即使我点击退出并重定向到登录页面,我仍然登录

时间:2014-05-11 21:44:13

标签: php mysql

我正在构建一个成员系统,但我有一个登出问题。

当我按下注销按钮时,我被重定向到登录页面,但是当我直接从浏览器访问用户更新页面时,即使我已经注销,我仍然会登录。

如果我进入登录页面并再次登录并访问用户更新页面,我可以看到以前的用户数据,而不是我的。

你可以到这里:http://dailypaychecknetwork.com/account/createnewuser.php并为自己创建一个帐户测试。

以下是我的注销和member-config.php脚本,非常感谢任何帮助。谢谢。

member-config.php脚本:

//Require DB connection
require_once dirname(__FILE__) . "/connect.php";

//Pages to require
require_once dirname(__FILE__) . "/languages/en.php";
require_once dirname(__FILE__) . "/class.newuser.php";
require_once dirname(__FILE__) . "/class.user.php";
require_once dirname(__FILE__) . "/funcs.php";

session_save_path("/home/users/web/b1951/moo.dailypaychecknetwork/cgi-bin/tmp");

session_start();

//Global User Object Var
//loggedInUser can be used globally if constructed
if(isset($_SESSION["userCakeUser"]) && is_object($_SESSION["userCakeUser"]))
{
    $loggedInUser = $_SESSION["userCakeUser"];
}

退出脚本:

require_once("models/member-config.php");

//Log the user out
/*if(isUserLoggedIn())
{
    $loggedInUser->userLogOut();
}*/

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();

header("Location: login.php");
die();

更新脚本:

require_once("models/member-config.php");

//Prevent the user visiting the page if he is not logged in
if($loggedInUser == NULL){ header("Location: login.php"); die(); }

if(isset($_POST['dpnupdate']))
{
    $errors = array();
    $email = $_POST["email"];
    $fname = $_POST["fname"];
    $lname = $_POST["lname"];
    $phone = $_POST["phone"];
    $znzsid = $_POST["znzsid"];
    $znzdid = $_POST["znzdid"];
    $enid = $_POST["enid"];
    $znztl = $_POST["znztl"];

    //Update a users email
    if($email != $loggedInUser->email)
    {
        if(trim($email) == "")
        {
            $errors[] = lang("EMAIL_EMPTY");
        }
        else if(!isValidEmail($email))
        {
            $errors[] = lang("ACCOUNT_INVALID_EMAIL");
        }
        else if(emailExists($email))
        {
            $errors[] = lang("EMAIL_EXIST", array($email)); 
        }

        //End data validation
        if(count($errors) == 0)
        {
            $loggedInUser->updateEmail($email);
            $successes[] = lang("ACCOUNT_EMAIL_UPDATED");
        }
    }

    //Update a users first name 
    if($fname != $loggedInUser->fname)
    {
        if(trim($fname) == "")
        {
            $errors[] = lang("FIRST_NAME_EMPTY");
        }       
        //End data validation
        if(count($errors) == 0)
        {
            $loggedInUser->updateFirstname($fname);
            $successes[] = lang("ACCOUNT_FIRST_NAME_UPDATED");
        }
    }

    //Update a users last name  
    if($lname != $loggedInUser->lname)
    {
        if(trim($lname) == "")
        {
            $errors[] = lang("LAST_NAME_EMPTY");
        }       
        //End data validation
        if(count($errors) == 0)
        {
            $loggedInUser->updateLastname($fname);
            $successes[] = lang("ACCOUNT_LAST_NAME_UPDATED");
        }
    }

    //Update a users phone number   
    if($phone != $loggedInUser->phone)
    {
        if(trim($phone) == "")
        {
            $errors[] = lang("PHONE_NUMBER_EMPTY");
        }
        else if(!is_numeric($phone)){
            $errors[] = lang("PHONE_IS_NUMERIC");
        }       
        //End data validation
        if(count($errors) == 0)
        {
            $loggedInUser->updatePhone($phone);
            $successes[] = lang("ACCOUNT_PHONE_NUMBER_UPDATED");
        }
    }

    //Update a users znz single id  
    if($znzsid == 'optional' || $znzsid == $loggedInUser->znzsingle)
    {} else{
        if(trim($znzsid) == "")
        {
            $errors[] = lang("ZNZ_SINGLE_EMPTY");
        }
        else if(!is_numeric($znzsid)){
            $errors[] = lang("ZNZ_SINGLE_IS_NUMERIC");
        }
        //End data validation
        if(count($errors) == 0)
        {
            $loggedInUser->updateZnzsingle($znzsid);
            $successes[] = lang("ACCOUNT_ZNZ_SINGLE_UPDATED");
        }
    }

    //Update a users znz double id  
    if($znzdid == 'optional' || $znzdid == $loggedInUser->znzdouble)
    {} else{
        if(trim($znzdid) == "")
        {
            $errors[] = lang("ZNZ_DOUBLE_EMPTY");
        }
        else if(!is_numeric($znzdid)){
            $errors[] = lang("ZNZ_DOUBLE_IS_NUMERIC");
        }
        //End data validation
        if(count($errors) == 0)
        {
            $loggedInUser->updateZnzdouble($znzdid);
            $successes[] = lang("ACCOUNT_ZNZ_DOUBLE_UPDATED");
        }
    }

    //Update a users empoer network id
    if($enid != $loggedInUser->empowerid)
    {
        if(trim($enid) == "")
        {
            $errors[] = lang("EMPOWER_NETWORK_EMPTY");
        }   
        //End data validation
        if(count($errors) == 0)
        {
            $loggedInUser->updateEmpowerid($enid);
            $successes[] = lang("ACCOUNT_EMPOWER_NETWORK_UPDATED");
        }
    }

    //Update a users znzadteam link
    if($znztl != $loggedInUser->znzadteamlink)
    {
        if(trim($znztl) == "")
        {
            $errors[] = lang("ZNZADTEAM_LINK_EMPTY");
        }       
        //End data validation
        if(count($errors) == 0)
        {
            $loggedInUser->updateZnzadteam($znztl);
            $successes[] = lang("ACCOUNT_ZNZADTEAM_LINK_UPDATED");
        }
    }

    if(count($errors) == 0 AND count($successes) == 0){
        $errors[] = lang("NOTHING_TO_UPDATE");
    }
}

//Update password
if(isset($_POST['dpnupdatepass']))
{

    $errors = array();
    $successes = array();
    $password = $_POST["oldpass"];
    $password_new = $_POST["newpass"];  

    //Confirm the hashes match before updating a users password
    $entered_pass = md5($password);

    if (trim($password) == ""){
        $errors[] = lang("PASSWORD_EMPTY");
    }
    else if($entered_pass != $loggedInUser->pass)
    {
        //No match
        $errors[] = lang("ACCOUNT_PASSWORD_INVALID");
    }   

    if ($password_new != "")
    {
        if(trim($password_new) == "")
        {
            $errors[] = lang("PASSWORD_EMPTY");
        }

        //End data validation
        if(count($errors) == 0)
        {
            //Also prevent updating if someone attempts to update with the same password
            $entered_pass_new = md5($password_new);

            if($entered_pass_new == $loggedInUser->pass)
            {
                //Don't update, this fool is trying to update with the same password ¬¬
                $errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE");
            }
            else
            {
                //This function will create the new hash and update the pass property.
                $loggedInUser->updatePassword($password_new);
                $successes[] = lang("ACCOUNT_PASSWORD_UPDATED");
            }
        }
    }
    if(count($errors) == 0 AND count($successes) == 0){
        $errors[] = lang("NOTHING_TO_UPDATE");
    }

}

require_once("../includes/header.php");
echo "
<div class='main-content-wrap'>
    <div class='back'> <a href='http://dailypaychecknetwork.com/account/account.php'>< BACK OFFICE</a></div>
    <h2 class='center-title'>Update your info</h2>
    <div class='main-content'>

        <div id='main'>";

        echo resultBlock($errors,$successes);

        echo "  
        <div id='regbox'>
                <form name='newUser' action='".$_SERVER['PHP_SELF']."' method='post'>
                    <table cellpadding='3px' class='mtext'>
                        <tbody>
                            <tr>
                                <td class='tdSubHeader'><label>Email</label></td>
                                <td class='tdContent'><input type='text' name='email' value='".$loggedInUser->email."' size='25'/></td>
                            </tr>

                            <tr>
                                <td class='tdSubHeader'><label>First Name</label></td>
                                <td class='tdContent'><input type='text' name='fname' value='".$loggedInUser->fname."' size='25'/></td>
                            </tr>

                            <tr>
                                <td class='tdSubHeader'><label>Last Name</label></td>
                                <td class='tdContent'><input type='text' name='lname' value='".$loggedInUser->lname."' size='25'/></td>
                            </tr>

                            <tr>
                                <td class='tdSubHeader'><label>Phone</label></td>
                                <td class='tdContent'><input type='text' name='phone' value='".$loggedInUser->phonee."' size='25'/></td>
                            </tr>

                            <tr>
                                <td class='tdSubHeader'><label>ZNZ Single ID #</label></td>
                                <td class='tdContent'><input type='text' name='znzsid' value='".(($loggedInUser->znzsingle == 1313434) ? 'optional' : $loggedInUser->znzsingle)."' size='40'/></td>
                            </tr>

                            <tr>
                                <td class='tdSubHeader'><label>ZNZ Double ID #</label></td>
                                <td class='tdContent'><input type='text' name='znzdid' value='".(($loggedInUser->znzdouble == 1314445) ? 'optional' : $loggedInUser->znzdouble)."' size='40'/></td>
                            </tr>

                            <tr>
                                <td class='tdSubHeader'><label>Empower Network ID</label></td>
                                <td class='tdContent'><input type='text' name='enid' value='".$loggedInUser->empowerid."' size='40'/></td>
                            </tr>

                            <tr>
                                <td class='tdSubHeader'><label>ZNZADTEAM LINK</label></td>
                                <td class='tdContent'><input type='text' name='znztl' value='".$loggedInUser->znzadteamlink."' size='40'/></td>
                            </tr>
                        </tbody>
                    </table>
                        <br>
                        <div style='float:left;'><input type='submit' name='dpnupdate' value='Save Changes'></div>                  
                </form>
            </div>
        </div>
    </div>
    <div class='sidebar-update'>
        <div class='third-party-autoresponder'>
            <h2>3rd Party Autoresponder</h2>

        </div>
        <hr>
        <div class='change-password'>
            <h2>Change Password</h2>
            <form name='newUser' action='".$_SERVER['PHP_SELF']."' method='post'>
                    <table cellpadding='3px' class='mtext'>
                        <tbody>
                            <tr>
                                <td class='tdSubHeader'><label>Old Password</label></td>
                                <td class='tdContent'><input type='password' name='oldpass' size='25'/></td>
                            </tr>

                            <tr>
                                <td class='tdSubHeader'><label>New Password</label></td>
                                <td class='tdContent'><input type='password' name='newpass' size='25'/></td>
                            </tr>
                        </tbody>
                    </table>
                        <br>
                        <div><input type='submit' name='dpnupdatepass' value='Save New Password'></div>                 
            </form>
        </div>
    </div>
</div>
";
require_once("../includes/footer.php");

0 个答案:

没有答案