0

下面我有 5 个 php 脚本按顺序从用户登录到用户注销。现在我正在做的是我正在使用$SESSION来确定哪个用户已登录,然后使用 session_gcmaxlife 添加额外的时间,以便会话不会过期 12 小时。因此,这意味着用户可以保持登录状态 12 小时,在这段时间之后,它将自动注销用户。这只是制作登录系统的一个非常基本的原因。

但我想要做的是能够让用户无限期地保持登录状态,直到他们点击注销链接或关闭浏览器。我的问题是,在尽可能减少代码更改的情况下,如何更改以下代码以使用户保持登录状态,直到用户注销或关闭浏览器?

以下是 php 脚本,以显示当前正在发生的事情:

  1. Teacherlogin.php(这是用户输入登录详细信息以登录应用程序的脚本)
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php

// connect to the database
include('connect.php');
include('member.php');

  /* check connection */
  if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    die();
  }

  // required variables (make them explciit no need for foreach loop)
  $teacherusername = (isset($_POST['teacherusername'])) ? $_POST['teacherusername'] : '';
  $teacherpassword = (isset($_POST['teacherpassword'])) ? $_POST['teacherpassword'] : '';
  $loggedIn = false;
  $active = true;

  if ((isset($username)) && (isset($userid))){
      echo "You are already Logged In: <b>{$_SESSION['teacherforename']} {$_SESSION['teachersurname']}</b> | <a href='./menu.php'>Go to Menu</a> | <a href='./teacherlogout.php'>Logout</a>";
  }
  else{

  if (isset($_POST['submit'])) {

      $teacherpassword = md5(md5("g3f".$teacherpassword."rt4"));  

    // don't use $mysqli->prepare here
    $query = "SELECT TeacherId, TeacherForename, TeacherSurname, TeacherUsername, TeacherPassword, Active FROM Teacher WHERE TeacherUsername = ? AND TeacherPassword = ? LIMIT 1";
    // prepare query
    $stmt=$mysqli->prepare($query);
    // You only need to call bind_param once
    $stmt->bind_param("ss",$teacherusername,$teacherpassword);
    // execute query
    $stmt->execute(); 
    // get result and assign variables (prefix with db)
    $stmt->bind_result($dbTeacherId, $dbTeacherForename,$dbTeacherSurname,$dbTeacherUsername,$dbTeacherPassword, $dbActive);

    while($stmt->fetch()) {
      if ($teacherusername == $dbTeacherUsername && $teacherpassword == $dbTeacherPassword) {
if ($dbActive == 0) {
    $loggedIn = false;
    $active = false;
    echo "You Must Activate Your Account from Email to Login";
}else {
    $loggedIn = true;
    $active = true;
      $_SESSION['teacherid'] = $dbTeacherId;
      $_SESSION['teacherusername'] = $dbTeacherUsername;
}
      }
    }

    if ($loggedIn == true){
      $_SESSION['teacherforename'] = $dbTeacherForename;
      $_SESSION['teachersurname'] = $dbTeacherSurname;
      header( 'Location: menu.php' ) ;
      die();
    }

    if (!$loggedIn && $active && isset($_POST)) {
    echo "<span style='color: red'>The Username or Password that you Entered is not Valid. Try Entering it Again</span>";
    }

       /* close statement */
    $stmt->close();

    /* close connection */
    $mysqli->close();
  }
?>

2. member.php(这个脚本包含$SESSION变量来确定哪个用户登录。这是一个非常重要的脚本并且被包含(使用`include(member.php)能够确定用户是否已经登录) )

<?php

if (isset($_SESSION['teacherforename'])) {

$_SESSION['teacherforename'] = $_SESSION['teacherforename'];

}

if (isset($_SESSION['teachersurname'])) {

$_SESSION['teachersurname'] = $_SESSION['teachersurname'];

}

if (isset($_SESSION['teacherid'])) {

      $userid = $_SESSION['teacherid'];

  }

if (isset($_SESSION['teacherusername'])) {

      $username = $_SESSION['teacherusername'];

  }

        ?>

3. menu.php(这是菜单页面,用户可以使用显示的菜单选择他们希望导航到的页面)

   <?php

    ini_set('session.gc_maxlifetime',12*60*60);
    ini_set('session.gc_divisor', '1');
    ini_set('session.gc_probability', '1');
    ini_set('session.cookie_lifetime', '0');
    require_once 'init.php'; 

     ini_set('display_errors',1); 
     error_reporting(E_ALL);


    session_start();

    ?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
        <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
            <title>Menu</title>

            <link rel="stylesheet" type="text/css" href="menu.css">

            </head>

            <?php

            include('member.php');

            if ((isset($username)) && (isset($userid))){

    include('teachername.php');
            ?>

            <body>

                            <?php
            include('noscript.php');
            ?>

            <ul>
            <li><a href="create_session.php">Create an Assessment</a></li>
            </ul>

            <?php

        }else{

            echo "Please Login to Access this Page | <a href='./teacherlogin.php'>Login</a>";

        }

        ?>

4 createsession.php(这个页面是用户可以创建考试的地方,只有登录的用户可以访问这个页面)

<?php

        ini_set('session.gc_maxlifetime',12*60*60);
        ini_set('session.gc_divisor', '1');
        ini_set('session.gc_probability', '1');
        ini_set('session.cookie_lifetime', '0');
        require_once 'init.php'; 

        session_start();

        include('member.php');

        ?>

        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
        <html xmlns="http://www.w3.org/1999/xhtml">

        <head>
        <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
        <title>Create a New Assessment</title>
        <link rel="stylesheet" type="text/css" href="create_sessionStyles.css">

        <?php

        if ((isset($username)) && (isset($userid))){ 
        ?>

        <script>
        function showConfirm(){

        var confirmMsg=confirm(Are you Sure?);

        if (confirmMsg==true)
        {
        submitform();   
        }
        }

        function submitform()
        {

        $.post("insertsession.php", $("#sessionForm").serialize() ,function(data){
        var sessionFormO = document.getElementById("sessionForm");
        sessionFormO.submit();
        }); 

        }


        </script>
        </head>
        <body>


        <form action="QandATable.php" method="post" id="sessionForm">
        <p><strong>1: Number of Assessments you Require:</strong> <input type="text" id="sessionNo" name="sessionNum" onkeypress="return isNumberKey(event)" maxlength="5" /><br/><span id="sessionNoAlert"></span></p>
        <p><strong>2: Duration:</strong> <input type="text" id="durationpicker" name="durationChosen" readonly="readonly" /></p>
        <p><strong>3: Date:</strong> <input type="text" id="datepicker" name="dateChosen" readonly="readonly" /></p>
        <p><strong>4: Start Time:</strong> <input type="text" id="timepicker" name="timeChosen" readonly="readonly" /><span class="timepicker_button_trigger"><img src="Images/clock.gif" alt="Choose Time" /></span>    
        </form>

        <script type="text/javascript">

        function myClickHandler(){ 
        if(validation()){ 
        showConfirm(); 
        } 
        }


        </script>

        <?php

        }
        }
        }else{ 

        echo "Please Login to Access this Page | <a href='./teacherlogin.php'>Login</a>";

        }
        ?>

        </body>

5teacherlogout.php 最后这是注销页面,当用户单击注销链接(目前仅显示在menu.php中)时,它将转到该页面,并显示一条消息并执行注销销毁会话)

<?php

ini_set('session.gc_maxlifetime',12*60*60);
ini_set('session.gc_divisor', '1');
ini_set('session.gc_probability', '1');
ini_set('session.cookie_lifetime', '0');
require_once 'init.php'; 

ini_set('display_errors',1); 
error_reporting(E_ALL);


session_start();

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Menu</title>

<link rel="stylesheet" type="text/css" href="menu.css">

</head>

<?php

include('member.php');

?>

<body>

<?php

if ((isset($username)) && (isset($userid))){
session_destroy();
echo "You have been Logged Out | <a href='./home.php'>Home</a>";
}

else {

echo "You are Not Logged In";

}

?>

</body>
</html>
4

1 回答 1

0

会话 ID 作为 cookie 存储在客户端机器上。当客户端浏览器关闭时,会话 cookie 被清除。如果您希望用户在无限期处于非活动状态时保持登录状态,则必须对 setTimeout 或带有 HTTP-EQUIV 刷新元标记的隐藏 iframe 上的 ajax 请求执行某些操作,以保持递增/刷新服务器端会话到期。当客户端浏览器关闭时,隐藏的 iframe 或 ajax 刷新器将不再运行,会话将过期。

于 2012-11-13T20:59:20.967 回答