小贝子编程

登录页面有问题



处理提交的数据后,我的签名脚本将用户重定向回索引页。问题是,在我的索引页,我不能检查用户是否登录或没有。我插入:

if (isset($_SESSION['id'])) 
{echo $_SESSION['id']; die();}

放在索引页的开头,以便检查。但是它不回显任何东西。
我的签名脚本看起来像这样:

<?php
include '../includes/common.php';
$page='signin';
$err = array();
foreach($_GET as $key => $value) {
    $get[$key] = filter($value);
}
if ($_POST['dologin']=='Daxil ol') {
    foreach($_POST as $key => $value) {
        $data[$key] = filter($value);
    }
    $login = $data['login'];
    $pass = $data['pwd'];

    if (strpos($login,'@') === false) {
        $user_cond = "login='$login'";
    } else {
        $user_cond="email='$login'";
    }
    $result = $db->query("SELECT `id`,`pwd`,`fname`,`lname`,`approved`,`type`,`level` FROM users WHERE $user_cond AND `ban` = '0'") or die($db->error());
    $num = $result->num_rows;
    if ($num > 0 ) {
        list($id,$pwd,$fname,$lname,$approved, $type, $level) = $result->fetch_row();
        if (!$approved) {
            $err[] = 6;
        }
        if ($pwd === PwdHash($pass,substr($pwd,0,9))) {
            if (empty($err)) {
                session_start();
                session_regenerate_id(true);
                $_SESSION['id']= $id;
                $_SESSION['fname'] = $fname;
                $_SESSION['lname'] = $lname;
                $_SESSION['type'] = $type;
                $_SESSION['level'] = $level;
                $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
                $stamp = time();
                $ckey = GenKey();
                $db->query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die($db->error());
                //set a cookie
                if (isset($_POST['remember'])) {
                    setcookie("id", $_SESSION['id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                    setcookie("key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
                    setcookie("fname",$_SESSION['fname'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                }
                header("Location: ../../../index.php");
            }
        } else {
            $err[] = 7;
        }
    } else {
        $err[] = 8;
    }
    if (!empty($err)) {
    include "../includes/error.php";
    }
} 
?>

检查php错误日志。没有错误。也检查了MySql数据库表。它设置ctime和key。签名部分是有效的(我认为)。过滤器函数来自common.php(用于过滤post数据)

您需要启动会话(甚至在向页面发送任何标头之前)。你还需要在需要会话数据的每个页面上启动会话,除非你将会话自动启动指令设置为true

<?php
session_start();
//$_SESSION data available here!
?>
<html>...
<?
   //other php code
   //$_SESSION data available here!
?>
...</html>

看起来您在两个文件的开头都缺少session_start()

如果这个函数调用不存在,PHP不会传递会话信息。把这个调用放在文件的第一个部分是一个很好的做法。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium