问题描述
我当前正在一个具有登录名(用户名和密码)的网站上工作-密码保护是由Web服务器中的操作系统在操作系统中称为Realm的文件夹级别上进行的.现在,这必须要做,直到我们找出合适的PHP登录系统.
I'm currently working on a site that has a log-in (username and password) - The password protection is done by the operating system within the web server at folder level called a Realm within the OS. For now this will have to do, until we figure out a proper PHP log in system.
下面的代码基于关于堆栈溢出的先前问题.
我正在使用3个文件(请参阅底部的代码段).
I'm using 3 files (See code snippets at the bottom).
过程是:-单击index.php上的登录"按钮-输入用户名和密码以访问身份验证索引文件.-单击引用logout.php文件的注销按钮-应该清除缓存并将用户返回到顶级索引.
The process is:- Click Log In button on index.php- Enter username and password to access authenticate index file.- Click log out button, which references the logout.php file - it SHOULD clear the cache and return the user to the top level index.
从不要求您在提示输入密码时重新输入密码的意义上来说,这并不会破坏会话",这基本上就是我想要发生的情况.
It doesn't 'destroy the session' in the sense that you're not asked to re-enter the password when prompted to, which is essentially what I want to happen.
我对php的最低了解使我在这里有些困惑.
My minimal knowledge of php leaves me a little bit stumped here.
index.php (带有登录按钮的顶级文件)
index.php (top level file with log in button)
<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Test</title>
</head>
<body>
<a href="authenticate/index.php">Log In Btn</a>
</body>
</html>
authenticate/index.php (此文件夹受密码保护-包含带有注销按钮的索引文件,该文件链接到logout.php文件)
authenticate/index.php (This folder is password protected - contains the index file with the log out button which links to the logout.php file)
<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Log out</title>
</head>
<body>
<a href="logout.php">Log Out Btn</a>
</body>
</html>
authenticate/logout.php
<?php
session_start(); //to ensure you are using same session
session_destroy(); //destroy the session
header("location:/index.php"); //to redirect back to "index.php" after logging out
exit();
?>
推荐答案
受密码保护的文件夹与PHP无关无关!
The folder being password protected has nothing to do with PHP!
所使用的方法称为基本身份验证".除了要求用户关闭然后打开浏览器之外,没有跨浏览器的方法可以从中注销".
The method being used is called "Basic Authentication". There are no cross-browser ways to "logout" from it, except to ask the user to close and then open their browser...
这是您可以用PHP代替的方式(在.htaccess
或其中的第一个位置中完全删除Apache基本身份验证):
Here's how you you could do it in PHP instead (fully remove your Apache basic auth in .htaccess
or wherever it is first):
login.php:
login.php:
<?php
session_start();
//change 'valid_username' and 'valid_password' to your desired "correct" username and password
if (! empty($_POST) && $_POST['user'] === 'valid_username' && $_POST['pass'] === 'valid_password')
{
$_SESSION['logged_in'] = true;
header('Location: /index.php');
}
else
{
?>
<form method="POST">
Username: <input name="user" type="text"><br>
Password: <input name="pass" type="text"><br><br>
<input type="submit" value="submit">
</form>
<?php
}
index.php
index.php
<?php
session_start();
if (! empty($_SESSION['logged_in']))
{
?>
<p>here is my super-secret content</p>
<a href='logout.php'>Click here to log out</a>
<?php
}
else
{
echo 'You are not logged in. <a href="login.php">Click here</a> to log in.';
}
logout.php:
logout.php:
<?php
session_start();
session_destroy();
echo 'You have been logged out. <a href="/">Go back</a>';
很明显,这是非常的基本实现.您希望用户名和密码位于数据库中,而不是硬编码的比较中.我只是想让您了解如何进行会议.
Obviously this is a very basic implementation. You'd expect the usernames and passwords to be in a database, not as a hardcoded comparison. I'm just trying to give you an idea of how to do the session thing.
希望这可以帮助您了解发生了什么事情.
Hope this helps you understand what's going on.
这篇关于PHP会话在“注销"按钮上销毁的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!