我正在开发一个网站,我的登录系统有问题。考虑两个用户,user1和user2。如果user1可以访问他的帐户,并且在同一浏览器中,如果user2可以访问他的账户,那么user1必须从他的会话中注销,但这在我的系统中不会发生,此外,系统认为user1是user2,因为user2已连接。这是登录页面和身份验证的以下代码:
登录代码
<html>
<body>
<div class="wrap">
<div id="content">
<div id="main">
<div class="full_w">
<form action="login_oficial.php" method="post" autocomplete="off">
<label for="login">Usuario:</label>
<input id="login" name="login" class="text" />
<label for="pass">Contraseña:</label>
<input id="pass" name="pass" type="password" class="text" />
<input type="submit" class="ok" name="acceso_cuenta" value="Acceder"></button>
</form>
</div>
</div>
</div>
</div>
</body>
</html>
身份验证代码(login_oficial.php)
<?php
session_start();
require('incluye.php');
$usuario = $_POST['login'];
$_SESSION['user']=$usuario;
$error = '';
$form = $_POST['acceso_cuenta'];
$password = $_POST['pass'];
$query1 = "SELECT user FROM data1 WHERE user='$usuario' and passwort='$password'";
$result=pg_query($conn,$query1);
if( isset($form) ) {
if( isset($usuario) && isset($password) && $usuario !== '' && $password !== '' ) {
if(pg_num_rows($result) != 0 ) { //success
$_SESSION['logged-in'] = true;
header('location: http://localhost/public_html/website/normal_user.php');
exit;
}else { $error = "Your information is wrong."; }
} else { $error = 'Please, do not leave blank spaces.';}
}
?>
<html>
<body>
<div class="wrap">
<div id="content">
<div id="main">
<div class="full_w">
<form action="<?php $PHP_SELF; ?>" method="post">
<label for="login">Usuario:</label>
<input id="login" name="login" class="text" autocomplete="off" />
<label for="pass">Contraseña:</label>
<input id="pass" name="pass" type="password" class="text" />
<div class="sep"></div>
<input type="submit" class="ok" name="acceso_cuenta" value="Acceder"></button>
</form>
</div><!--END OF FULL-->
<?php echo "<br /><span style='"color:red'">$error</span>";?>
</div><!--END OF MAIN-->
</div><!--END OF CONTENT-->
</div><!--END OF WRAP-->
</body>
</html>
incluye.php 的代码
<?
if($_POST['acceso_cuenta']){
$strconn="dbname=postgres port=5432 host=127.0.0.1 user=xxxxxx password=*****";
$conn=pg_Connect($strconn);
}
if(!$conn){
// echo "Error connection!!!";
}else{
//echo "Connection succesful!!!";
}
?>
用户页面
<?php
session_start();
require('incluye.php');
// is the one accessing this page logged in or not?
if ( !isset($_SESSION['logged-in']) || $_SESSION['logged-in'] !== true) {
// not logged in, move to login page
session_destroy();
header('Location: login_oficial.php');
exit;}
?>
<html lang="en">
<body class="">
<div class="navbar">
<div class="navbar-inner">
<ul class="nav pull-right">
<li id="fat-menu" class="dropdown">
<li ><a href="logout.php">Logout</a></li>
<i class="icon-user"></i> <? echo "Welcome user {$_SESSION['user']} " ; ?>
</a>
</li>
</ul>
</div>
</body>
</html>
注销.php
session_start();
// if the user is logged in, unset the session
if (isset($_SESSION['logged-in'])) {
unset($_SESSION['logged-in']);
}
// now that the user is logged out,
// go to login page
header('Location: login.html');
?>
欢迎所有建议,并随时提出您认为合适的任何其他建议。干杯
在login_oficial.php中,您可以设置这些会话
$_SESSION['user']=$usuario;
$_SESSION['logged-in'] = true;
但在logout.php中,您只取消设置已登录的会话。试试这个代码,它应该会重置所有会话。
session_start();
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
session_regenerate_id(true);
顺便说一句,我认为在检查数据库中是否存在用户之前,不应该设置$_SESSION['user']
。