douchen7324
2016-10-02 16:10
浏览 62
已采纳

如何在php中设置登录和注销会话?

I have created session and destroying session in logout.php but if i entered in url(http://localhost/demo/home.php)it showing loggedin.It should be redirect on index.php or display page not found.

What i am achieving- I have login section and there is no issue in that.I am able to login with my credentials and page is redirecting on home.php successfully.From home.php i have logout link and i clicked on that page is redirecting on index.php but if i entered home.php showing loggedin.. Please help me in this.

index.php

session_start();

$username = $_POST['username'];
 $password = $_POST['password'];

$sel_user = "SELECT * FROM admin WHERE Username='$username' and Password='$password'";
$run_user = mysqli_query($conn, $sel_user);

$check_user = mysqli_num_rows($run_user);

if($check_user>0){

echo "<script>window.open('home.php','_self')</script>";
$_SESSION['user_email']=$username;

}

else {

$msg="Username and Password is incorrect.";


}

Home.php

<h2>Home page</h2>
<a href="logout.php">logout</a>

logout.php

       <?php
         session_start();
        if(session_destroy())
                {
                header("Location: index.php");
                }
                ?>

图片转代码服务由CSDN问答提供 功能建议

我在logout.php中创建了会话和销毁会话但是如果我输入了url( http://localhost/demo/home.php)它显示loggedin.It应该重定向到index.php或显示页面 找不到。

我正在实现的目标 - 我有登录部分,没有任何问题。我能够使用我的凭据登录,并且页面成功重定向到home.php.From home.php我有注销链接,我点击该页面重定向index.php,但如果我输入home.php显示登录.. 请帮助我。

index.php

  session_start(); 
 
 $ username = $ _POST ['username']; 
 $ password = $ _POST ['  password']; 
 
 $ sel_user =“SELECT * FROM admin WHERE Username ='$ username'和Password ='$ password'”; 
 $ run_user = mysqli_query($ conn,$ sel_user); 
 
  $ check_user = mysqli_num_rows($ run_user); 
 
if($ check_user&gt; 0){
 
echo“&lt; sc  ript&gt; window.open('home.php','_ self')&lt; / script&gt;“; 
 $ _SESSION ['user_email'] = $ username; 
 
} 
 
else {
 
  $ msg =“用户名和密码不正确。”; 
 
 
} 
   
 
 

Home.php

 &lt; h2&gt;主页&lt; / h2&gt; 
&lt; a href =“logout.php”&gt;退出&lt; / a&gt; 
   
  
 

logout.php

 &lt;?php 
 session_start(); 
 if(session_destroy())
 {  
标题(“位置:index.php”); 
} 
?&gt; 
   
 
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dongzhan9100 2016-10-02 16:34
    已采纳

    Your home.php should check if user is logged in or not. Just add if statement at the top.

    Something like:

    if (isset($_SESSION['user_email']) == FALSE){
         header("Location: index.php");
    } 
    

    also your logout.php just creates session and then checks if it's destroyed. For that you could just:

    unset($_SESSION['user_email']);
    

    and your home.php would just redirect, since this var is not declared anymore.

    已采纳该答案
    打赏 评论
  • dongya6997 2016-10-02 17:01

    In your home page

    if (!isset($_SESSION['user_email'])){ 
      header("Location: index.php");
    }
    

    In your logout page

    <?php 
    unset($_SESSION['user_email']);
    header("Location: index.php");
    ?>
    

    Also use mysqli_real_escape_string($conn, $variable) in your mysql request to avoid injection sql

    $sel_user = "SELECT * FROM admin WHERE Username='".mysqli_real_escape_string($conn, $username)."' and Password='".mysqli_real_escape_string($conn, $password)."'";
    

    And check the data received by your POST method before adding to the database.

    打赏 评论

相关推荐 更多相似问题