我正在尝试创建一个登录系统,根据登录类型,将显示不同的页面。 (即以admin身份登录,或各种其他角色)登录/注销会话的问题
这包括三个文件:
的login.php - 各种形式在这里提交,并根据表格值名称,设置一个会话变量到正确的级别(管理员等)
Logout.php - 取消前面提到的变量。
Dashboard.php - ,看看检查如果变量设置如果是这样,加载培训相关的信息,如果没有,发回的index.php
请找到下面的代码:
的login.php
<?php
session_start();
if (isset($_POST['uname_driver']))
{
$username = $_POST['uname_driver'];
$hpassword = password_hash($_POST['hpass_driver'], PASSWORD_DEFAULT);
// Check here for login details within server
$_SESSION['loggedIn'] = "driver";
header("Location: dashboard.php");
}
if (isset($_POST['uname_restaurant']))
{
$username = $_POST['uname_restaurant'];
$hpassword = password_hash($_POST['hpass_restaurant'], PASSWORD_DEFAULT);
// Check here for login details within server
$_SESSION['loggedIn'] = "restaurant";
header("Location: dashboard.php");
}
if (isset($_POST['uname_admin']))
{
$username = $_POST['uname_admin'];
$hpassword = password_hash($_POST['hpass_admin'], PASSWORD_DEFAULT);
// Check here for login details within server
$_SESSION['loggedIn'] = "admin";
header("Location: dashboard.php");
}
Logout.php- 编辑,以反映Juned的回答日在这个问题
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
header("Location: index.php");
Dashboard.php
<?php
session_start();
include("header.php");
if (isset($_SESSION['loggedIn']))
{
switch ($_SESSION['loggedIn'])
{
case "admin":
include("admin_dashboard.php");
break;
case "driver":
include("driver_dashboard.php");
break;
case "restaurant":
include("restaurant_dashboard.php");
break;
}
}
else
{
header("Location: index.php");
}
?>
登录显得做工精绝,直到我试图再次登录出的解决了一部分,注销与实现仪表板上的某个按钮和一个Jquery帖子的onclick事件,如下所示:
$('#logoutOfDashboard').click(function(e)
{
e.preventDefault();
var reallyLogout=confirm("Do you really want to log out?");
if(reallyLogout)
{
$.post('logout.php', {})
.done(function(data)
{
window.location.replace("/");
})
}
});
再次,这似乎工作,但是,如果我手动输入/dashboard.php到URL栏,它会踢我回到index.php按预期。 Now无论何时提交登录表单,并且应该重新创建会话变量,dashboard.php会不断返回索引,就好像它不存在一样,并且在此会话期间我无法再登录。这是几乎一样,如果会话变量是没有设置缓存,无法再重新设置
我已经尝试添加各种无缓存的头信息,如:
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
但是这似乎没有任何效果。任何援助或在这方面的见解将不胜感激。
EDIT
的index.php
<?php
include("header.php");
?>
<body>
<div class="container">
<div class="jumbotron">
<h1>Website Coming Soon!</h1>
</div>
<div class="row marketing">
<div class="col-lg-6 center-block">
<a class="btn btn-lg btn-success btn-space center-block" href="/restaurant_login.php" role="button">Log In As Restaurant</a>
</div>
<div class="col-lg-6 center-block">
<a class="btn btn-lg btn-primary btn-space center-block" href="/driver_login.php" role="button">Log In As Driver</a>
</div>
</div>
<footer class="footer">
<p>© 2016</p>
</footer>
</div>
</body>
的header.php
<?php
date_default_timezone_set('Europe/London');
require_once('config.php');
require_once('functions.php');
function autoloader($class)
{
require_once(PUBLIC_BASE_PATH_PHP . "classes/$class.php");
}
spl_autoload_register("autoloader");
global $dbConn;
$dbConn = null;
if(!Database::connect())
{
die("Unable to connect to the database");
}
?>
<head>
<!-- Footer these scripts at end -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<!-- Merge these together and minify at end -->
<link rel="stylesheet" href="css/jumbotron-narrow.css">
<link rel="stylesheet" href="css/signin.css">
<link rel="stylesheet" href="css/style.css">
</head>
RestarauntLogin。PHP
<?php Header("Cache-Control: max-age=3000, must-revalidate");
include("header.php");
?>
<div class="container">
<form class="form-signin" action="/login.php" method="post">
<h2 class="form-signin-heading">Please sign in</h2>
<label for="inputEmail" class="sr-only">Email</label>
<input type="email" name = "uname_restaurant" id="inputEmail" class="form-control" placeholder="Email" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name = "hpass_restaurant" id="inputPassword" class="form-control" placeholder="Password" required>
<button class="btn btn-lg btn-success btn-block" type="submit">Sign in</button>
<a href = "/" class="btn btn-lg btn-primary btn-block" role="button">Back</a>
</form>
</div>
我相信问题是,会议没有设置页面重新加载后,由于PHP是后端系统,它不是动态的它会导致_SESSION $仍然设置,直到窗口被重新加载,这意味着如果你通过jQuery动态加载窗口,它仍然会说你已经登录 – Imphusius
应该了解会话和会话cookie的工作方式,并且看不出为什么你甚至使用ajax注销,因为无论如何你都要重定向将更好地处理服务器 – charlietfl
我已经尝试删除所有jquery的注销,并只是有一个href将用户发送到logout.php(在logout.php结尾处带有额外的标题(Location:index.php)),具有相同的效果。 – Aphire