[英]How to Disable Browser Back Button functionality after click on Logout Button in PHP
我在瀏覽器后退按鈕上遇到了麻煩。 當用戶按下注銷時,它必須銷毀會話和cookie。 我寫了以下代碼:
index.php
<!DOCTYPE html>
<html lang="en">
<head>
<script type="text/javascript">
function disablebackbutton(){
window.history.forward();
}
disablebackbutton();
</script>
</head>
<body>
<form name="loginform" method="post" action="<?php echo __PROJECT_LINK__; ?>/php/login_exec.php">
<div class="modal-body">
<div class="form-horizontal">
<div class="form-group">
<label class="control-label">
<?php
if( isset($_SESSION['ERRMsg_ARR']) && is_array($_SESSION['ERRMsg_ARR']) && count($_SESSION['ERRMsg_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMsg_ARR'] as $msg) {
echo '<span class="label label-warning" style="margin-left: 5px;">',$msg,'</span>';
}
echo '</ul>';
unset($_SESSION['ERRMsg_ARR']);
}
?>
</label>
</div>
<div class="subnav subnav-fixed nav navbar" style="margin-top: 10px; margin-right: 10px; margin-left: 10px;">
<ul class="nav nav-pills">
<li style="margin-top: 10px;">
<span class="label label-default" style="margin-left: 22px;">Username</span>
<input type="text" id="inputUserName" name="username" placeholder="Username" style="margin-left: 5px;">
</li>
<li style="margin-top: 10px;">
<span class="label label-default" style="margin-left: 22px;">Password</span>
<input type="password" id="inputPassword" name="password" placeholder="Password" style="margin-left: 5px;">
</li>
<li style="margin-top: 10px; margin-bottom: 10px;">
</li>
</ul>
</div>
</div>
</div>
<div class="modal-footer">
<!--?php $this->btnLogLogin->Render();?-->
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
<button type="submit" class="btn btn-primary">Sign In</button>
</div>
</form>
</body>
</html>
login_exec.php
<?php
//Start session
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
//Include database connection details
require_once('connection.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
if(isset($_POST['username']))
{
//Sanitize the POST values
$username = ($_POST['username']);
$password = ($_POST['password']);
//Input Validations
if($username == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag==true) {
$_SESSION['ERRMsg_ARR'] = $errmsg_arr;
session_write_close();
header("location:../index.php");
exit();
}
//Create query
$qry="SELECT * FROM admin WHERE user_name='$username' AND password='$password'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result)) {
while($row = mysql_fetch_array($result))
{
if($row['User_Status']=="Active"){
$expire=time()+60*60*24*30; //1month
setcookie("User_id", $row['User_id'], $expire);
$name = $row['full_name'];
$parts = explode(" ", $name);
$lastname = array_pop($parts);
$firstname = implode(" ", $parts);
$_SESSION['USER'] = $firstname;
$_SESSION['UID'] = $row['User_id'];
$_SESSION['URights'] = $row['Rights'];
header("location:../welcome.php");
}
else{
$errmsg_arr[] = 'User Status is Block. Please contact your Administrator.';
$errflag = true;
if($errflag) {
$_SESSION['ERRMsg_ARR'] = $errmsg_arr;
session_write_close();
header("location: ../index.php");
exit();
}
}
}
}
else {
//Login failed
$errmsg_arr[] = 'Username and Password not found';
$errflag = true;
if($errflag) {
$_SESSION['ERRMsg_ARR'] = $errmsg_arr;
session_write_close();
header("location: ../index.php");
exit();
}
}
}else {
die("Query failed");
}
}
?>
welcome.php
<?php include 'qcubed.inc.php'; ?>
<?php
$User_Name = $_SESSION['USER'];
?>
<html>
<head>
<title>Welcome</title>
</head>
<body>
<h1>Welcome <?php echo $User_Name; ?></h1>
<h2><a href = "<?php echo __PROJECT_LINK__; ?>/Info.php">Info</a></h2>
<h2><a href = "<?php echo __PROJECT_LINK__; ?>/php/logout.php">Sign Out</a></h2>
</body>
</html>
Info.php
<?php include '../../qcubed.inc.php';?>
<!DOCTYPE html>
<html lang="en">
<head>
<title><?php echo __PROJECT_TITLE__; ?> - Full Info</title>
<script type="text/javascript">
function disablebackbutton(){
window.history.forward();
}
disablebackbutton();
</script>
</head>
<?php
if(isset($_SESSION['UID']) && $_SESSION['UID'] != "")
{
//Task to do
$User_Name = $_SESSION['USER'];
?>
<body>
<h1>Info about <?php echo $User_Name; ?></h1>
<h2><a href = "<?php echo __PROJECT_LINK__; ?>/php/logout.php">Sign Out</a></h2>
</body>
<?php
}
else{
//redirect URL
?>
<script>
alert('You must Login first.');
window.location.href='../../index.php';
</script>";
<?php
exit();
}
?>
</html>
logout.php
<?php
//session_write_close();
session_start(); # NOTE THE SESSION START
$expire=time()-60*60*24*30; //1month
if(isset($_COOKIE['User_id'])):
setcookie('User_id', '', $expire, '/');
endif;
unset($_SESSION['UID']);
unset($_SESSION['USER']);
unset($_SESSION['URights']);
unset($_SESSION['UReg']);
$_SESSION = array();
foreach(array_keys($_SESSION) as $k) unset($_SESSION[$k]);
session_unset();
session_destroy();
header("location: ../index.php");
exit(); # NOTE THE EXIT
?>
從Info.php注銷后,當我按瀏覽器后退按鈕時,它將在Info.php頁面中顯示我以前的已登錄用戶頁面和會話用戶名,但是如果我在每個頁面的開頭使用以下javascript,則會禁用所有登錄時也單擊瀏覽器后退按鈕。
<script type="text/javascript">
function disablebackbutton(){
window.history.forward();
}
disablebackbutton();
</script>
我只想在注銷后禁用瀏覽器后退按鈕。 請幫我。
那以前成了我的問題。 就我而言,我沒有禁用后退按鈕。 我所做的是在用戶注銷時檢查會話。 如果沒有檢測到會話,則將用戶重定向到登錄頁面或您要重定向到的頁面..如果檢測到會話,則將其重定向到首頁
在login_exec.php中使用此代碼
if($errflag==true) {
$_SESSION['ERRMsg_ARR'] = $errmsg_arr;
session_write_close();
header("location:../index.php");
exit();
}
//Create query
$qry="SELECT * FROM admin WHERE user_name='$username' AND password='$password'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result)) {
while($row = mysql_fetch_array($result))
{
if($row['User_Status']=="Active"){
$expire=time()+60*60*24*30; //1month
setcookie("User_id", $row['User_id'], $expire);
$name = $row['full_name'];
$parts = explode(" ", $name);
$lastname = array_pop($parts);
$firstname = implode(" ", $parts);
$_SESSION['USER'] = $firstname;
$_SESSION['UID'] = $row['User_id'];
$_SESSION['login']=true; //ADD THIS CODE IN login_exec.php
$_SESSION['URights'] = $row['Rights'];
header("location:../welcome.php");
}
else{
$errmsg_arr[] = 'User Status is Block. Please contact your Administrator.';
$errflag = true;
if($errflag) {
$_SESSION['ERRMsg_ARR'] = $errmsg_arr;
session_write_close();
header("location: ../index.php");
exit();
}
}
}
}
現在將代碼添加到info.php的頂部
session_start();
$user=$_SESSION['USER'];
if($_session['login']=true && $_session['user']= $user)
{
code of info.php
}
else
{
header(location:index.php);
}
logout.php
<?php
session_start();
unset($_SESSION['USER']);
session_destroy();
header("Location:index.php");
?>
您可以禁用代碼而不是禁用“后退”按鈕,而是可以向每個頁面添加代碼以查看用戶是否已登錄。 如果未登錄,請重定向到登錄頁面。
您可以創建一個基本類來為您處理此問題,而只需在每個頁面上創建一個即可。
class sessionHandler
{
function __construct($special = NULL)
{
session_set_cookie_params(60 * 60 * 24 * 365); // 1 year
session_start();
// if no user num (empty session) AND this isn't the login page
if (!isset($_SESSION['userID']) && $special != 'LOGIN') {
//send to login page
header("location: login.php");
}
if ($special == 'LOGOUT') {
// This is the logout page, clear the session and
// send the user to the afterLogout page
session_destroy(); // clear session files on server
$_SESSION = Array(); // clear session variable for this session
unset($_SESSION);
// send to login page
header("location: login.php");
}
if ($special == 'LOGIN') {
// This is the login page, see if user is already logged in
// if so, just send them to the afterLogin page
// if not, validate their credentials, and store the USERID
// in the $_SESSION var
if ($this->getUserPermissions($_SESSION['userID'])) {
// send to any page you want
header("location: dashboard.php");
}
}
}
}
現在,在所有頁面上,將$session = new sessionHandler();
在頂部(在編寫其他任何內容之前。
對於登錄和注銷頁面,您需要輸入: $session = new sessionHandler('LOGIN');
$session = new sessionHandler('LOGOUT');
還沒有准備好復制和粘貼,但是希望可以為您指明正確的方向。 :-)
只需在用戶登錄后才能訪問的所有頁面上添加條件:
if(!isset($_SESSION['UID']) || $_SESSION['UID'] == ''){
// redirect to index or login page
}
最后我解決了我的問題.. :-)我在下面使用以下代碼
logout.php
<html>
<head>
<script type = "text/javascript" >
window.history.forward();
function preventBack() { window.history.forward(1); }
setTimeout("preventBack()", 0);
window.onunload = function () { null };
</script>
</head>
<body onload="preventBack();" onpageshow="if (event.persisted) preventBack();" onunload="">
Please Wait..
<?php
session_start(); # NOTE THE SESSION START
$expire=time()-60*60*24*30; //1month
if(isset($_COOKIE['User_id'])){
setcookie('User_id', '', $expire);
}
unset($_SESSION['UID']);
unset($_SESSION['USER']);
unset($_SESSION['URights']);
unset($_SESSION['UReg']);
$_SESSION = array();
foreach(array_keys($_SESSION) as $k) unset($_SESSION[$k]);
session_unset();
session_destroy();
header("Refresh: 2;url=../index.php");
?>
</body>
</html>
現在,避免我注銷后使用瀏覽器后退按鈕並銷毀會話。 謝謝大家的寶貴支持...
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.