0
我是新來的Php.I正在開發一個網站,我用會話登錄和登出代碼。我只是想知道如何在特定的時間後過期我的會話。例如20閒置數分鐘。 我的登錄代碼:會話到期時間在PHP
<?php
ob_start();
include("config.php");
session_start();
// set timeout period in seconds
$inactive = 1200;
// check to see if $_SESSION['timeout'] is set
if(isset($_SESSION['timeout'])) {
$session_life = time() - $_SESSION['start'];
if($session_life > $inactive) {
session_destroy(); header("Location: logout.php");
}
}
$_SESSION['timeout'] = time();
if($_SERVER["REQUEST_METHOD"] == "POST") {
$myusername=addslashes($_POST['username']);
$mypassword=addslashes($_POST['password']);
$sql="SELECT rid FROM register WHERE rname='$myusername' and rpass='$mypassword'";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
@$active=$row['active'];
$count=mysql_num_rows($result);
if($count==1) {
$_SESSION['myusername']=$myusername;
$_SESSION['login_user']=$myusername;
echo "<script language=\"javascript\">
window.location.assign('Home.php')</script>";
}
else {
$error="Your Login Name or Password is invalid";
}
}
?>
<html>
<head>
<title>Login Page</title>
</head>
<body>
<div style="margin:30px">
<form action="" method="post">
<label>UserName :</label><input type="text" name="username" required="required" class="box"/><br /><br />
<label>Password :</label><input type="password" name="password" required="required" class="box" /><br/><br />
<input type="submit" value=" Submit "/> <input type="reset" value="Reset"/><br />
<br />
Not a member yet..? <a href="register.php">Register</a></li>
</form>
<div style="font-size:11px; color:#cc0000; margin-top:10px"><?php echo @$error; ?></div>
</div>
</div>
</body>
</html>
和註銷代碼:
<?php
session_start();
if(session_destroy()) {
header("Location: home.php");
}
?>
此代碼運行正常,但用戶無法登錄。
**不要以純文本**存儲密碼。 – SLaks
您有一個SQL注入漏洞。 – SLaks
您沒有任何實際的安全性。 – SLaks