您好,John Doe。
然后我退出并使用不同的帐户登录(例如,假设名称是Mark Smith),然后当我转到profile.php时,它仍然说
您好,John Doe直到我重新加载页面(F5)而不是更改为
你好,马克史密斯。
问题是什么,在我的注销文件中我销毁了每个会话..代码:
<!DOCTYPE html>
<html>
<head>
<title>MyProject: Profile Page</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<style>
/* css here so i don't have to create specific file only for bg. */
body
{
background: url(images/index-body.jpg) no-repeat center center fixed;
position: absolute;
top: 0;
left: 0;
min-height: 100%;
min-width: 100%;
background-size: cover;
}
</style>
</head>
<body>
<nav class="navbar navbar-inverse navbar-fixed-top">
<div class="container-fluid">
<div class="navbar-header">
<a class="navbar-brand" href="welcome.php">MyProject: Welcome</a>
</div>
<ul class="nav navbar-nav navbar-right">
<li><a href="welcome.php"><span class="glyphicon glyphicon-home"></span> Home</a></li>
<li><a href="profile.php"><span class="glyphicon glyphicon-user"></span> My Account</a></li>
<li><a href="logout.php"><span class="glyphicon glyphicon-log-out"></span> Logout</a></li>
</ul>
<form class="navbar-form navbar-right" action="search.php">
<div class="form-group">
<input type="text" class="form-control" placeholder="Search by keyword" name="search_prototype">
</div>
</form>
</div>
</nav>
<br><br><br><br><br>
<div class="container">
<div class="jumbotron">
<?php
session_start();
ob_start();
require 'db.php';
if(!isset($_SESSION['logged_in']))
{
header("location: index.php");
exit();
}
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if(isset($_POST['update_submit']))
{
if(!empty($_POST['update_name']) && !empty($_POST['update_lastname']) && !empty($_POST['update_email']) && !empty($_POST['update_aboutme']))
{
$first_name = $mysqli->escape_string($_POST['update_name']);
$last_name = $mysqli->escape_string($_POST['update_lastname']);
$old_mail = $mysqli->escape_string($_SESSION['email']);
$email = $mysqli->escape_string($_POST['update_email']);
$about_me = $mysqli->escape_string($_POST['update_aboutme']);
$mysqli->query("UPDATE users SET name='$first_name', lastname='$last_name', email='$email', aboutme='$about_me' WHERE email ='$old_mail'");
$_SESSION['suc_message'] = "Your account has been updated!";
header("location: profile.php");
exit();
}
else
{
$_SESSION['error_message'] = "You can't leave anything blank!";
header("location: profile.php");
exit();
}
}
}
$email = $mysqli->escape_string($_SESSION['email']);
$result = $mysqli->query("SELECT * FROM users WHERE email='$email'");
if($result->num_rows > 0)
{
$row = $result->fetch_assoc();
echo '
<div class="media-left">
<img src="images/avatar_Test.png" class="media-object" style="width:110px">
</div>
<div class="media-body">
<h2 class="media-heading">', $row['name'], ' ', $row['lastname'], '</h3>
<small>Last active: ', $row['lastlogin'], '</small><br>
<small>Register date: ', $row['register_date'], '</small>
</div>
<br><button data-toggle="collapse" class="btn btn-info" data-target="#profile_about">About me</button>
<button data-toggle="collapse" class="btn btn-info" data-target="#profile_contact">Contact</button>
<div id="profile_about" class="collapse"><br>', $row['aboutme'], '</div>
<div id="profile_contact" class="collapse">
<small><br>Email address: ', $row['email'], '</small><br>
</div>
<br><br>
<div class="alert alert-success">
<span class="glyphicon glyphicon-edit"></span> You can edit your profile data by changing the informations below
</div>
';
if(isset($_SESSION['error_message']) AND !empty($_SESSION['error_message']))
{
echo '
<div class="alert alert-warning alert-dismissible" id="myAlert">
<a href="#" class="close">×</a>
<strong>Error!</strong> ' . $_SESSION["error_message"] . '
</div>
';
unset($_SESSION['error_message']);
}
if (isset($_SESSION['suc_message']) AND !empty($_SESSION['suc_message']))
{
echo '
<div class="alert alert-warning alert-dismissible" id="myAlert">
<a href="#" class="close">×</a>
<strong>Success!</strong> ' . $_SESSION["suc_message"] . '
</div>
';
unset($_SESSION['suc_message']);
}
echo '
<form method="POST">
<input type="text" id="ex2" class="form-control" value="', $row['name'], '" aria-describedby="sizing-addon1" name="update_name"><br>
<input type="text" id="ex2" class="form-control" value="', $row['lastname'], '" aria-describedby="sizing-addon1" name="update_lastname"><br>
<input type="email" id="ex2" class="form-control" value="', $row['email'], '" aria-describedby="sizing-addon1" name="update_email"><br>
<textarea class="form-control" rows="5" name="update_aboutme" id="comment" placeholder="', $row['aboutme'], '"></textarea>
<br><br><input type="submit" name="update_submit" class="btn btn-info" value="Save"> <button data-toggle="collapse" class="btn btn-info" data-target="#profile_change_password">Change password</button>
</form>
<div id="profile_change_password" class="collapse">
<form method="POST">
<input type="password" id="ex2" class="form-control" aria-describedby="sizing-addon1" name="update_name"><br>
<input type="password" id="ex2" class="form-control" aria-describedby="sizing-addon1" name="update_lastname"><br>
<br><br><input type="submit" name="update_submit" class="btn btn-info" value="Save">
</form>
</div>
';
}
?>
</div>
<p>Website created by Cadilab.</p>
</div>
<script>
$(document).ready(function()
{
$(".close").click(function()
{
$("#myAlert").alert("close");
});
});
</script>
答案 0 :(得分:0)
我会使用不同的方法登录和注销。首先是Session和Cookies两种不同的方式。
//first our session we need to check if its started and if not then start it
if(session_id()=="") session_start();
//under a login page
echo "<form action=\"login.php\" method=\"post\">";
echo "<input type=\"text\" name=\"email\" />";
echo "<input type=\"password\" name=\"password\" />";
echo "<input type=\"submit\" id=\"login_sm\" name=\"submit\" value=\"".ucwords('login')."\" />";
echo "</form>";
//under login.php or w/e you decide to use
if(empty($_SERVER['HTTP_REFERER'])) $_SERVER['HTTP_REFERER']="home.php"; // this allows us to check once logged in send back to home or user pager or w/e
foreach($_POST as $key=>$value) $_POST[$key]=htmlentities($value,ENT_QUOTES);
if(isset($_POST['email']) && isset($_POST['password']))
{
$email = $_POST['email'];
$password = md5($_POST['password']); // try to learn other than md5
$sql="SELECT * FROM database WHERE email=\"".$email."\" AND md5(password)=\"".$password."\""; //yes md5 is not a good method so choose your encryption here
$query=mysql_query($sql);
if(mysql_num_rows($query)==0) {
header("Location: ".$_SERVER["HTTP_REFERER"]."?login=Failed");
}
else {
$row = mysql_fetch_array($query);
$_SESSION['user_id-'.$_SERVER['SERVER_NAME']]=mysql_result($query,0); //this would have a unique identifier For Example The User ID would identify them as each user.
setcookie("email-".str_replace(".","_",$_SERVER['SERVER_NAME']),$email,time()+60*60*24*365,"/",$_SERVER['SERVER_NAME'],0);
setcookie("password-".str_replace(".","_",$_SERVER['SERVER_NAME']),$password,time()+60*60*24*365,"/",$_SERVER['SERVER_NAME'],0); // I use cookies in this case so if the browser is closed you can check for cookies and they will be logged in auto if you wish this is not needed.
header("Location: ".$_SERVER["HTTP_REFERER"]."?login=Success");
}
//logout
if(empty($_SERVER['HTTP_REFERER'])) $_SERVER['HTTP_REFERER']="index.php";
unset($_SESSION['user_id-'.$_SERVER['SERVER_NAME']]);
setcookie("email-".str_replace(".","_",$_SERVER['SERVER_NAME']),"dummytext",time()-60*60*24*365,"/",$_SERVER['SERVER_NAME'],0);
setcookie("password-".str_replace(".","_",$_SERVER['SERVER_NAME']),"dummytext",time()-60*60*24*365,"/",$_SERVER['SERVER_NAME'],0);
//again you dont have to use cookies but i do.
header("Location: ".$_SERVER["HTTP_REFERER"]."?logout=Success");
使用header();帮助将会话更改为正确的登录,因为它基本上是刷新。