1

我正在制作一个登录系统,我刚刚让它工作,现在我在为我的网站制作注销功能时遇到了困难。它实际上还没有托管,所以安全性将在以后出现。我尝试了 session_destroy 和 unset 的各种用法,但我无法让它工作。任何帮助,将不胜感激。

我的 PHP

<?php
session_start();
/*This is the equivalent of login.php*/
$database = "forum";  // the name of the database.
$server = "localhost";  // server to connect to.
$db_user = "root";  // mysql username to access the database with.
$db_pass = "";  // mysql password to access the database with.
$table = "members";    // the table that this script will set up and use.
$link = mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database,$link);

if (isset($_POST['fsubmitted'])) {
// Get the data passed from the form
$username = $_POST['username'];
$pass = $_POST['pass'];

// Do some basic sanitizing
$username = stripslashes($username);
$pass = stripslashes($pass);
$encryptedpass = md5($pass);

$sql = "SELECT * from members where username = '$username' and password = '$encryptedpass'";
$result = mysql_query($sql);


$count = 0;

$count = mysql_num_rows($result);

if ($count == 1) {
     $_SESSION['loggedIn'] = "true";
    header("Location: index.php"); // This is wherever you want to redirect the user to
    exit();

} else {
     $_SESSION['loggedIn'] = "false";
     echo '<div class="errormsgbox">Your username and password combo was incorrect!</div>';
     var_dump($result);
    echo $sql;
}
}

if ($_SESSION['loggedIn'] = "true") {
    echo '<div class="success">You are now logged in!</div>';
}

if (isset($_SESSION['loggedin']) && (time() - $_SESSION['loggedin'] > 1800)) {
    // last request was more than 30 minutes ago
    session_unset();     // unset $_SESSION variable for the run-time 
    session_destroy();   // destroy session data in storage
}
$_SESSION['loggedin'] = time(); // update last activity time stamp

?>
4

4 回答 4

3

利用:

session_start();

使用以下任一项:

session_destroy();
session_unset();
unset($_SESSION["loggedin"]);
$_SESSION = array();
于 2013-07-30T15:01:27.367 回答
2

我可以在您的代码中看到两个错误:

  • 您尚未开始会话
  • 您还没有告诉代码要取消/销毁哪个会话

开始会话:

将此作为 PHP 代码的第一行:session_start();

注销

让我们仔细看看这段代码:

if (isset($_SESSION['loggedin']) && (time() - $_SESSION['loggedin'] > 1800)) {
    // last request was more than 30 minutes ago
    session_unset();     // unset $_SESSION variable for the run-time 
    session_destroy();   // destroy session data in storage
}

您还没有告诉代码哪个会话unsetdestroy

为此,您必须在括号内包含一个会话变量。

试试这个代码:

if (isset($_SESSION['loggedin']) && (time() - $_SESSION['loggedin'] > 1800)) {
// last request was more than 30 minutes ago
session_unset($_SESSION['loggedin']);     // unset $_SESSION variable for the run-time 
session_destroy($_SESSION['loggedin']);   // destroy session data in storage
}

我所做的只是告诉代码哪个会话unsetdestroy

更新
如果这对您不太有效,请尝试使用此方法。

if (isset($_SESSION['loggedin']) && (time() - $_SESSION['loggedin'] > 1800)) {
// last request was more than 30 minutes ago
unset($_SESSION['loggedin']);     // unset $_SESSION variable for the run-time 
$_SESSION['loggedin'] = "false";
}

另一个值得一看的好东西是有一个注销按钮。这在这里解释:注销按钮php

我希望这对您有所帮助,如果我能提供进一步的帮助,请告诉我!

于 2013-07-30T14:29:24.763 回答
0

在您的脚本中注销某人,只需:

session_start();
unset($_SESSION);
session_destroy();

您还应该session_start()在上面显示的 login.php 中的某个时间点调用。

于 2013-07-30T14:28:13.743 回答
0

我会尝试使用这个功能:

function logout(){
    if(session_id() == '') { // start session if none found
        session_start();
    }

    session_unset();         
    session_destroy();
    unset($_SESSION['loggedIn']);
}

使用这个函数你需要做的就是调用 logout(); 您希望该人在哪里注销。

于 2013-07-30T14:30:14.323 回答