我正在开发学生生命周期管理系统。在此之下,我需要提供一些改进的安全性。我的代码工作正常。但我有以下问题。
当我使用echo $_SESSION[];时,在简单网页中全部命令
打印会话详细信息。(如果我有两个站点,则当我在站点1上运行echo $_SESSION[];时,也可以在站点2上看到会话详细信息)
当我在单独的网页中使用session_destroy()时,
(简单地,我们想,我有两个站点具有相同的登录格式。当我在站点1上运行session_destroy时,站点2也注销了。这是一个问题)
我需要避免这种情况。
会话创建代码
<?php
session_start();
if(isset($_SESSION['username'])){
header("location:htdocs/dashbd.php");
}
include ('svr/conn.php');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$user_name = (isset($_POST['u_name']) ? $_POST['u_name'] : null);
$password = sha1(md5($_POST['password']));
if (!empty($user_name) && !empty($password)) {
$sql = "SELECT * FROM users WHERE User_Name='$user_name' && Password='$password'";
$result = mysqli_query($conn, $sql);
if ($row = mysqli_num_rows($result) == 1) {
$_SESSION['username'] = $user_name;
$_SESSION['last_login_timestamp'] = time();
$id=$_SESSION['last_login_timestamp'];
$pc_name= gethostname();
$com_user=get_current_user();
$sql1="Insert Into logins(id,user,com_user,com_name)values($id,'$user_name','$com_user','$pc_name')";
$sql2 = "INSERT INTO log_details (user,table_name,description) VALUES('$user_name','logins','Successfully Login $user')";
mysqli_query($conn, $sql2);
mysqli_query($conn, $sql1);
header("location:htdocs/dashbd.php");
} else {
echo '<script type="text/javascript">';
echo 'alert("Your Password Is Incorrect");';
// echo 'window.location = "index.php";';
echo '</script>';
}
} else {
echo '<script type="text/javascript">';
echo 'alert("User name or Password Cannot Be empty");';
// echo 'window.location = "index.php";';
echo '</script>';
} }
会话检查代码。
<?php
session_start();
if(!isset($_SESSION['username'])){
echo '<script type="text/javascript">';
echo 'alert("Access Denied !");';
echo 'window.location = "index.php";';
echo '</script>';
}else{
include '../svr/auto-logout.php';
include '../svr/conn.php';
$user=$_SESSION['username'];
$sql="select * from user_permission where user_name='$user' and permission='Add-Student' and del_status=1 ";
$res= mysqli_query($conn, $sql);
if(mysqli_num_rows($res)<1){
echo '<script type="text/javascript">';
echo 'alert("You have no Permission to Access this Page !");';
echo 'window.location = "index.php";';
echo '</script>';
}
include '../svr/auto-logout.php';
}