ブラウザの戻るボタンに問題があります。ユーザーが[ログアウト]を押すと、セッションとCookieを破棄する必要があります。私は次のコードを書きました:
index.php
<!DOCTYPE html>
<html lang="en">
<head>
<script type="text/javascript">
function disablebackbutton(){
window.history.forward();
}
disablebackbutton();
</script>
</head>
<body>
<form name="loginform" method="post" action="<?php echo __PROJECT_LINK__; ?>/php/login_exec.php">
<div class="modal-body">
<div class="form-horizontal">
<div class="form-group">
<label class="control-label">
<?php
if( isset($_SESSION['ERRMsg_ARR']) && is_array($_SESSION['ERRMsg_ARR']) && count($_SESSION['ERRMsg_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMsg_ARR'] as $msg) {
echo '<span class="label label-warning" style="margin-left: 5px;">',$msg,'</span>';
}
echo '</ul>';
unset($_SESSION['ERRMsg_ARR']);
}
?>
</label>
</div>
<div class="subnav subnav-fixed nav navbar" style="margin-top: 10px; margin-right: 10px; margin-left: 10px;">
<ul class="nav nav-pills">
<li style="margin-top: 10px;">
<span class="label label-default" style="margin-left: 22px;">Username</span>
<input type="text" id="inputUserName" name="username" placeholder="Username" style="margin-left: 5px;">
</li>
<li style="margin-top: 10px;">
<span class="label label-default" style="margin-left: 22px;">Password</span>
<input type="password" id="inputPassword" name="password" placeholder="Password" style="margin-left: 5px;">
</li>
<li style="margin-top: 10px; margin-bottom: 10px;">
</li>
</ul>
</div>
</div>
</div>
<div class="modal-footer">
<!--?php $this->btnLogLogin->Render();?-->
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
<button type="submit" class="btn btn-primary">Sign In</button>
</div>
</form>
</body>
</html>
login_exec.php
<?php
//Start session
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
//Include database connection details
require_once('connection.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
if(isset($_POST['username']))
{
//Sanitize the POST values
$username = ($_POST['username']);
$password = ($_POST['password']);
//Input Validations
if($username == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag==true) {
$_SESSION['ERRMsg_ARR'] = $errmsg_arr;
session_write_close();
header("location:../index.php");
exit();
}
//Create query
$qry="SELECT * FROM admin WHERE user_name='$username' AND password='$password'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result)) {
while($row = mysql_fetch_array($result))
{
if($row['User_Status']=="Active"){
$expire=time()+60*60*24*30; //1month
setcookie("User_id", $row['User_id'], $expire);
$name = $row['full_name'];
$parts = explode(" ", $name);
$lastname = array_pop($parts);
$firstname = implode(" ", $parts);
$_SESSION['USER'] = $firstname;
$_SESSION['UID'] = $row['User_id'];
$_SESSION['URights'] = $row['Rights'];
header("location:../welcome.php");
}
else{
$errmsg_arr[] = 'User Status is Block. Please contact your Administrator.';
$errflag = true;
if($errflag) {
$_SESSION['ERRMsg_ARR'] = $errmsg_arr;
session_write_close();
header("location: ../index.php");
exit();
}
}
}
}
else {
//Login failed
$errmsg_arr[] = 'Username and Password not found';
$errflag = true;
if($errflag) {
$_SESSION['ERRMsg_ARR'] = $errmsg_arr;
session_write_close();
header("location: ../index.php");
exit();
}
}
}else {
die("Query failed");
}
}
?>
welcome.php
<?php include 'qcubed.inc.php'; ?>
<?php
$User_Name = $_SESSION['USER'];
?>
<html>
<head>
<title>Welcome</title>
</head>
<body>
<h1>Welcome <?php echo $User_Name; ?></h1>
<h2><a href = "<?php echo __PROJECT_LINK__; ?>/Info.php">Info</a></h2>
<h2><a href = "<?php echo __PROJECT_LINK__; ?>/php/logout.php">Sign Out</a></h2>
</body>
</html>
Info.php
<?php include '../../qcubed.inc.php';?>
<!DOCTYPE html>
<html lang="en">
<head>
<title><?php echo __PROJECT_TITLE__; ?> - Full Info</title>
<script type="text/javascript">
function disablebackbutton(){
window.history.forward();
}
disablebackbutton();
</script>
</head>
<?php
if(isset($_SESSION['UID']) && $_SESSION['UID'] != "")
{
//Task to do
$User_Name = $_SESSION['USER'];
?>
<body>
<h1>Info about <?php echo $User_Name; ?></h1>
<h2><a href = "<?php echo __PROJECT_LINK__; ?>/php/logout.php">Sign Out</a></h2>
</body>
<?php
}
else{
//redirect URL
?>
<script>
alert('You must Login first.');
window.location.href='../../index.php';
</script>";
<?php
exit();
}
?>
</html>
logout.php
<?php
//session_write_close();
session_start(); # NOTE THE SESSION START
$expire=time()-60*60*24*30; //1month
if(isset($_COOKIE['User_id'])):
setcookie('User_id', '', $expire, '/');
endif;
unset($_SESSION['UID']);
unset($_SESSION['USER']);
unset($_SESSION['URights']);
unset($_SESSION['UReg']);
$_SESSION = array();
foreach(array_keys($_SESSION) as $k) unset($_SESSION[$k]);
session_unset();
session_destroy();
header("location: ../index.php");
exit(); # NOTE THE EXIT
?>
Info.phpからログアウトを押した後、ブラウザの戻るボタンを押すと、Info.phpページに以前のログインユーザーページとセッションユーザー名が表示されますが、すべてのページのヘッドセクションで次のJavaScriptを使用すると、すべてが無効になります。ログイン時のブラウザ戻るボタンも。
<script type="text/javascript">
function disablebackbutton(){
window.history.forward();
}
disablebackbutton();
</script>
ログアウトしてからブラウザの戻るボタンを無効にしたい。私を助けてください。
ついに私は私の問題を解決しました..... :-)私はこの次のコードをで使用します
logout.php
<html>
<head>
<script type = "text/javascript" >
window.history.forward();
function preventBack() { window.history.forward(1); }
setTimeout("preventBack()", 0);
window.onunload = function () { null };
</script>
</head>
<body onload="preventBack();" onpageshow="if (event.persisted) preventBack();" onunload="">
Please Wait..
<?php
session_start(); # NOTE THE SESSION START
$expire=time()-60*60*24*30; //1month
if(isset($_COOKIE['User_id'])){
setcookie('User_id', '', $expire);
}
unset($_SESSION['UID']);
unset($_SESSION['USER']);
unset($_SESSION['URights']);
unset($_SESSION['UReg']);
$_SESSION = array();
foreach(array_keys($_SESSION) as $k) unset($_SESSION[$k]);
session_unset();
session_destroy();
header("Refresh: 2;url=../index.php");
?>
</body>
</html>
これで、ログアウト後にブラウザの戻るボタンを使用してセッションを破棄することを回避できます。貴重なご支援ありがとうございました...
この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。
侵害の場合は、連絡してください[email protected]
コメントを追加