PHP:HTTP Basic - 注销 [英] PHP: HTTP Basic - Log off
问题描述
我想设置它,如果有人发送请求注销,它会自动将他们带到一个成功注销的页面。如果客户试图按下后退按钮或转到限制区域,它将再次请求HTTP身份验证。
I would to set it up where if someone sends in a request "logout" it will automatically take them to a page saying "successful log out". If the customer tries to press the back button or go to the restricted area, it will ask for HTTP auth again.
到目前为止我所拥有的是:
What I have so far is this:
example.com/restricted/index.php:
example.com/restricted/index.php:
<?php
session_start();
if(isset($_GET['logout']))
{
unset($_SESSION["login"]);
header("location: ../logout.php");
exit;
}
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || !isset($_SESSION["login"]))
{
header("HTTP/1.0 401 Unauthorized");
header("WWW-authenticate: Basic realm=\"Tets\"");
header("Content-type: text/html");
$_SESSION["login"] = true;
// Print HTML that a password is required
exit;
}
?>
// The rest of the page is then displayed like normal
用户成功访问 example.com/logout.php 如果访问 example.com/restricted/index.php?logout 。当用户尝试返回时,随机事情会发生,有时它会要求两次HTTP身份验证(???),有时它会继续要求在循环中进行身份验证(?),有时它会让我回去,就好像我从未退出。
The user successful visits example.com/logout.php if example.com/restricted/index.php?logout is accessed. When the user tries to go back however random things happen, sometimes it will ask for HTTP authentication twice (???) , sometimes it will keep asking for authentication in a loop (?) and sometimes it will let me go right back as if I never logged out.
我对会话的工作方式不熟悉,但我的理解是这样的:如果/当人员被验证时,它会在其会话中存储一个名为login的变量值为true ...如果每次获取带有注销的GET请求,它将删除该会话变量并返回logout.php ...为什么当我点击返回索引时它会让我如果没有设置会话[登录],则返回而不要求身份验证。
I am new to how sessions work but my understanding is this: If/when the person is validated, it stores a variable in it's session called login with a value of true... if it every gets a GET request with logout, it will then delete that session variable and go back to logout.php... Why is it then when I click back to the index will it let me back in without asking for authentication, when session[login] is supposedly not set.
对此PHP代码的任何改进都表示赞赏。我知道我不应该使用HTTP Basic并且应该包含SQL,但是meh。这是一个临时解决方案。
Any improvement to this PHP code is appreciated. I know I shouldn't use HTTP Basic and should incorporate SQL, but meh. This is a temporary solution.
编辑:如果包含带有说明的示例,我将接受MySQL的解决方案。我没有MySQL或PHP数据库知识(还)
I will accept a solution with MySQL if an example with instructions are included. I have no MySQL or PHP database knowledge (yet)
推荐答案
一个粗略的想法让你开始:
A rough idea to start you:
<?php
session_start();
if( isset( $_GET['logout'] ) )
{
session_destroy();
header('Location: ../logout.php');
exit;
}
if( !isset( $_SESSION['login'] ) )
{
if( !isset( $_SERVER['PHP_AUTH_USER'] ) || !isset( $_SERVER['PHP_AUTH_PW'] ) )
{
header("HTTP/1.0 401 Unauthorized");
header("WWW-authenticate: Basic realm=\"Tets\"");
header("Content-type: text/html");
// Print HTML that a password is required
exit;
}
else
{
// Validate the $_SERVER['PHP_AUTH_USER'] & $_SERVER['PHP_AUTH_PW']
if( $_SERVER['PHP_AUTH_USER']!='TheUsername'
|| $_SERVER['PHP_AUTH_PW']!='ThePassword' )
{
// Invalid: 401 Error & Exit
header("HTTP/1.0 401 Unauthorized");
header("WWW-authenticate: Basic realm=\"Tets\"");
header("Content-type: text/html");
// Print HTML that a username or password is not valid
exit;
}
else
{
// Valid
$_SESSION['login']=true;
}
}
}
?>
// The rest of the page is then displayed like normal
这篇关于PHP:HTTP Basic - 注销的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
