我正在开发一个网站,我的登录系统有问题。考虑两个用户,user1和user2。如果user1可以访问他的帐户,并且在同一个浏览器中,如果user2可以访问他的帐户,则user1必须从他的会话中退出,但这不会发生在我的系统中,而且,系统认为user1是user2,因为user2已连接。这是登录页面和身份验证的以下代码:
登录代码
<html>
<body>
<div class="wrap">
<div id="content">
<div id="main">
<div class="full_w">
<form action="login_oficial.php" method="post" autocomplete="off">
<label for="login">Usuario:</label>
<input id="login" name="login" class="text" />
<label for="pass">Contraseña:</label>
<input id="pass" name="pass" type="password" class="text" />
<input type="submit" class="ok" name="acceso_cuenta" value="Acceder"></button>
</form>
</div>
</div>
</div>
</div>
</body>
</html>
验证码(login_oficial.php)
<?php
session_start();
require('incluye.php');
$usuario = $_POST['login'];
$_SESSION['user']=$usuario;
$error = '';
$form = $_POST['acceso_cuenta'];
$password = $_POST['pass'];
$query1 = "SELECT user FROM data1 WHERE user='$usuario' and passwort='$password'";
$result=pg_query($conn,$query1);
if( isset($form) ) {
if( isset($usuario) && isset($password) && $usuario !== '' && $password !== '' ) {
if(pg_num_rows($result) != 0 ) { //success
$_SESSION['logged-in'] = true;
header('location: http://localhost/public_html/website/normal_user.php');
exit;
}else { $error = "Your information is wrong."; }
} else { $error = 'Please, do not leave blank spaces.';}
}
?>
<html>
<body>
<div class="wrap">
<div id="content">
<div id="main">
<div class="full_w">
<form action="<?php $PHP_SELF; ?>" method="post">
<label for="login">Usuario:</label>
<input id="login" name="login" class="text" autocomplete="off" />
<label for="pass">Contraseña:</label>
<input id="pass" name="pass" type="password" class="text" />
<div class="sep"></div>
<input type="submit" class="ok" name="acceso_cuenta" value="Acceder"></button>
</form>
</div><!--END OF FULL-->
<?php echo "<br /><span style=\"color:red\">$error</span>";?>
</div><!--END OF MAIN-->
</div><!--END OF CONTENT-->
</div><!--END OF WRAP-->
</body>
</html>
incluye.php的代码
<?
if($_POST['acceso_cuenta']){
$strconn="dbname=postgres port=5432 host=127.0.0.1 user=xxxxxx password=*****";
$conn=pg_Connect($strconn);
}
if(!$conn){
// echo "Error connection!!!";
}else{
//echo "Connection succesful!!!";
}
?>
用户页面
<?php
session_start();
require('incluye.php');
// is the one accessing this page logged in or not?
if ( !isset($_SESSION['logged-in']) || $_SESSION['logged-in'] !== true) {
// not logged in, move to login page
session_destroy();
header('Location: login_oficial.php');
exit;}
?>
<html lang="en">
<body class="">
<div class="navbar">
<div class="navbar-inner">
<ul class="nav pull-right">
<li id="fat-menu" class="dropdown">
<li ><a href="logout.php">Logout</a></li>
<i class="icon-user"></i> <? echo "Welcome user {$_SESSION['user']} " ; ?>
</a>
</li>
</ul>
</div>
</body>
</html>
Logout.php
session_start();
// if the user is logged in, unset the session
if (isset($_SESSION['logged-in'])) {
unset($_SESSION['logged-in']);
}
// now that the user is logged out,
// go to login page
header('Location: login.html');
?>
欢迎所有建议,并随意提供您认为合适的任何其他建议。 欢呼声。
答案 0 :(得分:1)
在login_oficial.php中设置这些会话
$_SESSION['user']=$usuario;
$_SESSION['logged-in'] = true;
但是在logout.php中,您只取消了登录的会话。试试这段代码,它应该重置所有会话。
session_start();
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
session_regenerate_id(true);
BTW我认为在检查用户是否存在于数据库之前,不应设置$_SESSION['user']。