好的,所以在我的主登录php页面上我有这个:
<?php
session_start();
require 'connect.php';
if(mysqli_connect_errno()) {
echo 'Failed to Connect to MySQL' . mysqli_connect_errno();
}
if(isset($_POST['submit'])) {
//Variables
$user = $_POST['username'];
$pass = md5 ($_POST['password']);
//prevent MySQL Inject
$user = stripslashes($user);
$pass = stripslashes($pass);
$query = mysqli_query($con, "SELECT * FROM tech WHERE username = '$user' and password = '$pass'") or die("Can not query the DB");
$count = mysqli_num_rows($query);
if($count == 1) {
$_SESSION['username'] = $user;
$url = 'home.php';
echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';
} else {
echo 'Username and Password do not match! Try Again';
$url = 'carelogin.php';
echo '<META HTTP-EQUIV=Refresh CONTENT="2; URL='.$url.'">';
session_destroy();
}
}
?>
然后,在最顶层的每一页上我都有这个。
<?php
session_start();
require_once 'connect.php';
if(!isset($_SESSION['username'])) {
echo "<h1>You are not an authorised user</h1>";
$url = 'carelogin.php';
echo '<META HTTP-EQUIV=Refresh CONTENT="1; URL='.$url.'">';
} else {
}
?>
如果我点击REFRESH或者我前进或后退的话,大约30秒左右没有在任何页面上触摸我的鼠标,它会一直让我退出。我不明白。我已经设置了所有会话,但在30秒内我就退出了。
有人请修改我的代码以允许我保持登录状态直到我点击退出感谢你们!
答案 0 :(得分:2)
请用此增加会话超时:
// server should keep session data for AT LEAST 1 hour
ini_set('session.gc_maxlifetime', 3600);
// each client should remember their session id for EXACTLY 1 hour
session_set_cookie_params(3600);
session_start(); // ready to go!
答案 1 :(得分:2)
我认为你会发现人们会为这种事情建议一个框架,但是,如果你要尝试登录,你可能会想要更彻底地分割你的脚本以适应更干净和更易扩展的代码。此外,请确保在测试网站时关注页面上发生的任何错误/警告,以警告ini_set("display_errors",1); error_reporting(E_ALL); session_start()以上password_hash()。
这是一些比你拥有的更复杂的代码,但它应该保护你免受注射。请注意,每个文件的所有文件夹都应与域根相关。另请注意,您需要使用// This is your database. Fill out the credentials in the connect() method
// I use PDO because I think personally it's easier to use
class DatabaseConfig
{
private static $singleton;
public function __construct()
{
if(empty(self::$singleton))
self::$singleton = $this->connect();
return self::$singleton;
}
// This is the method that creates the database connection
public function connect($host = "localhost", $username = "username", $password = "password", $database = "database")
{
// Create connection options
// 1) Make PDO Exception errors, 2) Do real binding 3) By default prefer fetching associative arrays
$opts = array( PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_EMULATE_PREPARES => false,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC);
$conn = new PDO('mysql:host='.$host.';dbname='.$database, $username, $password,$opts);
// Send back the database connection. You can use a "utf-8" character setting here as well...
return $conn;
}
}
函数将所有密码存储在数据库中。你可以使用其中的一部分,所有这一切都没有,但是如果你使用它,请务必查看PHP手册以了解这一切是做什么的:
<强> /core.processor/classes/class.DatabaseConfig.php
// This is a simple query engine. It allows for binding (or not binding)
class QueryEngine
{
private $results;
private static $singleton;
public function __construct()
{
if(empty(self::$singleton))
self::$singleton = $this;
return self::$singleton;
}
// This method sends queries to your database
public function query($sql = false,$bind = false)
{
$this->results = 0;
// Create database connection
$db = new DatabaseConfig();
// Attempt to connect and fetch data
try {
// Bind or not bind, provided there is a bind array
// This is important to look up!
if(!empty($bind)) {
$query = $db ->connect()
->prepare($sql);
$query->execute($bind);
}
else {
$query = $db ->connect()
->query($sql);
}
$this->results = $query;
}
catch (PDOException $e)
{
die($e->getMessage());
}
return $this;
}
// This method will fetch an the associative array if used with select statement
public function fetch()
{
while($row = $this->results->fetch())
$result[] = $row;
return (!empty($result))? $result : 0;
}
}
<强> /core.processor/classes/class.QueryEngine.php
// This class deals with functions that should happen before the page outputs to the browswer
class HeaderProcessor
{
private static $userData;
// This method just sits and waits for actions to happen
// This method should expand with whatever you plan to do in the future
public static function eventListener($array = array())
{
if(isset($array['action'])) {
if($array['action'] == 'login') {
if(self::getLogin($array['username'],$array['password'])) {
if(self::setSession(self::$userData)) {
$_SESSION['password'] = NULL;
}
header("Location: home.php");
exit;
}
}
elseif($array['action'] == 'logout') {
session_destroy();
header("Location: loggedout.php");
exit;
}
}
}
// Process login
private static function getLogin($user,$pass)
{
$query = new QueryEngine();
$getUser = $query ->query("SELECT * FROM `users` WHERE `username` = :0",array($user))
->fetch();
if($getUser == 0)
return false;
self::$userData = $getUser[0];
// Verify the password hash (this is why you need to store your passwords differently in your db
return password_verify($pass,$getUser[0]['password']);
}
// Assign session variables
private static function setSession($userData)
{
$_SESSION = array_filter(array_merge($userData,$_SESSION));
return true;
}
// This can set options for your site, I just threw in timezone
// as well as the class autoloader
public static function initApp($settings = false)
{
$timezone = (!empty($settings['timezone']))? $settings['timezone'] : 'America/Los_Angeles';
include_once(FUNCTIONS_DIR."/function.autoLoader.php");
date_default_timezone_set($timezone);
}
}
<强> /core.processor/classes/class.HeaderProcessor.php
// This function will auto load your classes so you don't have to always
// include files. You could make a similar function to autoload functions
function autoLoader($class)
{
if(class_exists($class))
return true;
if(is_file($include = CLASS_DIR.'/class.'.$class.'.php'))
include_once($include);
}
<强> /core.processor/functions/function.autoLoader.php
/*** This config is located in the root folder and goes on every page ***/
// Start session
session_start();
// Define common places
define("ROOT_DIR",__DIR__);
define("CLASS_DIR",ROOT_DIR.'/core.processor/classes');
define("FUNCTIONS_DIR",ROOT_DIR.'/core.processor/functions');
// Require the page initializer class
require_once(CLASS_DIR."/class.HeaderProcessor.php");
// Initialize the autoloader for classes
// Load timezone
// You can put any other preset in this method
HeaderProcessor::initApp();
// Here is where you put in events like login, logout, etc...
HeaderProcessor::eventListener($_POST);
// Use this function to help load up classes
spl_autoload_register('autoLoader');
<强> /config.php
<?php
// add in the config file
require(__DIR__."/config.php");
?><!DOCTYPE html>
<html>
<meta charset="UTF-8">
<title>My Login</title>
<head>
</head>
<body>
<form id="loginForm" method="post" action="">
<input name="username" type="text" />
<input name="password" type="password" />
<input name="action" type="hidden" value="login" />
<input type="submit" value="LOGIN" />
</form>
</body>
</html>
<强> /login.php
{{1}}
答案 2 :(得分:0)
首先,你需要找出你的php设置:
使用以下行在项目的根目录下创建一个info.php文件:
<?php
phpinfo();
在浏览器中加载页面并找到以下变量:
session.gc_maxlifetime
您的会话可能会在很短的时间后设置为暂停(默认值约为24分钟,但显示的值以秒为单位 - 1440)。在您的情况下,此值可能等于30
要将其更改为您喜欢的时间长度,您需要更改您的php设置,如下所示(确保您拥有在服务器上进行写入更改的权限):
找到您的php.ini设置文件。它可能位于您的Linux服务器上的以下位置:
/etc/php/7.0/apache2/php.ini
您应该使用您选择的编辑器打开此文件,例如命令行上的nano如下:
sudo nano /etc/php/7.0/apache2/php.ini
找到以下变量:
session.gc_maxlifetime
将相应的值更改为较长的时间范围,例如1天,您可以按如下方式计算:1天* 24小时* 60分钟* 60秒= 86400秒
按如下方式进行设置:
session.gc_maxlifetime = 86400
保存文件并从命令行重启apache,如下所示:
sudo service apache2 restart
重新加载您的info.php文件,更改应该已生效。
答案 3 :(得分:-1)
编辑:我删除了我的第一个建议
或试试我的代码
这里将检查您是否已连接到您的数据库我将其命名为connect.inc.php
<?php
if(!mysql_connect('localhost', 'root', '')|| !mysql_select_db('byp_db'))
{
die(mysql_error());
}
?>
接下来,我创建了core.inc.php,用于检查您是否已经在session,您将使用loggedin()方法
<?php
error_reporting(E_ALL ^ E_NOTICE);
ob_start();
session_start();
$current_file = $_SERVER['SCRIPT_NAME'];
$http_referer = $_SERVER['HTTP_REFERER'];
function loggedin() {
if(isset($_SESSION['user_p_info_id'])&&!empty($_SESSION['user_p_info_id'])) {
return true;
}else {
return false;
}
}
function getuserfield($field){
$query = "SELECT `$field` FROM `user_p_info` where `user_p_info_id`='".$_SESSION['user_p_info_id']."'";
if($query_run = mysql_query($query)){
if($query_result = mysql_result($query_run, 0, $field)){
return $query_result;
}
}
}
?>
接下来,您将创建登录表单
<?php
require 'connections/connect.inc.php';
require 'connections/core.inc.php';
if(isset($_POST['uname']) && isset($_POST['password'])){
$uname = $_POST['uname'];
$pword = $_POST['password'];
//echo $uname;
//echo $pword;
if(!empty($uname)&&!empty($pword)){
$query_login = "SELECT * FROM user_a_info where username = '$uname' and password = '$pword'";
//echo $query_login;
$query_result = mysql_query($query_login);
$num_rows = mysql_num_rows($query_result);
if($num_rows == 0){
?>
<script type="text/javascript">
alert("Invalid Data !");
</script>
<?php
}else{
//echo "validated";
$user_p_info_id = mysql_result($query_result, 0, 'user_p_info_id');
$_SESSION['user_p_info_id']=$user_p_info_id;
header('Location: index.php');
}
}
}
?>
<form action="login.php" method="POST">
<p> USERNAME : <input type="text" name="uname" /> </p>
<p> PASSWORD : <input type="password" name="password" /> </p>
<p> <input type="submit" value="LOGIN" /> </p>
</form>
然后您的注销功能将如下所示
<?php
require 'core.inc.php';
session_destroy();
header('Location: ../index.php');
?>
请注意,如果你想检查一下你是否在session或者只是放了这个条件
<?php
require 'connections/connect.inc.php';
require 'connections/core.inc.php';
if(loggedin()) {
// Do something
}
?>
希望这有帮助