0

我正在开发一个网站,但我的登录系统有问题。考虑两个用户,user1 和 user2。如果 user1 可以访问他的帐户,并且在同一个浏览器中,如果 user2 可以访问他的帐户,则 user1 必须从他的会话中注销,但这在我的系统中不会发生,此外,系统认为 user1 是 user2,因为 user2已连接。这是登录页面和身份验证的以下代码:

登录代码

<html>
<body>
<div class="wrap">
<div id="content">
   <div id="main">
     <div class="full_w">
    <form action="login_oficial.php" method="post" autocomplete="off">
       <label for="login">Usuario:</label>
         <input id="login" name="login" class="text" />
       <label for="pass">Contraseña:</label>
         <input id="pass" name="pass" type="password" class="text" />
       <input type="submit" class="ok" name="acceso_cuenta" value="Acceder"></button>
    </form>
      </div>
     </div>
    </div>
   </div>
  </body>
 </html>

验证码(login_oficial.php)

<?php
session_start();
require('incluye.php');
$usuario = $_POST['login'];

$_SESSION['user']=$usuario; 
$error = '';
$form = $_POST['acceso_cuenta'];
$password = $_POST['pass'];

    $query1 = "SELECT user FROM data1 WHERE user='$usuario' and passwort='$password'"; 

$result=pg_query($conn,$query1);

if( isset($form) ) {

if( isset($usuario) && isset($password) && $usuario !== '' && $password !== '' ) {

if(pg_num_rows($result) != 0 ) { //success

   $_SESSION['logged-in'] = true;

   header('location: http://localhost/public_html/website/normal_user.php');   
   exit;    

}else { $error = "Your information is wrong."; }

} else { $error = 'Please, do not leave blank spaces.';}
   }
 ?>
<html>
<body>
<div class="wrap">
<div id="content">
  <div id="main">
    <div class="full_w">
      <form action="<?php $PHP_SELF; ?>" method="post">
    <label for="login">Usuario:</label>
       <input id="login" name="login" class="text" autocomplete="off" />
         <label for="pass">Contraseña:</label>
           <input id="pass" name="pass" type="password" class="text" />
          <div class="sep"></div>
           <input type="submit" class="ok" name="acceso_cuenta" value="Acceder"></button>              
    </form>
       </div><!--END OF FULL-->
     <?php  echo "<br /><span style=\"color:red\">$error</span>";?>
        </div><!--END OF MAIN-->
   </div><!--END OF CONTENT-->
      </div><!--END OF WRAP-->
     </body>
    </html>

incluye.php 的代码

<?
if($_POST['acceso_cuenta']){
 $strconn="dbname=postgres port=5432 host=127.0.0.1 user=xxxxxx password=*****";
 $conn=pg_Connect($strconn);
  }
if(!$conn){
 // echo "Error connection!!!";
}else{
  //echo "Connection succesful!!!"; 
}
  ?>

用户页面

  <?php
  session_start();
  require('incluye.php');
// is the one accessing this page logged in or not?
  if ( !isset($_SESSION['logged-in']) || $_SESSION['logged-in'] !== true) {
// not logged in, move to login page
session_destroy();
header('Location: login_oficial.php');
exit;}
 ?>

<html lang="en">   
<body class=""> 
<div class="navbar">
    <div class="navbar-inner">
            <ul class="nav pull-right">  
                <li id="fat-menu" class="dropdown">
                 <li ><a href="logout.php">Logout</a></li> 
                        <i class="icon-user"></i> <?  echo "Welcome user  {$_SESSION['user']} " ; ?>
                    </a>
                </li>   
            </ul>
 </div>
 </body>
 </html>

注销.php

session_start();

// if the user is logged in, unset the session

if (isset($_SESSION['logged-in'])) {

unset($_SESSION['logged-in']);

}

// now that the user is logged out,

// go to login page

header('Location: login.html');

?>

欢迎所有建议,并随时提出您认为合适的任何其他建议。干杯。

4

1 回答 1

1

在 login_oficial.php 你设置这些会话

$_SESSION['user']=$usuario; 
$_SESSION['logged-in'] = true;

但是在 logout.php 中,您只取消了登录会话。试试这个代码,它应该重置所有会话。

session_start();
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
session_regenerate_id(true);

顺便说一句,我认为您不应该$_SESSION['user']在检查用户是否存在于数据库中之前进行设置。

于 2013-07-24T06:34:03.600 回答