0

我在退出网站时遇到问题。但是,到目前为止,当我创建 logout.php 并包含 session_destroy(); 时,我已经登录了。它似乎不起作用。

这是我的每一页的代码。

索引.php:

<?php include ("login.php"); ?>

登录.php

   <?php
session_start();
$_SESSION['loggedin']['user']=$_POST['user'];
if(isset($_SESSION['loggedin'])){
    echo '<h2>Logged in</h2><p style="font-size:14px;">Welcome '.$_SESSION["user"].' you have sucessfully logged in.</p>';
}
else {
     echo '
       <h2>Login</h2>
       <form action="auth.php" method="POST">
       <div class="smallform">
                <p><span>Username:</span><br>
                <input type="text" name="user"></p>
                <p><span>Password:</span><br>
                <input type="password" name="pass"></p>
                <p style="padding-top: 15px"><input type="submit" value="Submit"></p>
        </div>
        </form>';
}
?>

认证.php:

   <?php
session_start();
$con = mysqli_connect("HOST", "USER", "PASS", "DBNAME");
$user = $_POST["user"];
$pass = $_POST["pass"];
$sql = "SELECT UserID FROM Customer 
        WHERE UserID = \"$user\"
        AND Password = md5(\"$pass\")";

$res = mysqli_query($con, $sql);
?>
<!DOCTYPE>
<html>

<head>
<title>VeloCity</title>
<link href="_stylesheet.css" rel="stylesheet" type="text/css" />
<?php echo '<meta http-equiv="refresh" content="1;URL=index.php" />'; ?>
</head>

<body>
<div align="center">
<?php 
if(mysqli_num_rows($res)==1){
    $_SESSION["user"] = $user;
    $_SESSION["loggedin"] = True;
    echo "You have sucessfully logged in";
}
else{
    echo "You have entered an incorrect password. Please try again";
}
?>
</div>
</body>
</html>

注销.php

<?php
session_start();
session_destroy();
?>

在 login.php 中添加的另一件事我有一个 if 语句,即:

if(isset($_SESSION['loggedin'])){
    echo '<h2>Logged in</h2><p style="font-size:14px;">Welcome '.$_SESSION["user"].' you have successfully logged in.</p>';
}

问题是您可以看到它应该显示欢迎“用户名”,最初它会显示,但现在它不会显示欢迎您已成功登录。

我要提前感谢大家的帮助。谢谢

4

2 回答 2

2

几点注意事项:

  1. 您的输入未经过消毒。
  2. 尽量不要使用mysql_*已弃用的函数。使用PDOmysqli_*代替。

在以下代码中使用此代码logout.php

<?php
    session_start();
    // Because you are checking if(isset($_SESSION['loggedin'])), use the below:
    unset($_SESSION['loggedin']);
    $_SESSION = array();
    session_destroy();
?>
于 2012-11-23T15:41:30.170 回答
1

问题是,在您定义的登录页面上$_SESSION['loggedin']

$_SESSION['loggedin']['user']=$_POST['user'];

删除它,否则,您的:

if(isset($_SESSION['loggedin']))

true即使用户未登录,也将始终评估并显示欢迎消息。

于 2012-11-23T15:41:39.103 回答