嗨,伙计们,我怎么能在几分钟后破坏会话(例如30分钟),我真的很感激如果有人能帮助我走出这个,
这是我的代码我使用登录:
checkLogin:
<?php
// checkLogin.php
session_start(); // Start a new session
require('db.php'); // Holds all of our database connection information
// Get the data passed from the form
$username = $_POST['user'];
$password = $_POST['pass'];
// Do some basic sanitizing
$static_salt='asdfasdfqwertyuiop123ABC_some_static_salt_string';
$username = stripslashes($username);
$password = stripslashes($password);
$password=hash('sha512', $password . $static_salt . $username);
$sql = "select * from users where user = '$username' and pass = '$password'";
$result = mysql_query($sql) or die ( mysql_error() );
$count = 0;
while ($line = mysql_fetch_assoc($result)) {
$count++;
}
if ($count == 1) {
$_SESSION['loggedIn'] = "true";
header("Location: index.php"); // This is wherever you want to redirect the user to
} else {
$_SESSION['loggedIn'] = "false";
header("Location: deshtoi.php"); // Wherever you want the user to go when they fail the login
}
?>
login。
<div class="login-form">
<form action="checkLogin.php" method="post">
<input class="fusha" placeholder="Llogaria" type="text" name="user">
<input class="fusha" placeholder="Fjalekalimi" type="password" name="pass">
<input class="fusha" style="width:272px;" type="submit" value="Kycu"/>
</form>
index . php
<?php session_start();
if ($_SESSION['loggedIn'] != "true") {
print('<script>window.location = "login.php"</script>');
}
?>
一个解决方案是自己实现超时,如下文所述:https://stackoverflow.com/a/1270960/1688441
更多理论细节见全文
if (!isset($_SESSION['CREATED'])) {
$_SESSION['CREATED'] = time();
} else if (time() - $_SESSION['CREATED'] > 1800) {
// session started more than 30 minutes ago
session_regenerate_id(true); // change session ID for the current session and invalidate old session ID
$_SESSION['CREATED'] = time(); // update creation time
}
上面的另一个变体是:
if (!isset($_SESSION['CREATED'])) {
$_SESSION['CREATED'] = time();
} else if (time() - $_SESSION['CREATED'] > 1800) {
// session started more than 30 minutes ago
session_destroy();
die("Your session has expired");
}
可以用函数来决定超时时间。然后在会话中设置一个名为"timeout"的会话变量现在输入一个超时条件。如果满意,它会破坏你的会话。查看下面的代码。
If (!isset($_SESSION['timeout']))
{
$_SESSION['timeout'] = timeout();
}
else if (timeout() - $_SESSION['timeout'] > 1800)
{
//session is started before 30 minutes
session_destroy();
//session expire message
die("Session Expired!!! Please login again to continue");
}
这是一个非常简单的代码。第一个代码检查用户是否登录,然后设置两个会话。第一个会话名称是message,它有一些消息,另一个会话名称是timeout,它以秒为单位创建当前时间。
if($login == true)
{
$_SESSION['message']="Login successfully";
$_SESSION['timeout'] = time();
}
在打印会话之后,您必须编写以下代码。这段代码检查如果会话是可用的,那么它检查当前时间和会话创建时间是否超过10秒,如果是,那么它取消会话设置。
if(isset($_SESSION['message']))
{
if (time() - $_SESSION['timeout'] > 10){
unset($_SESSION['message']);
}
}