functions.php');
include('loginf.php');
$dbo = database::getInstance();
$dbo -> connect("*********************", "******************",
"***************", "*****************", array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'));
secSessionStart();
// At the top of the page we check to see whether the user is logged in or not
if(empty($_SESSION['user']))
{
// If they are not, we redirect them to the login page.
header("Location: login.php");
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
die("Redirecting to login.php");
}
// Everything below this point in the file is secured by the login system
// We can display the user's username to them by reading it from the session array. Remember that because
// a username is user submitted content we must use htmlentities on it before displaying it to the user.
?>
<?php
$stmt = $dbo->getConnection()->prepare("SELECT count(character_name) FROM
playercharacter JOIN `character` ON (playercharacter.character_id =
`character`.character_id) WHERE user_id = :user_id");
$query_params = array(':user_id'=>$_SESSION['user'][user_id]);
// Execute the prepared query.
$result = $stmt->execute($query_params);
$rows = $stmt->fetch(PDO::FETCH_NUM);
echo $rows[0];
$createCharacters = 4 - $rows[0];
for($i = 0; $i < $createCharacters; $i++) {
echo '<a href="createcharacter.php">Create Character</a><br />';
}
for($i = 0; $i < $rows[0]; $i++) {
echo '<a href="loadplayer.php?id='.$rows[0].'">Play</a> <br />';
// echo '<a href="loadplayer.php">Create Character</a><br />`;
}
?>
<!DOCTYPE html>
<html>
<head>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<script src="functions.js"></script>
</head>
<body>
</body>
</html>
mainmenu.php
答案 0 :(得分:0)
该行
if($_SERVER['HTTP_REFERER'] == "success.php")
永远不会成真。 $_SERVER['HTTP_REFERER']
(设置时)包含URL,而不是文件名。因此,继续执行。显示HTML代码或执行以if(!empty($_POST)) {
开头的块,并将用户重定向到success.php。
通过成功设置会话变量,您将获得更好的结果。设置该变量后,重定向到mainmenu.php。或者,您可以在重定向语句中使用URL参数:
header("Location: success.php?complete=yes")
并检查它:
if ($_GET['complete'] == 'yes') {
// Redirect to the main menu