1
我的會話有問題。看來,當用戶註銷的東西的作品。用戶不能訪問元素。但問題是,如果有人在地址欄中爲地址頁面寫入地址,他們將能夠訪問它,並且還可以單擊某些僅用於成員的頁面。會話在點擊鏈接時起作用,但在URL中輸入linkadress或在瀏覽器中點擊「返回」按鈕時不起作用
這是我的代碼看起來像login.php中
<?php
session_start();
if(isset($_SESSION['usr_id'])!="") {
header("Location: profileuser");
}
include_once 'Db.php';
//check if form is submitted
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($con, $_POST['email']);
$password = htmlentities(mysqli_real_escape_string($con, $_POST['password']));
$result = mysqli_query($con, "SELECT * FROM table WHERE email = '" . $email. "' and password = '" . md5($password) . "'");
if ($row = mysqli_fetch_array($result)) {
$_SESSION['usr_id'] = $row['id'];
$_SESSION['usr_name'] = $row['email'];
$_SESSION['usr_fname'] = $row['name'];
$_SESSION['usr_ename'] = $row['ename'];
$_SESSION['usr_vip'] = $row['vipoo'];
header("Location: profile");
} else {
$errormsg = "<script>alert('Wrong!')</script>";
}
}
?>
這是它的外觀爲在最高層成員的每個頁面。
<?php
session_start();
if(!isset($_SESSION["usr_id"])){
header("Location: index");
exit(); }
include_once 'Db.php';
?>
看起來像緩存問題。確保你不用PHP頁面發送緩存頭。 –