我的问题可能看起来很简单,但我不知道我的代码有什么问题。我有一个非常简单的登录系统,如下所示:
登录.php:
<?php
session_start();
if ($_SESSION['loggedin'] = 1) {
header("Location: admin.php");
}
if ($_GET['login']) {
// Only load the code below if the GET
// variable 'login' is set. You will
// set this when you submit the form
if ($_POST['username'] == 'thenemis'
&& $_POST['password'] == 'slustice') {
// Load code below if both username
// and password submitted are correct
$_SESSION['loggedin'] = 1;
// Set session variable
header("Location: admin.php");
exit;
// Redirect to a protected page
} else echo "Wrong details";
// Otherwise, echo the error message
}
?>
<form action="?login=1" method="post" accept-charset="utf-8">
<fieldset>
<label for="username">Usermame:</label>
<input type="text" name="username" placeholder="username" required>
<label for="password">Password:</label>
<input type="password" name="password" placeholder="password" required>
<input type="submit" value="Login"> </td>
</fieldset>
</form>
这工作正常。
管理员.php:
<?php
session_start();
// Call this function so your page
// can access session variables
if ($_SESSION['loggedin'] != 1) {
// If the 'loggedin' session variable
// is not equal to 1, then you must
// not let the user see the page.
// So, we'll redirect them to the
// login page (login.php).
header("Location: login.php");
exit;
}
?>
<p><a href="logout.php">Log out</a></p>
现在我的问题是,即使我单击了注销 URL,系统也会让我保持登录状态,如下所示:
注销.php:
<?php
session_start();
session_destroy();
header("Location: login.php");
?>
我的注销程序显然存在一些基本错误,但我似乎找不到它......提前感谢您的帮助!