我有这个 php 成员页面,它将显示来自 mysql 数据库的非常基本的信息。
我注意到的问题是,如果您退出并访问会员页面,即http://www.mywebsite.co.uk/member.php?id=17并从浏览器刷新页面,它会将您登录用户帐户。它在哪里和是谁并不重要。它只会将访问者登录到 ID 为 17 或 PAGE Refresh 上的任何其他 ID 的帐户!
这是我的 member.php 代码
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
?>
<?php
session_start(); // Must start session first thing
// See if they are a logged in member by checking Session data
$toplinks = "";
if (isset($_SESSION['id'])) {
// Put stored session variables into local php variable
$userid = $_SESSION['id'];
$username = $_SESSION['username'];
$toplinks = '<a href="member.php?id=' . $userid . '">' . $username . '</a> •
<a href="member.php">Account</a> •
<a href="logout.php">Log Out</a>';
} else {
$toplinks = '<a href="join_form.php">Register</a> • <a href="login.php">Login</a>';
}
?>
<?php
// Use the URL 'id' variable to set who we want to query info about
$id = preg_replace("[^0-9]", "", $_GET['id']); // filter everything but numbers for security
if ($id == "") {
echo "Missing Data to Run";
exit();
}
//Connect to the database through our include
include_once "config/connect.php";
// Query member data from the database and ready it for display
$sql = "SELECT * FROM members WHERE id='$id' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$count = mysqli_num_rows($query);
if ($count > 1) {
echo "There is no user with that id here.";
exit();
}
while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
$username = $row["username"];
$_SESSION['username'] = $username;
$userid = $row["id"];
$_SESSION['id'] = $userid;
// Convert the sign up date to be more readable by humans
$signupdate = strftime("%b %d, %Y", strtotime($row['signupdate']));
}
?>
任何人都可以发现发生这种情况的原因?
谢谢