douyou3619 2015-06-26 00:41
浏览 41
已采纳

会话变量,类和后退按钮

Hi everyone I've done research and i can't seem to figure out what my code is doing. I know that session variables should change unless changing them or removing them. I don't think the issue is specific to the browsers back button either because the variable in question doesn't seem to work when accessing another page forward it just works on the home into another page but when i access another page it doesn't seem to work.

I am building a custom CMS ( has to be ccustom, i already pondered all the other options) Im basically doing a Access control script. First i tried it by storing the user role or user type in the session as a variable but it wouldn't work when pressing back or going a third page in. The variable is used to show menu links depending on the user type.

this is how i check for my session 

$now=time();
if (!isset($_SESSION)) {
  session_start();
}
if (!isset($_SESSION['session_user_name']) || $now - $_SESSION['session_start']>60*60){
    header('Location:login.php'); 
    exit;
}else{
    //$user_name        = $_SESSION['session_user_name'];
    //$user_type        = $_SESSION['session_user_type'];   
}

require(CMS_ROOT.'/classes/acl.php');
$user_role  = new ACL();
$user_type  = $user_role->userRole;

this is my ACL class

class ACL
{

    var $userID = 0;            //Integer : Stores the ID of the current user
    var $userRole = '';    //String : Stores the roles of the current user

    function __constructor($userID = '')
    {
        if ($userID != '')
        {
            $this->userID = floatval($userID);
        } else {
            $this->userID = floatval($_SESSION['session_user_id']);
        }
        $this->userRole = $this->getUserRole();
    }
    function ACL($userID='')
    {
        $this->__constructor($userID);
    }
    function getUserRole()
    {
        global $table_prefix;
        $user_id = $this->userID;
        $strSQL = "SELECT user_type FROM ${table_prefix}users WHERE user_id = $user_id" ;
        $data = mysql_query($strSQL) or die(mysql_error());
        $resp = 'null';
        $row = mysql_fetch_assoc($data);
        $resp = $row['user_type'];

        return $resp;
    }
}

and this is the menu

<nav>
<ul>

      <?php echo $user_type; if($user_type == 'administrator' || $user_type == 'manager'){?>
      <li><a href="<?php echo $cms_path; ?>/index.php">Home</a></li>
      <? } ?>
      <?php if($user_type =='administrator' || $user_type == 'manager'){?>
      <li><a href="<?php echo $cms_path; ?>/users/user_view.php" >Users</a></li>
      <? } ?>
      <?php if($user_type == 'administrator' || $user_type == 'manager'){?>
      <li><a href="<?php echo $cms_path; ?>/clients/client_view.php" >Clients</a></li>
      <? } ?>
      <li><a href="<?php echo $cms_path; ?>/albums/album_view.php" >Albums</a></li>
      <li><a href="<?php echo $cms_path; ?>/logout.php">logout</a></li>
    </ul>
</nav>

I hope someone can help or steer me in the right direction.

  • 写回答

2条回答 默认 最新

  • doujian1954 2015-06-26 15:06
    关注

    Ok there are a few things i found out during this process.

    1) most important think about security, if you are not a full on PHP security expert think about finding someone that is. I and my employer will have to do this at some point.

    2) think about caching. The back button loads a cache version of the page so some dynamic elements get lost in the process.

    for this make sure to use this code on, at least, your dynamic pages.

    <?php // These headers tell the browser to not load anything from cache at all
// and force the browser to make a server request even on a Back click
// Allowing us to verify the token
header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header ("Cache-Control: no-cache, must-revalidate");  // HTTP/1.1
header ("Pragma: no-cache");
?>

    3) make sure you start session before you do anything else that will use the session.

    4) look into PHP.ini variable settings specifically the ones related to sessions such as session.cache_limiter and session.gc_maxlifetimeyou can use ini_get() to retrieve values from PHP.ini variables and ini_set() to set said variables which is very usefull for almost anything PHP.ini related

    thanks to everyone that responded every answer was helpful.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 Python3.5 相关代码写作
  • ¥20 测距传感器数据手册i2c
  • ¥15 RPA正常跑,cmd输入cookies跑不出来
  • ¥15 求帮我调试一下freefem代码
  • ¥15 matlab代码解决,怎么运行
  • ¥15 R语言Rstudio突然无法启动
  • ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
  • ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)