1
我需要一些幫助才能登出。我儘量減少代碼以避免長代碼。使用類登出PHP
我想要做的是一個網頁,允許用戶登錄和查看一些東西。當用戶查看完東西后,用戶可以註銷。當註銷,這將用戶重定向到登錄頁面和更新我的數據庫清理所有的數據,如session_id等
但問題是,每當用戶點擊註銷按鈕,它會重定向用戶登錄頁面,但不更新logout函數中的查詢。我試圖通過清除數據庫中的所有會話和數據進行記錄用戶如session_id,last_log等
有沒有什麼辦法讓註銷按鈕的作品?
在我的保護類
class protect
{
var $username = "";
var $password = "";
var $id = "";
var $isAdmin = -1;
var $sess_id = "";
var $action = "";
var $query = "";
var $ip_address = "";
var $otp = "";
function __construct()
{
try
{
session_start();
$db = new DB("XXUser","password",DB_NAME);
$db->connect();
$this->check_login($db);
if(!isset($_SESSION['loggedin']) || $_SESSION['loggedin']!=1)
{
$this->logout($db);
}
else
{
if($this->action == "logout")
{
$this->logout($db);
}
$this->check_session($db);
}
}
catch
{
$this->logout($db);
exit();
}
}
function post_value()
{
if (!empty($_POST))
{
foreach ($_POST as $key => $value)
{
$this->$key=$value;
}
}
}
function get_value()
{
if(isset($_GET['action']))
{
$this->action=$_GET['action'];
}
}
function insert_session($db)
{
$sql = "UPDATE myuser SET lastLog = now(), active = 'Y', last_active
= now(), last_access = now(), ip_addr = '".$this->ip_address."',
session_ID = '".trim($this->sess_id)."', fail_login_count = 0,
last_fail_login_time ='1900-01-01 00:00:00', otp =
'".$_SESSION['otp']."' WHERE ID = '".$_SESSION['id']."'";
$db->query($sql);
}
function check_session($db)
{
if(isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == 1)
{
$sql2 = "SELECT * FROM myuser WHERE ID = '".$_SESSION['id']."'
AND otp = '".$_SESSION['otp']."'";
$db->query($sql2);
$db->fetchRow();
if($db->resultCount() == 0)
{
echo "<script type=\"text/javascript\">
alert(\"Access Denied\");
</script>";
session_destroy();
$db->disconnect();
header("Location: login2.php");
exit();
}
else
{
$this->check_time($db);
$this->refresh_session();
}
}
}
function refresh_session()
{
//Regenerate id
session_regenerate_id();
//Regenerate otp
$_SESSION['otp'] = trim(md5(time() .$_SESSION['id']));
}
function check_time($db)
{
$sql3 = "SELECT * FROM myuser WHERE ID = '".$_SESSION['id']."' AND
otp = '".$_SESSION['otp']."' AND last_active > DATE_SUB(NOW(),
INTERVAL 10 MINUTE)";
$db->query($sql3);
if($db->resultCount($db) == 0)
{
$this->logout($db);
}
else
{
$sql2 = "UPDATE myuser SET last_active = now() WHERE ID =
'".$_SESSION['id']."' AND otp = '".$_SESSION['otp']."'";
$db->query($sql2);
}
}
function check_login($db)
{
if(!isset($_SESSION['loggedin']) || $_SESSION['loggedin']!=1)
{
$this->username = sanitize($_POST['username']);
$this->password = $_POST['password'];
$sql = "SELECT * FROM myuser WHERE userName = '".$this-
>username."' AND userPass = '".$this->password."'";
$db->query($sql);
if($db->resultCount() == 0)
{
echo "<script type=\"text/javascript\">
alert(\"Wrong Username or Password\");
</script>";
$db->disconnect();
$db->clear();
}
else
{
$db->fetchRow();
//Correct username but wrong password.
if($db->record['userName'] == $this->username)
{
if($db->record['userPass'] != $this->password)
{
echo "<script type=\"text/javascript\">
alert(\"Wrong Username or Password\");
</script>";
$sql3 = "UPDATE myuser SET ip_addr='".$this-
>ip_address."',fail_login_count=(fail_login_count+1)
WHERE userName='".$this->username."'";
mysql_query($sql3) or die(mysql_error());
}
else
{
$this->id = $db->record['ID'];
$sql4 = "SELECT * FROM subordinate_reporting WHERE
myuser_uid = '".$this->id."'";
$db->query($sql4);
if($db->record['active'] == 'Y')
{
session_destroy();
$db->disconnect();
header("Location: login2.php");
exit();
}
else if($db->resultCount() == 0)
{
echo "<script type=\"text/javascript\">
alert(\"".$db->record['real_name'].", You
are not authorized to access this page\");
</script>";
$db->clear();
}
else
{
echo "<script type=\"text/javascript\">
alert(\"Welcome ".$db-
>record['real_name'].". Your last access was
on ".$db->record['last_access']."\");
</script>";
$this->session($db);
}
}
}
}
}
}
//This function haven't use
function check_attempt($db)
{
$db->query("SELECT fail_login_count, last_fail_login_time FROM
myuser WHERE userName = ".$this->username."");
$db->fetchRow();
if($db->record['fail_login_count'] >= 3)
{
$db->query("UPDATE myuser SET blocked = 'Y',
last_fail_login_time = now()");
echo "<script type=\"text/javascript\">
alert(\"Your account has been blocked for 10 minutes due to
failed login attempts of 3 times\");
</script>";
}
if($db->record['blocked'] === 'Y')
{
if(($db->record['last_fail_login_time'] - time()) > 10)
{
$db->clear();
$db->query("UPDATE myuser SET last_fail_login_time = '1900-
01-01 00:00:00', fail_login_count = 0, blocked = 'N'");
}
else
{
$db->clear();
echo "<script type=\"text/javascript\">
alert(\"Please try again later\");
</script>";
}
}
}
function logout($db)
{
$sql = "UPDATE myuser SET session_ID = '', otp = '', active =
'N', last_active = '1900-01-01 00:00:00', lastLog = '1900-01-01
00:00:00' WHERE ID = ".$_SESSION['id']." AND
otp='".$_SESSION['otp']."'";
$db->query($sql);
echo $sql;
unset ($_SESSION['otp']);
unset ($_SESSION['loggedin']);
unset ($_SESSION['id']);
session_unset();
session_destroy();
$db->clear();
$db->disconnect();
header("Location: login2.php");
exit();
}
function session($db)
{
$_SESSION['loggedin'] = 1;
$_SESSION['id'] = $this->id;
$_SESSION['otp'] = trim(md5(time() .$_SESSION['id']));
$this->ip_address = $this->get_ip();
$this->sess_id = session_id();
$_SESSION['timeout'] = time();
$this->insert_session($db);
}
function logout_btn()
{
echo "<form name='logoutbtn' method='post' action=''>";
echo "\n <input type='hidden' name='action' value='logout'
/>";
echo "<input type='submit' id='button' value='Log Out' />";
echo "\n</form>";
}
function get_ip()
{
if(getenv('HTTP_CLIENT_IP'))
{
$ip = getenv('HTTP_CLIENT_IP');
}
else if(getenv('HTTP_X_FORWARDED_FOR'))
{
$ip = getenv('HTTP_X_FORWARDED_FOR');
}
else
{
$ip = getenv('REMOTE_ADDR');
}
return $ip;
}
}
在我正常的HTML文件
<?php
try
{
$prot = new protect();
if(!isset($_SESSION['loggedin']) || $_SESSION['loggedin']!=1)
{
echo "<script type=\"text/javascript\">
alert("Access Denied");
</script>";
}
}
catch (Exception $e)
{
$e->getMessage();
}
?>
<!DOCTYPE html>
<html>
</html>
<head>
</head>
<body>
$ved = new view_exit_docket($db, $_SESSION['id']);
$ved->check_app_uid($db);
$ved->display_table($db);
$prot->logout_btn();
</body>
</html>
嘗試輸出任何MySQL錯誤,也許它只是一個SQL語法錯誤。 http://php.net/manual/en/mysqli.error.php – Zeke
@Zeke我試着用mysql_error,它沒有顯示任何錯誤。當我將所有代碼放在一個文件中時,我認爲這不是一個語法錯誤,因爲此代碼曾經工作過。由於我分離到2個文件和使用類,發生了一些問題,但我解決了它,但不是這個註銷問題。 – Wassup
好的,然後檢查你的DB類,不管是什麼。你最好使用mysqli。無論如何,您應該檢查代碼中每個關鍵點的成功情況,以便跟蹤和調試。 – Zeke