我有一个系统设置,我的网站需要知道谁登录后登录时会保存,并且他们的加密存储在我的目录中的文本文档中。如果这些中的任何一个被篡改,该站点进入我的错误页面,它完美地运行,但是当我设置我的注销以销毁会话时,它会转到我的错误页面而不是我的索引。有人知道我在哪里出错吗?
<?php
ob_clean();session_start();
if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == false) {
header("Location: index.php");
}
if (isset($_GET['logout'])){
session_destroy();
}
else{
if (isset($_GET['Username'])){
if (isset($_GET['Encryption'])){
$Username = $_GET['Username'];
$Encryption = $_GET['Encryption'];
if (is_dir("USERS/".$Username) === true) {
if($Encryption == file_get_contents("USERS/".$Username."/Encryption.txt")){
$NoOfDocs = file_get_contents("USERS/".$Username."/NoOfDocuments.txt");
}
else{
header("Location: 201Error.php");
}
}
else{
header("Location: 201Error.php");
}
}
}
}
if(empty($Username)){
header("Location: 201Error.php");
}
if (empty($Encryption)){
header("Location: 201Error.php");
}
?>
编辑1 好的,所以我尝试过改变
if (isset($_GET['logout'])){
session_destroy();
}
到
if (isset($_GET['logout'])){
session_destroy();
header("Location: index.php");
exit();
}
和
if (isset($_GET['logout'])){
session_destroy();
header("Location: index.php");
die();
}
他们两人仍然向我提供相同的结果,将我发送到我的错误页面。 (顺便说一句,感谢你的帮助):)
编辑2 这是我的索引页面上的php,这一切对我来说都很好,但可能会有一些我不知道的东西?
<?php
ob_clean();session_start();
if (isset($_GET['logout'])){
session_destroy();
}
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true){
header("Location: Home.php");
}
$Username = $_POST['username'];
$EnteredPassword = $_POST['password'];
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
if (empty($Username)){
echo '<font color="#FF0000"><p align="center">Username or Password incorrect please try again</p></font>';
}
else {
if (is_dir("USERS/".$Username) === true){
$myFile=fopen("USERS/".$Username."/Password.txt","r") or exit("Can't open file!");
$CorrectPassword = fgets($myFile);
fclose($myFile);
if ($CorrectPassword == $EnteredPassword){
$_SESSION['loggedin'] = true;
$Encryption = file_get_contents("USERS/".$Username."/Encryption.txt") or exit("Can't write file!");
header("Location: Home.php?isset=true&Username=$Username&Encryption=$Encryption");
}
else {
echo '<font color="#FF0000"><p align="center">Username or Password incorrect please try again</p></font>';
}
}
else {
echo '<font color="#FF0000"><p align="center">Username or Password incorrect please try again</p></font>';
}
}
}
if (isset($_GET['Error'])){
$Error = $_GET['Error'];
if ($Error == '201'){
echo '<font color="#FF0000"><p align="center">Unfortunately, a security protocol has been invoked and therefore you have been logged out.</p></font>';
}
}
?>
答案 0 :(得分:0)
好吧所以我已经解决了我删除了if空语句的问题,因为无论如何都不需要它们,好像用户名和密钥不一样,无论如何它都会被调用,所以如果它是空的那么它就是不一样,然后他们就会退出。现在我也得到了Kamlesh Gupta的帮助,解决了主要问题。所以所有代码现在都是这样的。
<?php
ob_clean();
session_start();
if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == false) {
header("Location: index.php");
exit(); // need to put exit after header if you don't need to go further
}
if (isset($_GET['logout'])){
session_destroy();
header("Location: index.php");
exit();
}
else{
if (isset($_GET['Username'])){
if (isset($_GET['Encryption'])){
$Username = $_GET['Username'];
$Encryption = $_GET['Encryption'];
if (is_dir("USERS/".$Username) === true) {
if($Encryption == file_get_contents("USERS/".$Username."/Encryption.txt")){
$NoOfDocs = file_get_contents("USERS/".$Username."/NoOfDocuments.txt");
}
else{
header("Location: 201Error.php");exit();
}
}
else{
header("Location: 201Error.php");exit();
}
}
}
}
?>
感谢所有帮助人员:)