问题
I am creating a webpage bit by bit, testing parts of the webpage ideas. I want to learn how to session protect a page. I have already password protected a page seccsesfully, but anybody can access the page by typing in the url. i want to session protect my page so no one can do that. i have three pages: index.html, which has the form which sends the the password.php, the password.php, which makes sure that the password and username are correct using "if statments"(here is the "if statment")
if ($username == 'mgmb99'){
if ($password == 'mgmb91mas'){
header('Location: youhere.php');
} else {
echo 'your username or password is wrong.<a href="http://www.passwordtest.comze.com"> go back to login page </a>';
}} else {
echo 'your username or password is wrong.<a href="http://www.passwordtest.comze.com"> go back to login page </a>';
};
, and the youhere.php which is the page once you logged in.
回答1:
$_SESSION['connect']=0;
Sets the connect value in session to be 0.
Currently this check:
if((!$_SESSION['connect']))
Will always return true because if $_SESSION['connect'] is unset then !$_SESSION['connect'] will be true. Likewise if(!0) will be true.
Try setting $_SESSION['connect'] to true or 1 or the like or, alternatively, change the check to be:
if(!array_key_exists('connect',$_SESSION))
回答2:
( ! $_SESSION['connect'] ) will is true when the session variable isn't set but also when it is set to 0. So if you want to protect youhere.php, you need to assign another value and check for it.
Also session_destroy() will delete all session variables, so you login, you go to youhere.php but if you refresh the site, you will instantly be logged out
回答3:
There is a plethora of information on Sessions on the PHP website. http://www.php.net/manual/en/intro.session.php
Here's an example with storing and killing session variables. http://www.php.net/manual/en/session.examples.basic.php
To set a Session var:
<?php
session_start();
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
} else {
$_SESSION['count']++;
}
?>
To kill the session var:
<?php
session_start();
unset($_SESSION['count']);
?>
来源:https://stackoverflow.com/questions/15673252/session-protection