[英]PHP Login and Logout not working
I searched the whole internet to find a solution, but couldn't find one. 我在整个互联网上搜索以找到解决方案,但找不到解决方案。 This is my problem: I made a site to login a user, create a session and the possibility to log out (of course).
这是我的问题:我创建了一个站点来登录用户,创建会话并注销(当然)。 However, when I log in a user, I create a session, but the session just keeps going on and doesn't stop when I try to destroy it.
但是,当我登录用户时,我创建了一个会话,但是该会话只是继续进行,并且在尝试销毁它时不会停止。
index.php index.php
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Home</title>
</head>
<body>
<!-- menu bar -->
<?php if (session_status() == PHP_SESSION_ACTIVE) { ?>
<div class="navbar">
<ul>
<li><a href="index.php">Home</a></li>
<li><a href="producten.php">Products</a></li>
<li><a href="FAQ.php">Contact</a></li>
<li style="cursor: pointer;" onclick="document.getElementById('logoutpop').style.display='block'"><a>My account</a></li>
<li style="cursor: pointer;"><a href="logout_action.php">Log out</a></li>
<ul style="float: right;">
<li ><a href="winkelmandje.php" >Shopping Bag</a></li>
</ul>
</ul>
</div>
<?php } elseif (session_status() == PHP_SESSION_NONE){ ?>
<div class="navbar">
<ul >
<li><a href="index.php">Home</a></li>
<li><a href="producten.php">Products</a></li>
<li><a href="FAQ.php">Contact</a></li>
<li style="cursor: pointer;" onclick="document.getElementById('loginpop').style.display='block'"><a>Log in</a></li>
<ul style="float: right;">
<li ><a href="winkelmandje.php" >Shopping bag</a></li>
</ul>
</ul>
</div>
<?php } else {}?>
// other irrelevant html code
</body>
</html
login_action.php login_action.php
<?php
session_start();
// server gegevens
$servername = "localhost";
$username = "user";
$password = "password";
$dbname = "db";
// Connect with server
$conn = new mysqli($servername, $username, $password, $dbname);
$email = "";
$password = "";
// Give connection error
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
else {
}
if(isset($_POST['submit'])) {
$email = $_POST['email'];
$password = $_POST['password'];
// check if filled in
if(!empty($_POST['email'])) {
// query in SQL
$query = ("SELECT * FROM WebsiteUsers WHERE email='$email' AND pass='$password' ");
// result
$result = $conn->query($query);
// check if result exists in database
if ($result->num_rows > 0)
{
while($row = $result->fetch_assoc())
{
}
// session variables
$_SESSION['loggedin'] = $email;
$_SESSION['message']="You are now logged in";
header('Location: index.php');
exit;
}
else
{
// show some error
}
}
}
$conn->close();
?>
logout_action.php logout_action.php
<?php
session_start();
session_destroy();
header("Location: index.php");
exit;
?>
You're using session_status()
to check if the user is logged in. But according to the docs http://php.net/manual/en/function.session-status.php PHP_SESSION_ACTIVE is true when a session is started. 您正在使用
session_status()
检查用户是否已登录。但是根据文档http://php.net/manual/en/function.session-status.php,PHP_SESSION_ACTIVE在会话启动时为true。 You create a session at the beginning of the home page using session_start()
even tho the user isn't logged in he's still starting a session. 您可以使用
session_start()
在主页的开头创建会话,即使用户尚未登录也仍在开始会话。 So you need to set a variable in the session itself stating if the user passed the login or not. 因此,您需要在会话本身中设置一个变量,说明用户是否通过了登录名。
Also: 也:
You're storing your passwords in plain text, don't do that use Bcrypt or a diferent algorithm 您将密码存储为纯文本格式,请勿使用Bcrypt或其他算法进行加密
Your code is vulnerable to SQL injection, learn about prepared statements and use them http://php.net/manual/en/mysqli.prepare.php don't under any circumstances use your current code in a production environment 您的代码容易受到SQL注入的攻击,了解准备好的语句并使用它们http://php.net/manual/en/mysqli.prepare.php在任何情况下都不要在生产环境中使用当前代码
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.