我有一个简单的登录/注销脚本,你不应该直接访问我称之为' success.php '的特定页面。我不知道某个地方是否有拼写错误,或者我的会话是否无法正常运作。
的index.php
<?php
// Start the session
session_start();
// Defines username and password. Retrieve however you like,
$username = "user";
$password = "pw";
// Error message
$error = "";
// Checks to see if the user is already logged in. If so, refirect to correct page.
if (isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] == true) {
$error = "success";
header('Location: success.php');
}
// Checks to see if the username and password have been entered.
// If so and are equal to the username and password defined above, log them in.
if (isset($_POST['username']) && isset($_POST['password'])) {
if ($_POST['username'] == $username && $_POST['password'] == $password) {
$_SESSION['loggedIn'] = true;
setcookie('userName', $_POST['username'], time()+3600); // Expiring after 2 hours
header('Location: success.php');
} else {
$_SESSION['loggedIn'] = false;
$error = "<p style='color:red;font-size:11px;'>Invalid username and/or password!</p>";
}
}
<div class="col-md-3 col-lg-2 col-sm-6 col-xs-6">
<div class="form-login">
<form method="post" action="index.php">
<h4 style="color: #FFF;">S-Files</h4>
<input type="text" name="username" class="form-control" placeholder="username" maxlength="40" autofocus required />
<br />
<input id="password" type="password" name="password" class="form-control" placeholder="password" maxlength="15" required />
<br />
<div class="wrapper">
<span class="group-btn">
<button type="submit" name="submit" class="btn btn-primary btn-md">login <i class="fa fa-sign-in" ></i></button>
</span>
</div>
</form>
<!-- Output error message if any -->
<?php echo $error; ?>
</div>
</div>
success.php
<?php
// Start the session
session_start();
// ob_start();
// Check to see if actually logged in. If not, redirect to login page
if (!isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] == false && !isset($_COOKIE['userName']))
{
header('Location: index.php');
}
Logout.php
<?php
session_start();
$_SESSION['loggedIn'] = false;
unset($_SESSION);
// Delete cookie
if (isset($_COOKIE['userName']))
{
unset($_COOKIE['userName']);
setcookie('userName', '', time() - 3600); // empty value and old
timestamp
}
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
header("Location: index.php");
所以我的问题是用户可以输入网址 /success.php 并查看其中的内容而无需登录,我希望将它们重定向到 index.php 如果他们没有经过身份验证。我做错了什么?
答案 0 :(得分:0)
您的情况有误,'因为您使用AND代替OR进行会话检查,您无法在“会话需要不存在”和&amp;&amp; “会话需要设置为FALSE”,设置为FALSE的会话会为false返回!isset($_SESSION['loggedIn]),因此整个条件将为false并且用户不会被重定向。
因此,您可以通过以下方式更改代码:
session_start();
if(isset($_SESSION['loggedIn'])
{
if($_SESSION['loggedIn'] != true)
{
header("location:index.php");
}
}
else
{
header("location:index.php");
}
答案 1 :(得分:0)
我打开了错误报告,我收到了500错误:“警告:无法修改标题信息 - 第3行已经发送的标题 ... blabla ...”。我删除了第3行的代码并将其粘贴在上面的行中并且工作正常。最小的问题,总是最大的..我猜它有一些关系,它自动添加一些奇怪的不可见符号到那条线或类似的东西。 this stack-thread帮了我一堆!
另外,感谢所有回复!