混淆session codeigniter函数,页面logout()函数不起作用
Confusing the session codeigniter function, the page logout() function doesn't work
我已尝试使用本文https://www.malasngoding.com/membuat-login-dengan-codeigniter/中的 codeigniter 会话,代码如下
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class User extends CI_Controller
{
/**
* Index Page for this controller.
*
* Maps to the following URL
* http://example.com/index.php/welcome
* - or -
* http://example.com/index.php/welcome/index
* - or -
* Since this controller is set as the default controller in
* config/routes.php, it's displayed at http://example.com/
*
* So any other public methods not prefixed with an underscore will
* map to /index.php/welcome/<method_name>
* @see https://codeigniter.com/user_guide/general/urls.html
*/
public function __construct()
{
parent::__construct();
$this->load->helper(array('form', 'url'));
$this->load->model('user_model');
$this->load->library('session');
}
//Login sudah bisa
function action_login()
{
$user_email = $this->input->post('user_email');
$user_password = $this->input->post('user_password');
$wheredatasession = array(
'user_email' => $user_email,
'user_password' => md5($user_password)
);
$cek = $this->user_model->ceklogintolong($wheredatasession)->num_rows();
if ($cek > 0) {
$data_session = array(
'nama' => $user_email,
'status' => "login"
);
$this->session->set_userdata($data_session);
// $this->session->set_userdata($data_session);
// echo "Berhasil";
// print_r($where);
redirect('User/homeinfouser');
} else {
echo "Pass uname salah";
// print_r($where);
}
}
//Login menuju home info sudah bisa http://localhost/webcismppgri/User/homeinfouser
function homeinfouser()
{
// echo "OK Tolong";
// $hasil['print'] = $this->user_model->getinfo();
$hasil['print'] = $this->user_model->getinfo();
// print_r($hasil);
// $judul_user['juduldashboard'] = "Dashboard User";
$this->load->view('templates/sbadmin/header');
// $this->load->view('templates/dashboard/index',$judul_user);
// $this->load->view('templates/dashboard/page _informasi', $judul_user);
$this->load->view('templates/sbadmin/sidebar');
$this->load->view('templates/dashboard/page_informasi', $hasil);
// $this->load->view('templates/sbadmin/footer');
$this->load->view('templates/sbadmin/footer');
// var_dump($hasilview);
// $this->load->view('templates/dashboard/indextesdata',$hasil);
}
//Fungsi Logout
function logout()
{
$this->session->sess_destroy();
redirect('Landing', 'refresh');
}
}
尝试点击导航回到chrome浏览器页面(右箭头导航或前进),仍然可以用之前访问的页面打开,即使我提供了以下代码
// Logout function
function logout ()
{
$ this-> session-> sess_destroy ();
redirect ('Landing', 'refresh');
}
在你的控制器User中,你需要检查是否调用了一个“保留”函数(一个函数,需要用户登录),是否存在一个现有的会话。
在您的示例中,如果您点击后退按钮,您将返回到函数 homeinfouser(),但是由于没有检查有效会话,即使您已注销,它也会被执行。
只需放置一个小代码来检查会话:
function homeinfouser()
{
// no Session, no play
if( !isset($_SESSION['status']) ){
redirect('Landing', 'refresh');
exit();
}
//... your other code
}
旁注:将 md5 用于密码哈希是不好的做法。关于密码散列,请阅读How weak is MD5 as a password hashing function ?
正确的是这样的..
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class User extends CI_Controller
{
/**
* Index Page for this controller.
*
* Maps to the following URL
* http://example.com/index.php/welcome
* - or -
* http://example.com/index.php/welcome/index
* - or -
* Since this controller is set as the default controller in
* config/routes.php, it's displayed at http://example.com/
*
* So any other public methods not prefixed with an underscore will
* map to /index.php/welcome/<method_name>
* @see https://codeigniter.com/user_guide/general/urls.html
*/
public function __construct()
{
parent::__construct();
$this->load->helper(array('form', 'url'));
$this->load->model('user_model');
$this->load->library('session');
if (!$this->session->userdata('status')) {
redirect('Landing','refresh');
}
}
//Login sudah bisa
function action_login()
{
$user_email = $this->input->post('user_email');
$user_password = $this->input->post('user_password');
$wheredatasession = array(
'user_email' => $user_email,
'user_password' => md5($user_password)
);
$cek = $this->user_model->ceklogintolong($wheredatasession)->num_rows();
if ($cek > 0) {
$data_session = array(
'nama' => $user_email,
'status' => "login"
);
$this->session->set_userdata($data_session);
// $this->session->set_userdata($data_session);
// echo "Berhasil";
// print_r($where);
redirect('User/homeinfouser');
} else {
echo "Pass uname salah";
// print_r($where);
}
}
//Login menuju home info sudah bisa http://localhost/webcismppgri/User/homeinfouser
function homeinfouser()
{
// echo "OK Tolong";
// $hasil['print'] = $this->user_model->getinfo();
$hasil['print'] = $this->user_model->getinfo();
// print_r($hasil);
// $judul_user['juduldashboard'] = "Dashboard User";
$this->load->view('templates/sbadmin/header');
// $this->load->view('templates/dashboard/index',$judul_user);
// $this->load->view('templates/dashboard/page _informasi', $judul_user);
$this->load->view('templates/sbadmin/sidebar');
$this->load->view('templates/dashboard/page_informasi', $hasil);
// $this->load->view('templates/sbadmin/footer');
$this->load->view('templates/sbadmin/footer');
// var_dump($hasilview);
// $this->load->view('templates/dashboard/indextesdata',$hasil);
}
//Fungsi Logout
function logout()
{
$this->session->sess_destroy();
redirect('Landing', 'refresh');
}
}
按场景做了,感谢参与
我已尝试使用本文https://www.malasngoding.com/membuat-login-dengan-codeigniter/中的 codeigniter 会话,代码如下
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class User extends CI_Controller
{
/**
* Index Page for this controller.
*
* Maps to the following URL
* http://example.com/index.php/welcome
* - or -
* http://example.com/index.php/welcome/index
* - or -
* Since this controller is set as the default controller in
* config/routes.php, it's displayed at http://example.com/
*
* So any other public methods not prefixed with an underscore will
* map to /index.php/welcome/<method_name>
* @see https://codeigniter.com/user_guide/general/urls.html
*/
public function __construct()
{
parent::__construct();
$this->load->helper(array('form', 'url'));
$this->load->model('user_model');
$this->load->library('session');
}
//Login sudah bisa
function action_login()
{
$user_email = $this->input->post('user_email');
$user_password = $this->input->post('user_password');
$wheredatasession = array(
'user_email' => $user_email,
'user_password' => md5($user_password)
);
$cek = $this->user_model->ceklogintolong($wheredatasession)->num_rows();
if ($cek > 0) {
$data_session = array(
'nama' => $user_email,
'status' => "login"
);
$this->session->set_userdata($data_session);
// $this->session->set_userdata($data_session);
// echo "Berhasil";
// print_r($where);
redirect('User/homeinfouser');
} else {
echo "Pass uname salah";
// print_r($where);
}
}
//Login menuju home info sudah bisa http://localhost/webcismppgri/User/homeinfouser
function homeinfouser()
{
// echo "OK Tolong";
// $hasil['print'] = $this->user_model->getinfo();
$hasil['print'] = $this->user_model->getinfo();
// print_r($hasil);
// $judul_user['juduldashboard'] = "Dashboard User";
$this->load->view('templates/sbadmin/header');
// $this->load->view('templates/dashboard/index',$judul_user);
// $this->load->view('templates/dashboard/page _informasi', $judul_user);
$this->load->view('templates/sbadmin/sidebar');
$this->load->view('templates/dashboard/page_informasi', $hasil);
// $this->load->view('templates/sbadmin/footer');
$this->load->view('templates/sbadmin/footer');
// var_dump($hasilview);
// $this->load->view('templates/dashboard/indextesdata',$hasil);
}
//Fungsi Logout
function logout()
{
$this->session->sess_destroy();
redirect('Landing', 'refresh');
}
}
尝试点击导航回到chrome浏览器页面(右箭头导航或前进),仍然可以用之前访问的页面打开,即使我提供了以下代码
// Logout function
function logout ()
{
$ this-> session-> sess_destroy ();
redirect ('Landing', 'refresh');
}
在你的控制器User中,你需要检查是否调用了一个“保留”函数(一个函数,需要用户登录),是否存在一个现有的会话。
在您的示例中,如果您点击后退按钮,您将返回到函数 homeinfouser(),但是由于没有检查有效会话,即使您已注销,它也会被执行。
只需放置一个小代码来检查会话:
function homeinfouser()
{
// no Session, no play
if( !isset($_SESSION['status']) ){
redirect('Landing', 'refresh');
exit();
}
//... your other code
}
旁注:将 md5 用于密码哈希是不好的做法。关于密码散列,请阅读How weak is MD5 as a password hashing function ?
正确的是这样的..
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class User extends CI_Controller
{
/**
* Index Page for this controller.
*
* Maps to the following URL
* http://example.com/index.php/welcome
* - or -
* http://example.com/index.php/welcome/index
* - or -
* Since this controller is set as the default controller in
* config/routes.php, it's displayed at http://example.com/
*
* So any other public methods not prefixed with an underscore will
* map to /index.php/welcome/<method_name>
* @see https://codeigniter.com/user_guide/general/urls.html
*/
public function __construct()
{
parent::__construct();
$this->load->helper(array('form', 'url'));
$this->load->model('user_model');
$this->load->library('session');
if (!$this->session->userdata('status')) {
redirect('Landing','refresh');
}
}
//Login sudah bisa
function action_login()
{
$user_email = $this->input->post('user_email');
$user_password = $this->input->post('user_password');
$wheredatasession = array(
'user_email' => $user_email,
'user_password' => md5($user_password)
);
$cek = $this->user_model->ceklogintolong($wheredatasession)->num_rows();
if ($cek > 0) {
$data_session = array(
'nama' => $user_email,
'status' => "login"
);
$this->session->set_userdata($data_session);
// $this->session->set_userdata($data_session);
// echo "Berhasil";
// print_r($where);
redirect('User/homeinfouser');
} else {
echo "Pass uname salah";
// print_r($where);
}
}
//Login menuju home info sudah bisa http://localhost/webcismppgri/User/homeinfouser
function homeinfouser()
{
// echo "OK Tolong";
// $hasil['print'] = $this->user_model->getinfo();
$hasil['print'] = $this->user_model->getinfo();
// print_r($hasil);
// $judul_user['juduldashboard'] = "Dashboard User";
$this->load->view('templates/sbadmin/header');
// $this->load->view('templates/dashboard/index',$judul_user);
// $this->load->view('templates/dashboard/page _informasi', $judul_user);
$this->load->view('templates/sbadmin/sidebar');
$this->load->view('templates/dashboard/page_informasi', $hasil);
// $this->load->view('templates/sbadmin/footer');
$this->load->view('templates/sbadmin/footer');
// var_dump($hasilview);
// $this->load->view('templates/dashboard/indextesdata',$hasil);
}
//Fungsi Logout
function logout()
{
$this->session->sess_destroy();
redirect('Landing', 'refresh');
}
}
按场景做了,感谢参与