PHP使用类注销

I need some help on my log out. I try to show less code as possible to avoid long code.

What I'm trying to do is a webpage that allow user to log in and view some stuff. When the user done viewing the stuff, the user are able to log out. When logging out, it'll redirect the user to login page and update my database to clear up all the data such as session_id etc.

But the problem is, whenever the user click the log out button, it'll redirect the user to the login page, but not updating the query which is in the logout function. I'm trying to logs the user out by clearing all the session and data in the database such as session_id, last_log, etc.

Is there any way to make the log out button works?

In my protect class

class protect
{
    var $username = "";
    var $password = "";
    var $id = "";
    var $isAdmin = -1;
    var $sess_id = "";
    var $action = "";
    var $query = "";
    var $ip_address = "";
    var $otp = "";

    function __construct()
    {
         try
         {
            session_start();
            $db = new DB("XXUser","password",DB_NAME);
            $db->connect();

            $this->check_login($db);
            if(!isset($_SESSION['loggedin']) || $_SESSION['loggedin']!=1)
            {
                $this->logout($db);
            }

            else
            {
                if($this->action == "logout")
                {
                   $this->logout($db);
                }

                $this->check_session($db);
            }
         }

         catch
         {
              $this->logout($db);
              exit();
         }
    }

    function post_value()
    {
        if (!empty($_POST))
        {
            foreach ($_POST as $key => $value)
            {
                $this->$key=$value;
            }
        } 
    }

    function get_value()
    {   
        if(isset($_GET['action']))
        {
            $this->action=$_GET['action'];
        }
    }

    function insert_session($db)
    {
        $sql = "UPDATE myuser SET lastLog = now(), active = 'Y', last_active     
        = now(), last_access = now(), ip_addr = '".$this->ip_address."',  
        session_ID = '".trim($this->sess_id)."', fail_login_count = 0, 
        last_fail_login_time ='1900-01-01 00:00:00', otp = 
        '".$_SESSION['otp']."'  WHERE ID = '".$_SESSION['id']."'";

        $db->query($sql);
    }

    function check_session($db)
    {       
        if(isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == 1)
        {
            $sql2 = "SELECT * FROM myuser WHERE ID = '".$_SESSION['id']."'     
            AND otp = '".$_SESSION['otp']."'";

            $db->query($sql2);
            $db->fetchRow();

            if($db->resultCount() == 0)
            {
                echo "<script type=\"text/javascript\">
                    alert(\"Access Denied\");
                </script>";

                session_destroy();
                $db->disconnect();
                header("Location: login2.php");
                exit();

            }

            else
            {
                $this->check_time($db);
                $this->refresh_session();
            }
        }
    }

    function refresh_session()
    {
        //Regenerate id
        session_regenerate_id();

        //Regenerate otp
        $_SESSION['otp'] = trim(md5(time() .$_SESSION['id']));
    }

    function check_time($db)
    {
        $sql3 = "SELECT * FROM myuser WHERE ID = '".$_SESSION['id']."' AND 
        otp = '".$_SESSION['otp']."' AND last_active > DATE_SUB(NOW(), 
        INTERVAL 10 MINUTE)";

        $db->query($sql3);

        if($db->resultCount($db) == 0)
        {
            $this->logout($db);
        }

        else
        {
            $sql2 = "UPDATE myuser SET last_active = now() WHERE ID = 
            '".$_SESSION['id']."' AND otp = '".$_SESSION['otp']."'";

            $db->query($sql2);
        }
    }

    function check_login($db)
    {
        if(!isset($_SESSION['loggedin']) || $_SESSION['loggedin']!=1)
        {
            $this->username = sanitize($_POST['username']);
            $this->password = $_POST['password'];

            $sql = "SELECT * FROM myuser WHERE userName = '".$this-
            >username."' AND userPass = '".$this->password."'";

            $db->query($sql);

            if($db->resultCount() == 0)
            {
                echo "<script type=\"text/javascript\">
                    alert(\"Wrong Username or Password\");
                </script>";

                $db->disconnect();
                $db->clear();
            }

            else
            {
                $db->fetchRow();

                //Correct username but wrong password.
                if($db->record['userName'] == $this->username)
                {
                    if($db->record['userPass'] != $this->password)
                    {
                        echo "<script type=\"text/javascript\">
                            alert(\"Wrong Username or Password\");
                        </script>";
                        $sql3 = "UPDATE myuser SET ip_addr='".$this-
                        >ip_address."',fail_login_count=(fail_login_count+1) 
                        WHERE userName='".$this->username."'";

                        mysql_query($sql3) or die(mysql_error());
                    }

                    else
                    {
                        $this->id = $db->record['ID'];
                        $sql4 = "SELECT * FROM subordinate_reporting WHERE     
                        myuser_uid = '".$this->id."'";

                        $db->query($sql4);

                        if($db->record['active'] == 'Y')
                        {
                            session_destroy();
                            $db->disconnect();
                            header("Location: login2.php");
                            exit();
                        }

                        else if($db->resultCount() == 0)
                        {
                            echo "<script type=\"text/javascript\">
                                alert(\"".$db->record['real_name'].", You     
                                are not authorized to access this page\");
                            </script>";
                            $db->clear();
                        }

                        else
                        {
                            echo "<script type=\"text/javascript\">
                                alert(\"Welcome ".$db-
                                >record['real_name'].". Your last access was     
                                on ".$db->record['last_access']."\");
                            </script>";

                            $this->session($db);
                        }
                    }
                }
            }
        }
    }

    //This function haven't use
    function check_attempt($db)
    {
        $db->query("SELECT fail_login_count, last_fail_login_time FROM 
        myuser WHERE userName = ".$this->username."");
        $db->fetchRow();

        if($db->record['fail_login_count'] >= 3)
        {
            $db->query("UPDATE myuser SET blocked = 'Y', 
            last_fail_login_time = now()");

            echo "<script type=\"text/javascript\">
                alert(\"Your account has been blocked for 10 minutes due to     
                failed login attempts of 3 times\");
            </script>";
        }

        if($db->record['blocked'] === 'Y')
        {
            if(($db->record['last_fail_login_time'] - time()) > 10)
            {
                $db->clear();
                $db->query("UPDATE myuser SET last_fail_login_time = '1900-    
                01-01 00:00:00', fail_login_count = 0, blocked = 'N'");
            }

            else
            {
                $db->clear();
                echo "<script type=\"text/javascript\">
                    alert(\"Please try again later\");
                </script>";
            }
        }
    }

    function logout($db)
    {
            $sql = "UPDATE myuser SET session_ID = '', otp = '', active = 
            'N', last_active = '1900-01-01 00:00:00', lastLog = '1900-01-01         
            00:00:00' WHERE ID = ".$_SESSION['id']." AND 
            otp='".$_SESSION['otp']."'";

            $db->query($sql);
            echo $sql;
            unset ($_SESSION['otp']);
            unset ($_SESSION['loggedin']);
            unset ($_SESSION['id']);
            session_unset();
            session_destroy();
            $db->clear();
            $db->disconnect();
            header("Location: login2.php");
            exit();
    }

    function session($db)
    {
        $_SESSION['loggedin'] = 1;
        $_SESSION['id'] = $this->id;
        $_SESSION['otp'] = trim(md5(time() .$_SESSION['id']));
        $this->ip_address = $this->get_ip();
        $this->sess_id = session_id();
        $_SESSION['timeout'] = time();
        $this->insert_session($db);
    }

    function logout_btn()
    {
            echo "<form name='logoutbtn' method='post' action=''>";
            echo "
&nbsp;<input type='hidden' name='action' value='logout'                 
            />";
            echo "<input type='submit' id='button' value='Log Out' />";
            echo "
</form>";
    }

    function get_ip()
    {
        if(getenv('HTTP_CLIENT_IP'))
        {
            $ip = getenv('HTTP_CLIENT_IP');
        }

        else if(getenv('HTTP_X_FORWARDED_FOR'))
        {
            $ip = getenv('HTTP_X_FORWARDED_FOR');
        }
        else
        {                                     
            $ip = getenv('REMOTE_ADDR');
        }

        return $ip;                                         
    }
}

In my normal html file

<?php
try
{
    $prot = new protect();

    if(!isset($_SESSION['loggedin']) || $_SESSION['loggedin']!=1)
    {
        echo "<script type=\"text/javascript\">
            alert("Access Denied");
        </script>";
    }
}

catch (Exception $e)
{
    $e->getMessage();
}
?>

<!DOCTYPE html>
<html>
</html>
<head>
</head>
<body>
$ved = new view_exit_docket($db, $_SESSION['id']);
$ved->check_app_uid($db);
$ved->display_table($db);
$prot->logout_btn();
</body>
</html>

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
doushi9729 2017-04-23 02:49
关注
If the log out button was not working, then surely you would not have been redirected - this implies that failures are occurring elsewhere.

I will assume that some of the stuff you have edited out of your code is critical to its operation (other wise it would not behave as you describe).

it'll redirect the user to the login page, but not updating the query

From the code you've shown us, the only route to the redirection is through executing the query. If the data was not changed, then the query failed.

1) You didn't tell us anything about the DB class.

2) You don't check the return value from $DB->query() nor poll the state of the operation from $DB after executing the query. If you had, you might have got an error message explaining the problem.

3) You didn't show us the SQL you are running (the most likely place where the fault lies).

4) You have not said what happened to the session data

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

登录PHP后出现注销按钮 php
2017-05-10 10:48

回答 2 已采纳 Make your code structure like: --------------- Logic for login --------------- ------------ Menu
链接html中的注销按钮以注销php php
2017-12-23 14:26

回答 4 已采纳 this will work you can call the php file using the bellow code as far as my knowledge you can cal
PHP会话超时/注销 php
2015-11-17 00:53

回答 3 已采纳 When you exit your browser, it will clear all SESSIONS. That is why you always have to relogin eve
php注销代码(session注销)
2020-10-28 01:27

为了安全管理员不想使用后台后，最好是注销下，其实就是销毁session
决定在PHP中注销 php redis
2014-02-20 17:59

回答 4 已采纳 Use session_destroy() if you are using it as a logout link, it will get rid of all session data wi
作为不活动注销php php
2016-01-31 23:19

回答 1 已采纳 You could add a last activity session timestamp and compare that to the time now. You just need to
注销链接不起作用PHP html php
2014-10-26 03:31

回答 2 已采纳 You made a typo mistake: <? php --> <?php
PHP中SESSION的注销与清除
2020-10-24 09:06

本文给大家分享的是PHP中SESSION的注销与清除的方法和示例，非常的实用，有需要的小伙伴可以参考下。
如何在我的PHP中实现注销按钮？ html php
2017-06-18 07:16

回答 3 已采纳 Create a logout.php and destroy the session there <?php session_start(); session_destroy(); ec
PHP操作注销替代URL修复 php
2014-01-14 06:01

回答 2 已采纳 In logout page you just add this redirect at the end of code header("Location:http://www.example.
无法注销mysql和php mysql php
2013-06-20 23:38

回答 1 已采纳 You are using http authentication Cookies and Sessions does not have any influence on http authen
php session 检测和注销
2020-10-30 01:32

php下session比较常用的方法
PHP注销和更新数据库 mysql php
2016-03-04 15:52

回答 1 已采纳 What is the best way to approach this? Presumably I update the lastLogin column on logout? Yo
使用PHP制作会员管理系统
2023-05-31 13:44

使用PHP制作会员管理系统 ...本案例主要使用PHP制作会员管理系统，通过PHP对MySQL数据库中数据的增加、删除、修改、查询操作来实现添加会员、会员卡挂失、注销、自动积分以及会员卡自动升级的功能。
PHP登录Cookie保持登录注销登录全套源码
2021-07-05 22:48

PHP登录
没有解决我的问题, 去提问

悬赏问题

¥60 求一个简单的网页(标签-安全|关键词-上传)
¥35 lstm时间序列共享单车预测，loss值优化，参数优化算法
¥15 基于卷积神经网络的声纹识别
¥15 Python中的request，如何使用ssr节点，通过代理requests网页。本人在泰国，需要用大陆ip才能玩网页游戏，合法合规。
¥100 为什么这个恒流源电路不能恒流？
¥15 有偿求跨组件数据流路径图
¥15 写一个方法checkPerson，入参实体类Person，出参布尔值
¥15 我想咨询一下路面纹理三维点云数据处理的一些问题，上传的坐标文件里是怎么对无序点进行编号的，以及xy坐标在处理的时候是进行整体模型分片处理的吗
¥15 CSAPPattacklab
¥15 一直显示正在等待HID—ISP

PHP使用类注销

1条回答 默认 最新

悬赏问题

1条回答默认最新