PHP-按“后退"按钮后的Session_Destroy [英] PHP - Session_Destroy upon pressing Back button
本文介绍了PHP-按“后退"按钮后的Session_Destroy的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
这是我的问题:
我有一个名为login.php的登录页面(不包含HTML代码).当用户正确输入其凭据时,他将被重定向到特定页面;在本例中,我们将说test.php.该页面上的唯一链接将注销当前会话,并使用户返回index.html.
I have a login page called login.php (containing no HTML code). When the user types in his credentials correctly he's redirected to a specific page; we'll say test.php for this example. The only links on that page logout of the current session, and return the user to index.html.
我的问题是,如果用户按下后退"按钮,它将返回至login.php,您会得到一个空白页.如果您从该空白页导航,则无法返回到test.php,因此无法注销该会话.
My problem is that if the user presses the back button, it goes back to login.php and you get a blank page. If you navigate away from that blank page you have no way to get back to test.php thus no way to logout of that session.
我最初的想法是使用Java脚本禁用后退按钮导航.最终,我发现这是行不通的,因为如果用户找到了一种无需注销即可退出该页面的方法,那么他们将被困在该会话中,login.php将为空白.
My original idea was to disable the back button navigation with Javascript. Eventually I figured out that wouldn't work, because if the user found a way to get out of that page without logging out, they would be stuck in that session and login.php would be blank.
如果按下该后退按钮,是否有任何方法可以结束当前会话?还是如果login.php被重新加载?我对PHP不太熟悉,因此不胜感激.
So is there any way to end the current session if that back button is pressed? Or if login.php is reloaded? I'm not too familiar with PHP so a detailed explanation would be greatly appreciated.
这是登录页面的代码:
<?php
/**
* The idea of this application is to secure any page with one link. I know some of the professionals
* will agree with me considering the way it has been done, usually you wouldnt put any other information such as
* HTML/CSS with a class file but in this case its unavoidable. This is to make it easier for the non techys to use.
* @author John Crossley <john@suburbanarctic.com>
* @version Version 2
**/
// Turn off error reporting.
error_reporting(0);
# Start a new session, regenerate a session id if needed.
session_start();
if (!isset($_SESSION['INIT'])) {
session_regenerate_id();
$_SESSION['INIT'] = TRUE;
}
class JC_fsl {
public static $_init;
protected $_users = array();
# Script configuration
protected static $_script_name;
protected static $_admin_email;
protected static $_admin_name;
private static $_version = '{Version 2.0.1}';
protected function __construct() {
if (!isset($_SESSION['LOGIN_ATTEMPTS']))
$_SESSION['LOGIN_ATTEMPTS'] = 0;
// Default user admin added.
$this->_users = array(
array(
'USERNAME' => 'admin',
'PASSWORD' => 'master13',
'EMAIL' => 'seth@procstaff.com',
'LOCATION' => 'master.php')
);
}
public function __toString() {
return 'SCRIPT NAME :: ' . self::$_script_name . "<br />" .
' ADMIN EMAIL :: ' . self::$_admin_email . "<br />" .
' ADMIN NAME :: ' . self::$_admin_name . "<br />" .
' FSL VERSION :: ' . self::$_version;
}
/**
* This method allows you to peek inside the users list, so you can view their information.
**/
public function peek() {
var_dump($this->_users);
}
protected function ready_array($username, $password, $email, $location = 'index.html', $access = false) {
return array('USERNAME' => $username, 'PASSWORD' => $password, 'EMAIL' => $email, 'LOCATION' => $location);
}
public function add($username, $password, $email, $location = 'index.html') {
$add = $this->ready_array($username, $password, $email, $location);
$this->_users[] = $add;
}
public static function logout() {
if (isset($_SESSION['LOGGED_IN'])) {
if (session_destroy())
header('Location: index.html');
}
}
/**
* This method increments or returns login attempts.
* @param <bool> true to increment by 1 and false to return.
*/
public static function attempts($add = false) {
if ($add === true)
$_SESSION['LOGIN_ATTEMPTS'] += 1;
else
return $_SESSION['LOGIN_ATTEMPTS'];
}
public function site_name() {
return self::$_script_name;
}
public function validate($un, $pw) {
# Check all of the arrays for the user
for ($i=0;$i<count($this->_users);$i++) {
if (array_key_exists('USERNAME', $this->_users[$i])) {
if ($this->_users[$i]['USERNAME'] == $un) {
# We have found the user check to see if there password matches also.
$info = $this->_users[$i];
if ($info['USERNAME'] == $un && $info['PASSWORD'] == $pw) {
# We have a match redirect the user.
$_SESSION['LOGGED_IN'] = TRUE;
$_SESSION['LOGIN_ATTEMPTS'] = 0;
$_SESSION['USERNAME'] = $info['USERNAME'];
$_SESSION['EMAIL'] = $info['EMAIL'];
header('Location: ' . $info['LOCATION']);
return;
}
}
}
}
echo '<h2 class=\'error\'>Incorrect username and or password, try again!</h2>';
self::attempts(true);
}
/**
* Forgot password? not a problem call this method with the correct username
* and the user will be sent a password reminder. Please note that not of these passwords
* are hashed meaning this is not a good idea to store personal information behind this script!
* @param <string> The users email address.
* @return <bool> Returns true upon success.
*/
public function forgot($email) {
for ($i=0;$i<count($this->_users);$i++) {
if (array_key_exists('EMAIL', $this->_users[$i])) {
if ($this->_users[$i]['EMAIL'] == $email)
$info = $this->_users[$i];
} else return false;
}
if (isset($info) && is_array($info)) {
# Send the user their password
$to = $info['EMAIL'];
$subject = 'You recently forgot your password | ' . self::$_script_name;
$message = 'Hi ' . $info['USERNAME'] . ', ' . "\n\n";
$message .= 'You recently requested your password for ' . self::$_script_name . ' if you didn\'t not to worry just ignore this ';
$message .= 'email. Anyway you can find your email below, should you require anymore assistance then please contact us ';
$message .= 'at ' . self::$_admin_email . ".\n\n";
$message .= 'Username: ' . $info['USERNAME'] . "\n";
$message .= 'Password: ' . $info['PASSWORD'];
$message .= "\n\n" . 'Best Regards, ' . "\n" . self::$_admin_name;
$headers = 'From: ' . self::$_admin_email . "\r\n" .
'Reply-To: ' . self::$_admin_email . "\r\n" .
'X-Mailer: PHP/' . phpversion();
# Uncomment for final version
if (mail($to, $subject, $message, $headers)) return true;
}
}
/**
* The secure method, simply call this to lock any page down it's as simple as that.
* @param <string> Name of the script EG: John's Script
* @param <string> Email of the administrator EG: john@suburbanarctic.com
* @param <string> Admin name EG: John Crossley
* @return <object> Returns an instanciated object of this class.
*/
public static function secure($s_name = '', $a_email = '', $a_name = '') {
self::$_script_name = $s_name;
self::$_admin_email = $a_email;
self::$_admin_name = $a_name;
if (!self::$_init instanceof JC_fsl) {
self::$_init = new JC_fsl();
}
return self::$_init;
}
}
# You may edit me
$secure = JC_fsl::secure();
##########################################################################
########################## YOUR EDITING BLOCK ###########################
$secure->add('mbhaynes', 'mbhaynes13', 'seth@procstaff.com', 'mbhaynes.php');
$secure->add('emory', 'emory13', 'seth@procstaff.com', 'emory.php');
$secure->add('ehg', 'ehg13', 'seth@procstaff.com', 'redirect.html');
$secure->add('dhgriffin', 'dhgriffin13', 'seth@procstaff.com', 'dhgriffin.php');
$secure->add('neo', 'neo13', 'seth@procstaff.com', 'neo.php');
$secure->add('first', 'first13', 'seth@procstaff.com', 'first.php');
$secure->add('test', 'test', 'seth@procstaff.com', 'test.php');
##########################################################################
##########################################################################
############ FORM PROCESSING ############
if (isset($_POST['username']) && isset($_POST['password'])) {
$secure->validate($_POST['username'], $_POST['password']);
}
if (isset($_GET['logout'])) $secure->logout();
if (isset($_POST['forgot_password_button']) && isset($_POST['email'])) {
// We need to send the user their password.
if ($secure->forgot($_POST['email'])) {
echo '<h2 class=\'success\'>Your password has been sent to your email address!</h2>';
} else {
echo '<h2 class=\'error\'>I\'m sorry but that email address has no record on this site.</h2>';
}
}
?>
<?php if(!isset($_SESSION['LOGGED_IN'])): ?>
<style type='text/css'>
#fslv2-main{
font-family:HelveticaNeue-Light, "Helvetica Neue Light", "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;font-weight:300;font-size:14px;line-height:1.6;
margin-left:auto;
margin-right:auto;
width: 300px;
padding: 10px 10px 10px 10px;
}
fieldset { border: none; margin: 0; padding: 0;}
.fslv2 .input {
border: 1px solid #b9b9b9;
padding: 5px;
width: 225px;
outline: none;
font-size: 13px;
}
.fslv2 label {
float: left;
width: 72px;
line-height: 28px;
}
h3 { font-weight: normal; }
a { color: #4a6a81; text-decoration: none; }
a:hover { color: #4a6a81; text-decoration: underline; }
.button {
border: 1px solid #233d4f;
border-bottom: 1px solid #233d4f;
background-color: #4a6a81;
border-radius: 2px;
padding: 6px 5px;
color: #ffffff;
text-shadow: 0 1px rgba(0, 0, 0, 0.1);
margin-left:auto;
margin-right:auto;
top: 5px;
width: 100px;
min-width: 100px;
cursor: pointer;
font-size: 13px;
box-shadow: rgba(0,0,0,0.2);
-webkit-box-shadow: rgba(0,0,0,0.2);
-moz-box-shadow: rgba(0,0,0,0.2);
}
.input:focus {
-moz-box-shadow: inset 0 0 3px #bbb;
-webkit-box-shadow: inset 0 0 3px #bbb;
box-shadow: inner 0 0 3px #bbb;
}
.fsl p.la { text-align: center; }
.success {
margin: 2em auto 1em auto;
border: 1px solid #337f09;
padding: 5px;
background-color: #dd4b39;
width: 400px;
text-align: center;
-webkit-border-radius: 5px;
-moz-border-radius: 5px;
border-radius: 5px;
font-weight: normal;
font-family:HelveticaNeue-Light, "Helvetica Neue Light", "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;font-weight:300;font-size:14px;line-height:1.6;
}
.error {
margin: 2em auto 1em auto;
border: 1px solid #233d4f;
padding: 5px;
background-color: #8bafc5;
width: 400px;
text-align: center;
-webkit-border-radius: 5px;
-moz-border-radius: 5px;
border-radius: 5px;
font-weight: normal;
font-family:HelveticaNeue-Light, "Helvetica Neue Light", "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;font-weight:300;font-size:14px;line-height:1.6;
}
</style>
<div id="fslv2-main">
<?php if($secure->attempts() > 5): ?>
<!-- Show the login form -->
<p>Too many failed attempts, please try again later.</p>
<?php elseif(isset($_GET['forgot_password'])): ?>
<fieldset class="fslv2">
<form method="post" action="#">
<p>
<label for='email'>Email: </label>
<input type='text' name='email' class='input'/>
</p>
<p><input type='submit' name='forgot_password_button' class='button' value='Send!' /></p>
</form>
</fieldset>
<small><a href="index.html">Cancel</a></small>
<?php else: ?>
<fieldset class="fslv2">
<legend><?php echo $secure->site_name(); ?></legend>
<form method="post" action="#">
<p>
<label for='username'>Username: </label>
<input type='text' name='username' class='input'/>
</p>
<p>
<label for='password'>Password: </label>
<input type='password' name='password' class='input'/>
</p>
<p><input type='submit' name='login' class='button' value='Login' /></p>
</form>
</fieldset>
<?php endif; ?>
</div><!-- #fslv2-main -->
<?php exit(); endif; ?>
推荐答案
如果登录后返回主页面,请尝试刷新页面,如果会话设置正确,则刷新后您将自动登录或它将显示您的登录状态,否则会破坏主页中的所有会话吗?我会选择第一个条件,因为这导致了我多次发生,最好在要显示仅注册用户内容的同一页面上显示登录表单,并在登录后迅速将其重定向到同一页面,以便所有会话工作正常,并且在将会话重定向到同一页面时,后退按钮不会造成问题.
If you go back to the main page after logging In, Try refreshing the page, If the session was set correctly then after refreshing you will be logged-In automatically or It will show you logged-In state, Else there would be something destroying all the sessions in main-page? I would go with the first condition, cause that happened to me many times, Its better to show the logIn form at the same page where you want to display registered user only content and after logging-In quickly redirect them to the same page so all the sessions work fine and back button won't create the problem as you redirected them to the same page....
不会影响用户拥有单独页面的用户,因为登录后整个内容将被该用户的内容更改.
It won't effect users having there separate page as whole logIn form will be changed by that users content after logging In.
尝试一下:
if(isset($_SESSION['LOGGED_IN'])){
//User is logged-In check for existence of its name file,
$user = $_SESSION["LOGGED_IN"]."php";
If(file_exists($user)){
//User's named file exists now include it.
include("yourfolder/$user");
}else{
//He was loggedIn in but file wasn't found...
echo"Sorry nothing for you :P";
}
}else{
//Show the logIn form
}
这篇关于PHP-按“后退"按钮后的Session_Destroy的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
