【发布时间】:2013-07-30 18:12:24
【问题描述】:
我正在制作一个登录系统,我刚刚开始使用它,但现在我在为我的网站制作注销功能时遇到了困难。它实际上还没有托管,所以安全性将在以后出现。我已经尝试过 session_destroy 和 unset 的各种用途,但我无法让它工作。任何帮助将不胜感激。
我的 PHP
<?php
session_start();
/*This is the equivalent of login.php*/
$database = "forum"; // the name of the database.
$server = "localhost"; // server to connect to.
$db_user = "root"; // mysql username to access the database with.
$db_pass = ""; // mysql password to access the database with.
$table = "members"; // the table that this script will set up and use.
$link = mysql_connect($server, $db_user, $db_pass);
mysql_select_db($database,$link);
if (isset($_POST['fsubmitted'])) {
// Get the data passed from the form
$username = $_POST['username'];
$pass = $_POST['pass'];
// Do some basic sanitizing
$username = stripslashes($username);
$pass = stripslashes($pass);
$encryptedpass = md5($pass);
$sql = "SELECT * from members where username = '$username' and password = '$encryptedpass'";
$result = mysql_query($sql);
$count = 0;
$count = mysql_num_rows($result);
if ($count == 1) {
$_SESSION['loggedIn'] = "true";
header("Location: index.php"); // This is wherever you want to redirect the user to
exit();
} else {
$_SESSION['loggedIn'] = "false";
echo '<div class="errormsgbox">Your username and password combo was incorrect!</div>';
var_dump($result);
echo $sql;
}
}
if ($_SESSION['loggedIn'] = "true") {
echo '<div class="success">You are now logged in!</div>';
}
if (isset($_SESSION['loggedin']) && (time() - $_SESSION['loggedin'] > 1800)) {
// last request was more than 30 minutes ago
session_unset(); // unset $_SESSION variable for the run-time
session_destroy(); // destroy session data in storage
}
$_SESSION['loggedin'] = time(); // update last activity time stamp
?>
【问题讨论】:
-
请注意,MYSQL_* 函数已折旧。您应该使用 MYSQLI 或 PDO。
-
安全应该一直存在而不是之后。
-
你在哪里开始会话?
-
第一个缺失且最重要的元素:
session_start();。我会让你看看下面的答案。 -
session_start() 应该在哪里;去吗?