我这里有我的登录和注销代码,你们能检查一下我放置的会话是否正确吗?
<登录代码/strong>:
<?php
session_start();
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header('Content-Type: text/html');
$connection = mysql_connect("localhost", "root", "");
$db = mysql_select_db("store_data", $connection);
if(isset($_POST['login'])){
$admin=$_POST['user'];
$pass=$_POST['pass'];
$select_user = mysql_query("SELECT admin_name FROM admin");
$select_pass = mysql_query("SELECT admin_pass FROM admin");
$result_1 = mysql_fetch_assoc($select_user);
$result_2 = mysql_fetch_assoc($select_pass);
if($admin !=$result_1['admin_name'] || $pass!=$result_2['admin_pass']){
echo "<script >alert('Invalid password or username')</script>";
header("refresh:0; url=administrator.php" );
}
注销代码/strong>:
<?php
session_destroy();
header("Location: administrator.php");
?>
在session_destroy之前需要session_start
<?php
session_start();
session_destroy();
header("Location: administrator.php");
?>
错误
- 注销时缺少
session_start() - 您没有在查询中检查
$admin和$pass的值 - 你的参数是错误的设置会话
- 没有设置任何会话来销毁
- 不要使用MySQL函数现在已经贬值
<?php
session_start(); //add this
session_destroy();
header("Location: administrator.php");
?>
<?php
session_start();
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header('Content-Type: text/html');
$connection = mysql_connect("localhost", "root", "");
$db = mysql_select_db("store_data", $connection);
if(isset($_POST['login']))
{
$admin=$_POST['user'];
$pass=$_POST['pass'];
$query = mysql_query("SELECT * FROM admin where admin_name='$admin' AND admin_pass = '$pass' ");
$result = mysql_fetch_assoc($query);
$count = count($result);
if(!empty($count))
{
$_SESSION["admin_name"] = $admin;
header("refresh:0; url=administrator.php" );
}
else
{
echo "Invalid User";
}
}