我正在尝试创建一个登录系统,根据登录类型,它将显示不同的页面。 (即以管理员身份登录,或其他各种角色)
这包含三个文件:
Login.php - 此处提交了各种表单,并根据表单值名称将会话变量设置为正确的级别(admin等)
Logout.php - 取消设置前面提到的变量。
Dashboard.php - 检查变量是否已设置,如果是,则加载相关信息,如果没有,则发送回index.php
请在下面找到代码:
的login.php
<?php
session_start();
if (isset($_POST['uname_driver']))
{
$username = $_POST['uname_driver'];
$hpassword = password_hash($_POST['hpass_driver'], PASSWORD_DEFAULT);
// Check here for login details within server
$_SESSION['loggedIn'] = "driver";
header("Location: dashboard.php");
}
if (isset($_POST['uname_restaurant']))
{
$username = $_POST['uname_restaurant'];
$hpassword = password_hash($_POST['hpass_restaurant'], PASSWORD_DEFAULT);
// Check here for login details within server
$_SESSION['loggedIn'] = "restaurant";
header("Location: dashboard.php");
}
if (isset($_POST['uname_admin']))
{
$username = $_POST['uname_admin'];
$hpassword = password_hash($_POST['hpass_admin'], PASSWORD_DEFAULT);
// Check here for login details within server
$_SESSION['loggedIn'] = "admin";
header("Location: dashboard.php");
}
Logout.php - 编辑以反映Juned的答案解决问题的一部分
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
header("Location: index.php");
Dashboard.php
<?php
session_start();
include("header.php");
if (isset($_SESSION['loggedIn']))
{
switch ($_SESSION['loggedIn'])
{
case "admin":
include("admin_dashboard.php");
break;
case "driver":
include("driver_dashboard.php");
break;
case "restaurant":
include("restaurant_dashboard.php");
break;
}
}
else
{
header("Location: index.php");
}
?>
登录似乎工作得非常好,直到我再次尝试记录 out ,通过仪表板上某个按钮的onclick事件和Jquery帖子实现注销,如下所示: / p>
$('#logoutOfDashboard').click(function(e)
{
e.preventDefault();
var reallyLogout=confirm("Do you really want to log out?");
if(reallyLogout)
{
$.post('logout.php', {})
.done(function(data)
{
window.location.replace("/");
})
}
});
同样,这似乎有效,但是如果我手动将/dashboard.php输入到URL栏中,它会按预期将我踢回index.php。 现在每当提交登录表单,并且应该重新创建会话变量时,dashboard.php会不断回到索引,好像它不在那里,我在此会话期间无法再登录。它几乎就像会话变量在未设置时缓存一样,永远不能重新设置
我尝试添加各种无缓存标头信息,例如:
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
但这似乎没有效果。对此的任何帮助或见解将不胜感激。
修改
的index.php
<?php
include("header.php");
?>
<body>
<div class="container">
<div class="jumbotron">
<h1>Website Coming Soon!</h1>
</div>
<div class="row marketing">
<div class="col-lg-6 center-block">
<a class="btn btn-lg btn-success btn-space center-block" href="/restaurant_login.php" role="button">Log In As Restaurant</a>
</div>
<div class="col-lg-6 center-block">
<a class="btn btn-lg btn-primary btn-space center-block" href="/driver_login.php" role="button">Log In As Driver</a>
</div>
</div>
<footer class="footer">
<p>© 2016</p>
</footer>
</div>
</body>
的header.php
<?php
date_default_timezone_set('Europe/London');
require_once('config.php');
require_once('functions.php');
function autoloader($class)
{
require_once(PUBLIC_BASE_PATH_PHP . "classes/$class.php");
}
spl_autoload_register("autoloader");
global $dbConn;
$dbConn = null;
if(!Database::connect())
{
die("Unable to connect to the database");
}
?>
<head>
<!-- Footer these scripts at end -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<!-- Merge these together and minify at end -->
<link rel="stylesheet" href="css/jumbotron-narrow.css">
<link rel="stylesheet" href="css/signin.css">
<link rel="stylesheet" href="css/style.css">
</head>
RestarauntLogin.php
<?php Header("Cache-Control: max-age=3000, must-revalidate");
include("header.php");
?>
<div class="container">
<form class="form-signin" action="/login.php" method="post">
<h2 class="form-signin-heading">Please sign in</h2>
<label for="inputEmail" class="sr-only">Email</label>
<input type="email" name = "uname_restaurant" id="inputEmail" class="form-control" placeholder="Email" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name = "hpass_restaurant" id="inputPassword" class="form-control" placeholder="Password" required>
<button class="btn btn-lg btn-success btn-block" type="submit">Sign in</button>
<a href = "/" class="btn btn-lg btn-primary btn-block" role="button">Back</a>
</form>
</div>
答案 0 :(得分:4)
我尝试使用您的代码从我的计算机创建本地测试页。它似乎工作正常。如果您正在处理会话和cookie,并且您进行了大量测试或调试(有时会弄乱浏览器),我可以提出建议。尝试清除缓存/ cookie。我的意思是将其放在评论部分,但我没有足够的声誉:)但如果这没有帮助,请告诉我,我将其删除。
答案 1 :(得分:3)
您需要销毁会话,因此您需要通过吃会话cookie来完全销毁会话,而不是仅仅取消设置$ _SESSION [&#34; loggedin&#34;]。 PHP有一个内置函数来为你做这个:session_destroy();
请参阅:http://php.net/manual/en/function.session-destroy.php
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
答案 2 :(得分:1)
根据我的理解,这里发生的主要问题是在整个系统中保持会话。
我为登录系统编写了一个简单的代码,我相信有助于理解这一点。在查看Aphire的代码之前,我想提一下在代码中使用Ajax是没有意义的,因为最后有一个页面刷新,所以如果你将用户直接重定向到logout.php会更好。
无论如何,请参阅下面给出的代码,这肯定有助于理解登录系统中的会话使用。
<强>的login.php 强>
<?php
$name = $_GET['name'];
session_start();
if(isset($_SESSION['loggedIn']))
{
header("Location: dashboard.php");
} else {
if (isset($name))
{
$_SESSION['loggedIn'] = $name;
header("Location: dashboard.php");
} else {
echo "Please provide correct input";
}
}
?>
<强> logout.php 强>
<?php
// Initialize the session.
session_start();
// Finally, destroy the session.
session_destroy();
header("Location: login.php");
?>
<强> dashboard.php 强>
<?php
session_start();
if (isset($_SESSION['loggedIn']))
{
switch ($_SESSION['loggedIn'])
{
case "admin":
echo "admin";
break;
case "driver":
echo "driver";
break;
case "restaurant":
echo "restaurant";
break;
default:
header("Location: login.php");
session_destroy();
}
}
else
{
header("Location: login.php");
}
?>
<a href="logout.php">Logout</a>
答案 3 :(得分:0)
请尝试使用window.location.replace()
window.location.href='/'
答案 4 :(得分:0)
您是否尝试保留会话ID,但只删除会话数据?我想没有必要删除会话ID。
我正在谈论从logout.php
中删除这段代码:
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
所以,logout.php
现在看起来像是:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
header("Location: index.php");
这应该足以“注销”用户。
答案 5 :(得分:0)
我从你的片段创建了一个小版本&amp;在我的localhost上尝试过Roljhon
一切似乎都很好。我认为其他代码或您的服务器配置可能存在问题。我不知道。
如果它有帮助,这是我测试过的代码:
<强> loginForm.php 强>
<?php
Header("Cache-Control: max-age=3000, must-revalidate");
//include("header.php");
?>
<div class="container">
<form class="form-signin" action="login.php" method="post">
<input type="email" name = "uname_restaurant" id="inputEmail" class="form-control" placeholder="Email" required autofocus>
<input type="password" name = "hpass_restaurant" id="inputPassword" class="form-control" placeholder="Password" required>
<button class="btn btn-lg btn-success btn-block" type="submit">Sign in</button>
</form>
</div>
<强>的login.php 强>
<?php
session_start();
if (isset($_POST['uname_restaurant']))
{
$username = $_POST['uname_restaurant'];
$hpassword = password_hash($_POST['hpass_restaurant'], PASSWORD_DEFAULT);
$_SESSION['loggedIn'] = "restaurant";
}
var_dump($_SESSION);
die("Location: dashboard.php");
<强> dashboard.php 强>
<?php
session_start();
//include("header.php");
if (isset($_SESSION['loggedIn']))
{
switch ($_SESSION['loggedIn'])
{
case "admin":
die("admin_dashboard.php");
break;
case "driver":
die("driver_dashboard.php");
break;
case "restaurant":
die("restaurant_dashboard.php");
break;
}
}
else
{
die("Location: index.php");
}
<强> logout.php 强>
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
die("Location: index.php");