每當我運行logout.php腳本,然後再回到那個沒有被登錄,將無我還在session_destroy()沒有記錄我出去
logout.php登錄保護的網頁上
<?php
session_start();
session_unset();
session_destroy();
header("Location: ../index.php");
exit();
?>
的login.php
$userlogin = user_login($email, $password.$salt);
if ($userlogin==false){
$errors[]='Wrong email/password combination.';
} else {
//set the user session
$_SESSION['UserId']=$userlogin;
$_SESSION['LoginIP']=$_SERVER['REMOTE_ADDR'];
$db->query("UPDATE users SET ipadd='".$_SERVER['REMOTE_ADDR']."' WHERE user_id=".$_SESSION['UserId']."");
echo '<meta http-equiv="refresh" content="0; URL=index.php">';
檢查記錄在片段
/* Check if user is logged in or not */
function loggedin(){
return (isset($_SESSION['UserId'])) ? true : false;
}
if (loggedin()==true){
$session_user_id = $_SESSION['UserId'];
$user_data = user_data($session_user_id,'full_name','username');
$rezult =$db->query("SELECT ipadd FROM users WHERE user_id=".$_SESSION['UserId']."");
while($rez = $rezult->fetch_assoc()){
if ($rez['ipadd']==$_SERVER['REMOTE_ADDR']) {
} else {
echo '<meta http-equiv="refresh" content="0; URL=logout2.php">';
}
}
}
一直在看同一問題的帖子,但無論我嘗試仍然得到相同的問題。任何建議將非常感激!
我同意。 'session_start();'應該在每一頁上。我只能假設OP有它,因爲'login.php'看起來像部分代碼。 – Bradmage