您好我已经创建了登录系统,但由于某些原因它无法运行,我在一次登录后启动会话,然后检查会话是否为isset以及会话是否不超过1小时:
这是我在index.php上的登录脚本:
<?php
require 'mysql.php';
if(isset($_SESSION["username"]) && time() - $_SESSION["CREATED"] > 3600){
session_start();
session_unset();
session_destroy();
}
if(isset($_SESSION["username"]) && time() - $_SESSION["CREATED"] < 3600){
header('Location: main.php');
}
if (isset($_POST["login"])){
$username = $_POST["username"];
$password = $_POST["password"];
$stmt = $connect->prepare("SELECT username, password FROM users WHERE username=? ");
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
$rowcount = $result->num_rows;
if ($rowcount > 0){
while ($row = $result->fetch_assoc()) {
if ($row["username"] == $username && $row["password"] == $password){
if(!isset($_SESSION)) {
session_start();
}
$_SESSION["username"] = $username;
$_SESSION["usertype"] = $row["usertype"];
$_SESSION["userid"] = $row["id"];
$_SESSION["CREATED"] = time();
header('Location: main.php');
} else {
$error_msg2 = "Username or password does not mach";
$error2 = "error";
}
}
} else {
$error_msg2 = "No such user";
$error2 = "error";
}
echo $error_msg2;
$stmt->close();
$connect->close();
}
?>
这是main.php代码:
if(isset($_SESSION["username"]) && time() - $_SESSION["CREATED"] > 3600){
session_start();
session_unset();
session_destroy();
header('Location: index.php');
}
所以你登录的那些你将被重定向到main.php并且如果会话被设置你应该无法访问index.php cuz如果你试试你并且会话没有过期你将被重定向回你main.php相同如果主会话已过期,您将被重定向回index.php进行登录,但无论您是否登录,或者您都可以自由地在它们之间走动
答案 0 :(得分:1)
您必须先调用session_start()才能使用$ _SESSION。
<?php
require 'mysql.php';
session_start();
if(isset($_SESSION["username"]) && time() - $_SESSION["CREATED"] > 3600){
session_unset();
session_destroy();
}
答案 1 :(得分:1)
我有个建议。创建会话验证功能。
function sessionValidate($username,$id=NULL)
{
$status = session_status();
if($status == PHP_SESSION_NONE)
{
//There is no active session
session_start();
}
if(!isset($_SESSION[$username]))
{
return false;
}
$id = $_SESSION[$roleid];
if((time()- $_SESSION["created"]) >= 3600)
{
session_destroy();
return false;
}
return $id;
}
并在每个页面中检查它或在标题页中使用它。
if(!($userid=sessionValidate($username)))
{
error_log("No session logging out ....");
header('Location: index.php');
}
更新::
定义
session_status- 返回当前会话状态
返回值
PHP_SESSION_DISABLED - 如果会话被禁用。
PHP_SESSION_NONE - 如果已启用会话,但不存在会话。
PHP_SESSION_ACTIVE - 如果会话已启用且存在会话。
答案 2 :(得分:1)
在任何情况下都应该致电session_start - 它会为$_SESSION填充值。它也足以取消设置$_SESSION['username'],不需要销毁整个会话 - PHP可以解决这个问题。这是应该工作的代码:
<强>的index.php
<?php
require 'mysql.php';
session_start();
if (isset($_SESSION['username'])) {
if ($_SESSION['CREATED'] < 3600) {
header('Location: main.php');
exit;
}
unset($_SESSION['username']);
}
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = $connect->prepare('SELECT username, password FROM users WHERE username=? LIMIT 1');
$stmt->bind_param('s', $username);
$stmt->execute();
$result = $stmt->get_result();
$rowcount = $result->num_rows;
if ($rowcount > 0) {
$row = $result->fetch_assoc();
if ($row['username'] == $username && $row['password'] == $password) {
$_SESSION['username'] = $username;
$_SESSION['usertype'] = $row['usertype'];
$_SESSION['userid'] = $row['id'];
$_SESSION['CREATED'] = time();
header('Location: main.php');
exit;
} else {
$error_msg2 = 'Username or password does not mach';
$error2 = 'error';
}
} else {
$error_msg2 = 'No such user';
$error2 = 'error';
}
echo $error_msg2;
$stmt->close();
$connect->close();
}
<强> main.php
session_start();
if (!isset($_SESSION['username']) || time() - $_SESSION['CREATED'] > 3600){
unset($_SESSION['username']);
header('Location: index.php');
exit;
}