我的网站上有一个注册系统,一旦用户注册,该系统会将用户带到home.php。在home.php上有一个注销链接,当用户单击它时,他们将注销并转到index.php。我遇到的问题是,用户注销后仍然可以访问home.php。
这是index.php
<!DOCTYPE html>
<?php
session_start();
?>
<html>
<head>
</head>
<body>
<form action="verify_registration_form.php" method="post">
<br>
<input type="username" id="user_name" name="user_name" placeholder="Username" required>
<br><br><br><br><input type="password" id="user_pass_word" name="user_pass_word" placeholder="Password" required>
<br><br><br><br><input type="email" id="user_email" name="user_email" placeholder="Email" required>
<br><br><br><br><input type="submit" class="submit_registration_form_button" id="submit_registration_form_button" name="submit_registration_form_button" value="Sign Up">
</form>
<form action="verify_login_form.php" method="post">
<input type="username" id="user_name_login" name="user_name_login" placeholder="Username" required>
<input type="password" id="user_pass_word_login" name="user_pass_word_login" placeholder="Password" required>
<input type="submit" class="submit_user_login_form_button" id="submit_user_login_form_button" name="submit_registration_form_button" value="Log In">
</form>
</body>
</html>
这是verify_registration_form.php
<!DOCTYPE html>
<?php
session_start();
if($_SERVER['REQUEST_METHOD'] != 'POST') {
header("Location: index.php");
}else{
$connection = mysqli_connect("localhost", "root", "", "websiteusers");
if(!$connection) {
echo "Could not connect to MYSQL database";
}
echo "Succesfully connect to MYSQL database";
$connection = mysqli_connect("localhost", "root", "", "websiteusers");
$username = mysqli_real_escape_string($connection, $_POST["user_name"]);
$userpassword = mysqli_real_escape_string($connection, $_POST["user_pass_word"]);
$hasheduserpassword = password_hash($userpassword, PASSWORD_DEFAULT);
$useremail = mysqli_real_escape_string($connection, $_POST["user_email"]);
$sql = "SELECT UserEmail FROM websiteusers WHERE UserEmail='$useremail'";
$result = mysqli_query($connection, $sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
if(mysqli_num_rows($result) == 1) {
echo "That email adress is already taken. Please choose another email adress";
}else{
$query = mysqli_query($connection, "INSERT INTO websiteusers (UserName, UserPassWord, UserEmail) VALUES ('$username', '$hasheduserpassword', '$useremail')");
if($query) {
echo "You are now registered!";
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header("Location: home.php");
}else{
echo "Could not create new account";
}
}
}
// }
?>
<html>
<head>
</head>
<body>
</body>
</html>
这是home.php
<!DOCTYPE html>
<?php
session_start();
if(!isset($_SESSION['username'])) {
header('Location: index.php');
}
?>
<html>
<head>
</head>
<body>
<?php
echo $_SESSION["success"];
?>
<?php if (isset($_SESSION['username'])) : ?>
<p>Welcome <?php echo $_SESSION['username']; ?>
<br><br>
<form action="logout.php" method="post">
<input type="submit" id="logoutbutton" name="logoutbutton" class="logoutbutton" value="Logout">
</form>
这是logout.php
<!DOCTYPE html>
<?php
if(isset($_POST["logoutbutton"])) {
session_destroy();
session_unset();
unset($_SESSION['username']);
unset($_SESSION['success']);
header("Location: index.php");
}else{
}
?>
<html>
<head>
</head>
<body>
</body>
</html>
答案 0 :(得分:2)
更改您的logout.php
<?php
if(isset($_POST["logoutbutton"])) {
session_start();
session_unset();
session_destroy();
header("Location: index.php");
}
?>