我正在嘗試爲頁面創建一個登錄和註銷腳本,但由於某種原因,它不適合我。它似乎工作正常,直到我嘗試註銷。它似乎破壞會話變量,但它仍然讓我查看頁面。 繼承人我登錄代碼:在會話中註銷PHP的問題
代碼: 的login.php
<?php
// Use session variable on this page. This function must put on the top of page.
session_start();
////// Logout Section. Delete all session variable.
session_destroy();
$Name=$_POST['Name'];
$Pass=$_POST['Pass'];
// To protect MySQL injection (more detail about MySQL injection)
$Name = stripslashes($Name);
$Pass = stripslashes($Pass);
$Name = mysql_real_escape_string($Name);
$Pass = mysql_real_escape_string($Pass);
$sql="SELECT * FROM reg1 WHERE uname='$Name' and pass='$Pass'";
$result=mysql_query($sql);
if(mysql_num_rows($result)!='0') // If match.
{
session_register("uname"); // Craete session username.
header("location:loged.php"); // Re-direct to loged.php
exit;
}else{ // If not match.
echo '<script type="text/javascript">
window.alert("Wrong UserName And Password");
window.location="index.php"
</script>';
}
// End Login authorize check.
?>
logout.php
<?php
// Inialize session
session_start();
// Delete certain session
unset($_SESSION['uname']);
// Delete all session variables
session_destroy();
// Jump to login page
header("Location: index.php?msg=Successfully Logged out");
}
?>
感謝每一個...
'$名稱=的stripslashes($名)'---這可以打破的數據,如果' magic_quotes'被關閉。 – zerkms 2011-05-16 07:03:53
如何檢查用戶是否在loged.php上登錄? – BlueEel 2011-05-16 07:07:14
閱讀關於session_destroy的手冊,看看還有什麼需要完成破壞會議:http://php.net/session_destroy – 2011-05-16 07:08:48