下面我有 3 个 php 脚本,从用户登录到存储登录详细信息,然后再注销。现在我正在做的是我正在使用$SESSION来确定哪个用户已登录,然后使用 session_gcmaxlife 添加额外的时间,以便会话不会过期 12 小时。因此,这意味着用户可以保持登录状态 12 小时,在这段时间之后,它将自动注销用户。这只是制作登录系统的一个非常基本的原因。
但我想要做的是能够让用户无限期地保持登录状态,直到他们点击注销链接或关闭浏览器。我的问题是,在尽可能减少代码更改的情况下,如何更改以下代码以使用户保持登录状态,直到用户注销或关闭浏览器?
这可以通过最少的代码更改来完成吗,我展示 5 个 php 脚本的原因是为了让我可以看到每个不同的脚本需要进行哪些更改,所以我应该能够对应用程序中的其他脚本进行更改.
能否请您显示一个示例代码,以便我可以查看如何以及在何处进行更改。
以下是 php 脚本,以显示当前正在发生的事情:
- Teacherlogin.php(这是用户输入登录详细信息以登录应用程序的脚本)
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php
// connect to the database
include('connect.php');
include('member.php');
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
die();
}
// required variables (make them explciit no need for foreach loop)
$teacherusername = (isset($_POST['teacherusername'])) ? $_POST['teacherusername'] : '';
$teacherpassword = (isset($_POST['teacherpassword'])) ? $_POST['teacherpassword'] : '';
$loggedIn = false;
$active = true;
if ((isset($username)) && (isset($userid))){
echo "You are already Logged In: <b>{$_SESSION['teacherforename']} {$_SESSION['teachersurname']}</b> | <a href='./menu.php'>Go to Menu</a> | <a href='./teacherlogout.php'>Logout</a>";
}
else{
if (isset($_POST['submit'])) {
$teacherpassword = md5(md5("g3f".$teacherpassword."rt4"));
// don't use $mysqli->prepare here
$query = "SELECT TeacherId, TeacherForename, TeacherSurname, TeacherUsername, TeacherPassword, Active FROM Teacher WHERE TeacherUsername = ? AND TeacherPassword = ? LIMIT 1";
// prepare query
$stmt=$mysqli->prepare($query);
// You only need to call bind_param once
$stmt->bind_param("ss",$teacherusername,$teacherpassword);
// execute query
$stmt->execute();
// get result and assign variables (prefix with db)
$stmt->bind_result($dbTeacherId, $dbTeacherForename,$dbTeacherSurname,$dbTeacherUsername,$dbTeacherPassword, $dbActive);
while($stmt->fetch()) {
if ($teacherusername == $dbTeacherUsername && $teacherpassword == $dbTeacherPassword) {
if ($dbActive == 0) {
$loggedIn = false;
$active = false;
echo "You Must Activate Your Account from Email to Login";
}else {
$loggedIn = true;
$active = true;
$_SESSION['teacherid'] = $dbTeacherId;
$_SESSION['teacherusername'] = $dbTeacherUsername;
}
}
}
if ($loggedIn == true){
$_SESSION['teacherforename'] = $dbTeacherForename;
$_SESSION['teachersurname'] = $dbTeacherSurname;
header( 'Location: menu.php' ) ;
die();
}
if (!$loggedIn && $active && isset($_POST)) {
echo "<span style='color: red'>The Username or Password that you Entered is not Valid. Try Entering it Again</span>";
}
/* close statement */
$stmt->close();
/* close connection */
$mysqli->close();
}
?>
2. member.php(这个脚本包含$SESSION变量来确定哪个用户登录。这是一个非常重要的脚本,被包含(使用`include(member.php)能够确定用户是否已经登录) )
<?php
if (isset($_SESSION['teacherforename'])) {
$_SESSION['teacherforename'] = $_SESSION['teacherforename'];
}
if (isset($_SESSION['teachersurname'])) {
$_SESSION['teachersurname'] = $_SESSION['teachersurname'];
}
if (isset($_SESSION['teacherid'])) {
$userid = $_SESSION['teacherid'];
}
if (isset($_SESSION['teacherusername'])) {
$username = $_SESSION['teacherusername'];
}
?>
3teacherlogout.php (最后这是注销页面,当用户单击注销链接(目前仅显示在menu.php中)时,它将转到该页面,并显示一条消息并执行注销销毁会话)
<?php
ini_set('session.gc_maxlifetime',12*60*60);
ini_set('session.gc_divisor', '1');
ini_set('session.gc_probability', '1');
ini_set('session.cookie_lifetime', '0');
require_once 'init.php';
ini_set('display_errors',1);
error_reporting(E_ALL);
session_start();
?>
</head>
<?php
include('member.php');
?>
<body>
<?php
if ((isset($username)) && (isset($userid))){
session_destroy();
echo "You have been Logged Out | <a href='./home.php'>Home</a>";
}
else {
echo "You are Not Logged In";
}
?>
</body>
</html>