0

我的注销脚本有问题。我试图破坏会话或杀死 cookie,但它不会消失。

if (!isset($_SESSION['user_id'])) {
    if (isset($_POST['submit'])) {
        // Connect to the database
        $dbc = mysqli_connect(DBHOST, DBUSER, DBPASS, DBNAME);

        if ($dbc == null) {
            $error_msg = '<br/>EROARE: conexiunea la baza de date a esuat<br/>';
        }
        $error_msg = 'succes<br/>';

        // Grab the user-entered log-in data
        $user_username = mysqli_real_escape_string($dbc, trim($_POST['username']));
        $user_username = PREG_REPLACE("/[^0-9a-zA-Z.-@_]/i", '', $user_username);
        $user_password = mysqli_real_escape_string($dbc, trim($_POST['password']));
        $user_password = PREG_REPLACE("/[^0-9a-zA-Z]/i", '', $user_password);

        if (!empty($user_username) && !empty($user_password))
        {
            $query = "SELECT * FROM Admin WHERE username = '$user_username' AND password = SHA('$user_password')";
            $data = mysqli_query($dbc, $query);
            if (mysqli_num_rows($data) == 1) {
                // The log-in is OK so set the user ID and username session vars (and cookies), and redirect to the home page
                $row = mysqli_fetch_array($data);
                $_SESSION['admin_id'] = $row['id_client'];
                $_SESSION['admin'] = $row['username'];
                setcookie('id_admin', $row['id_admin'], time() + (60 * 60 * 24 * 2));    // expires in 30 days

                $home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/admin/index.php?admin='.$row['id_admin'].'&cat=index';
                header('Location: ' . $home_url);

                //==================LOGGING THE INFORMATION
                $fp = @fopen ($jurnal, "a");
                if ($fp == NULL) {
                    echo 'EROARE - nu a fost posibila deschiderea fisierului jurnal!';
                    exit();
                }
                //exclusive lock
                lock ($fp);
                //Writing information into the index_upload file
                $submitdate = date('l jS \of F Y h:i:s A');
                $utilizator = $_SESSION['username'];
                $adresa = $_SERVER['REMOTE_ADDR'];
                fwrite ($fp, "========================================\r\n");
                fwrite ($fp, "LOGIN OK\r\n");
                fwrite ($fp, "Utilizator: $utilizator\r\n");
                fwrite ($fp, "Conexiune de la adresa IP: $adresa\r\n");
                fwrite ($fp, "Data: $submitdate\r\n");
                fwrite ($fp, "\r\n");
                // Unlock the file, this is the same as flock($fp, LOCK_UN);
                unlock ($fp);
                @fclose ($fp);
                /////////////////////////////////////////////////////////////////////////////


            }
            else {

            }
        }
        else {
            // The username/password are incorrect so set an error message
            $error_msg = 'EROARE: pentru autentificare aveti nevoie de un nume de utilizator si o parola valide!';
        }
    }
    else {
        // The username/password weren't entered so set an error message
        $error_msg = 'EROARE: pentru a va putea autentifica in sistem, va rugam introduceti un nume de utilizator si o parola!';
    }
}

我试过这个:

<?
session_start();
session_unset();
session_destroy();

header("location:home.php");
exit();
?>

和这个:

<?php
    setcookie('id_admin', '', time()-60*60*24*2);
?>
4

1 回答 1

0

根据session_destroy()的 PHP 手册,以下代码应销毁 $_SESSION:

<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();
?>
于 2013-04-01T17:32:37.680 回答