PHP与会话中的注销问题

时间:2011-05-16 07:00:50

标签: php mysql html

我正在尝试为页面创建登录和注销脚本,但由于某种原因,它对我来说效果不佳。它似乎工作正常,直到我尝试注销。它似乎破坏了会话变量,但它仍然让我查看页面。  继承我的登录代码:

代码: 的login.php 

<?php
// Use session variable on this page. This function must put on the top of page.

session_start();
////// Logout Section. Delete all session variable.
session_destroy();
$Name=$_POST['Name'];
$Pass=$_POST['Pass'];

// To protect MySQL injection (more detail about MySQL injection)

$Name = stripslashes($Name);
$Pass = stripslashes($Pass);
$Name = mysql_real_escape_string($Name);
$Pass = mysql_real_escape_string($Pass);

$sql="SELECT * FROM reg1 WHERE uname='$Name' and pass='$Pass'";
$result=mysql_query($sql);
if(mysql_num_rows($result)!='0') // If match.
{
session_register("uname"); // Craete session username.
header("location:loged.php"); // Re-direct to loged.php
exit;
}else{ // If not match.
echo '<script type="text/javascript">
        window.alert("Wrong UserName And Password");
        window.location="index.php"
        </script>';
}

 // End Login authorize check.



?>

logout.php 

<?php

// Inialize session
session_start();

// Delete certain session
unset($_SESSION['uname']);
// Delete all session variables
session_destroy();

// Jump to login page
 header("Location: index.php?msg=Successfully Logged out");
 }


?>

感谢每一个......

5 个答案:

答案 0 :(得分:2)

您正在设置会话,但无论是否设置,您都不会检查它。意味着您没有检查用户是否已登录..您需要这样做

if (!isset($_SESSION['uname'])) /*If uname not set then it is a guest*/
{
    //page contents for guest user
}
else
{
   //page for authenticated user.
}

答案 1 :(得分:1)

从PHP 5.3.0开始,不推荐使用

session_register()。替换:

session_register("uname"); // Craete session username.

使用:

$row = mysql_fetch_assoc($result);
$_SESSION['uname'] = $row['uname'];

退出(替换session_destroy()):

////// Logout Section.
unset($_SESSION['uname']);

最终结果如下:

<?php
// Use session variable on this page. This function must put on the top of page.
session_start();

// Logout Section
if (isset($_SESSION['uname']))
    unset($_SESSION['uname']);

// Login Section
$Name=$_POST['Name'];
$Pass=$_POST['Pass'];

// To protect MySQL injection (more detail about MySQL injection)
$Name = stripslashes($Name);
$Pass = stripslashes($Pass);
$Name = mysql_real_escape_string($Name);
$Pass = mysql_real_escape_string($Pass);

$sql="SELECT * FROM reg1 WHERE uname='$Name' and pass='$Pass'";
$result=mysql_query($sql);
if(mysql_num_rows($result)!='0') // If match. {
    $row = mysql_fetch_assoc($result);
    $_SESSION['uname'] = $row['uname'];
    header("Location: loged.php"); // Re-direct to loged.php
    exit;
} else { // If not match.
    echo '<script type="text/javascript">
        window.alert("Wrong UserName And Password");
        window.location="index.php"
        </script>';
}
?>

注销脚本(语法错误已修复且session_destroy();因为不必要):

<?php
// Inialize session
session_start();

// Delete certain session
if (isset($_SESSION['uname'])) {
    unset($_SESSION['uname']);
}

// Jump to login page
 header("Location: index.php?msg=Successfully Logged out");
?>

如何检查是否已登录:

session_start();
if (isset($_SESSION['uname']))
{
    // logged in
}
else
{
   // not logged in
}

答案 2 :(得分:0)

在您希望仅由登录用户访问的页面中,您是否检查$ _SESSION ['uname']的值?

答案 3 :(得分:0)

我认为只有session_destroy();功能足以让你退出。你不需要取消'uname'。对于用户登录后会出现的那些页面,您必须在每个页面的顶部应用一些会话检查功能......

答案 4 :(得分:0)

如果uname是用于验证用户是否已登录的值,则应尝试先放置:

session_destroy();然后取消设置($ _ SESSION ['uname'])

我希望这适合你......

相关问题
最新问题