我的网络应用程序包含2页(登录页面,主页面)
如果用户之前没有登录,我想阻止用户查看主页面,所以我执行以下操作:
在主页面中,我检查在登录验证中设置的用户名会话
session_start();
if (!isset($_SESSION['LOGIN_STATUS'])||$_SESSION['LOGIN_STATUS']!=true) {
header('Location:login.php?lang=en');
exit();
}
现在:当我打开主页面时,我重定向到登录屏幕,这是正确的,但是当我登录然后注销然后尝试再次登录我重定向到登录页面也无法再次登录
退出时:
session_start();
unset($_SESSION['username']);
$lang=$_SESSION['lang'];
unset($_SESSION['lang']);
session_unset();
if(session_destroy()){
header("Location: login.php?lang=$lang");
exit;
}
java脚本登录代码:
$(function () {
var form = $('#main form'),
arrow = $('#main .arrow');
$('#main .row input').val('');
function submitLogin(enteredUsername, enteredPassword) {
$.ajax({
url: './webService/CheckLogin.php',
type: 'post',
data: {username: enteredUsername, password: enteredPassword},
cache: false,
success: function (resp) {
if (resp.toString() === "true") {
window.location = 'Main.php';
} else {
// fail code here.
alert("Login Failed");
}
}
});
}
// Handle form submissions
form.on('submit', function (e) {
var user = document.getElementById("username").value;
var pass = document.getElementById("password").value;
submitLogin(user, pass);
});
});
检查Login.php
require("./DbConnection.php");
session_start();
if(isset($_POST['username']) && !empty($_POST['username'])){
$username = ($_POST['username']);
}
if(isset($_POST['password']) && !empty($_POST['password'])){
$password = ($_POST['password']);
}
AuthenticateUser($username, $password);
function AuthenticateUser($username, $password) {
$conn = OpenConnection();
$tsql = "select userName,Password from Users ";
$stmt = sqlsrv_query($conn, $tsql);
if ($stmt === false) {
echo "Error in executing query.</br>";
die(print_r(sqlsrv_errors(), true));
}
while ($row = sqlsrv_fetch_array($stmt)) {
if ($username == $row[0] && $password == $row[1]) {
$res = 'true';
$_SESSION['LOGIN_STATUS']=true;
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
break;
} else {
$res = 'FALSE';
}
}
CloseConnection($stmt, $conn);
echo $res;
}
答案 0 :(得分:0)
简单。不要在登录屏幕上包含会话。