登录脚本PHP上的重定向循环
[英]Redirect loop on login script PHP
问题描述
I have a login system that whenever the user logs succesfully creates some cookies with his username password and some other variables that are put in the url for configuration of the session: 
我有一个登录系统,每当用户成功登录时,都会使用其用户名密码创建一些cookie,并在URL中放置一些其他变量以配置会话:
setcookie("username", $myusername); //Sets a cookie storing the username
setcookie("password", $mypassword); //Sets a cookie storing the encrypted value of the password
setcookie("typeOfUser",$type); //example variable
and the variables are passed through the URL: 变量通过URL传递:
header("location:http://www.example.com/logged.php?type=".$type);
inside the logged.php page I have a file called protect.php which checks whether the cookies exist and what kind of user is it. 在logging.php页面中,我有一个名为protect.php的文件,该文件检查cookie是否存在以及它是哪种类型的用户。
if(isset($_COOKIE["username"])&&isset($_COOKIE["password"])){
//check if this user's cookies exist on the DB
$user = $_COOKIE["username"];
$pass = $_COOKIE["password"];
$sql="SELECT * FROM USERS WHERE Usr='".$user."' and Pass='".$pass."';";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
if($count==1){
$type = $_COOKIE["type"];
header("location:logged.php?type=".$type);
exit();
}
else{
header("location:http://www.example.com/login.php");
}
}
so if the user just types www.example.com/logged.php he/she will get the variables associated with his user, but whenever I do this I get a redirect loop on the site. 因此,如果用户仅键入www.example.com/logged.php,他/她将获得与其用户相关联的变量,但是每当我这样做时,都会在网站上获得重定向循环。 (It seems to me a little bit obvious that it redirects cause each time it goes to the header("location... it restarts and at the top it checks the protect.php... but I can't figure out a way to solve this). (在我看来,它每次重定向到标头时都会重定向,原因是“(位置...它重新启动,并在顶部检查protect.php。。。但是我找不到一种方法解决这个问题)。
Note logged.php just has at the top an: 注意logging.php仅在顶部具有:
include("protect.php");
Thanks in advance! 提前致谢!
1 个解决方案
解决方案1
4 已采纳 2014-10-14 03:54:17
The reason that this script loops infinitely is based in the logic: 该脚本无限循环的原因基于逻辑:
if($count==1){
header("location:logged.php?type=".$type);
}
else{
header("location:http://www.example.com/login.php");
}
Regardless of the value of $count at this point, your script will send a location header. 无论此时$count的值如何,您的脚本都会发送一个位置标头。 In other words, the browser is receiving a redirect either way, whether $count is equal to 1 or not. 换句话说,无论$count是否等于1,浏览器都将接收重定向。
if(isset($_COOKIE["username"])&&isset($_COOKIE["password"])){
In combination with this line, your loop is defined. 结合此行,可以定义您的循环。 This evaluates to true if the user has these cookies defined, which happens when they are logging in for the first time, or have already logged in. If they are logged in, their username and password must be valid, and $count will end up as 1, because they are in the database. 如果用户定义了这些cookie(在首次登录或已经登录时会发生),则结果为true 。如果已登录,则其用户名和密码必须有效,并且$count将终止为1,因为它们在数据库中。
In short, every time the user goes to logged.php after they are logged in, this script is run because they have the appropriate cookies and they are directed, again, to "logged.php?type=."$type" (over and over again) because they are a valid user and present in the database. 简而言之,每当用户登录后每次访问logged.php时,都会运行此脚本,因为它们具有适当的cookie,并且它们又被定向到"logged.php?type=."$type" (一遍又一遍),因为它们是有效用户并且存在于数据库中。
To fix this, you'll want to stop header("location:logged.php?type=".$type); 要解决此问题,您将需要停止header("location:logged.php?type=".$type); from running every time protect.php is run. 每次运行protect.php时都protect.php运行。 This is the essence of your problem. 这是您问题的本质。 You can fix this however you like, but I would do it with sessions. 您可以根据自己的喜好解决此问题,但我会在会话中解决。
Check out this tutorial to learn how to implement sessions in your logins script. 查看本教程 ,了解如何在登录脚本中实现会话。
You already have three cookies: username , password , and typeOfUser . 您已经有了三个cookie: username , password和typeOfUser 。 The system you have works fine, but most authentication scripts use sessions, accessible like cookies ($_COOKIE['foo']), but with the $_SESSION variable instead. 您拥有的系统运行良好,但是大多数身份验证脚本都使用会话,可以通过cookie($ _COOKIE ['foo'])进行访问,但是使用$ _SESSION变量。 The advantage to using session is that the values you store in them are not available to anyone but scripts on your server/site, to view, or to edit. 使用会话的优势在于,您存储在其中的值仅对服务器/站点上的脚本,查看或编辑而言不可用于任何人。 In general, the less information you expose to the user, the better. 通常,向用户公开的信息越少越好。 If you need clarification, check out this StackOverflow post or the basic examples on the PHP website . 如果需要澄清,请查看此StackOverflow帖子或PHP网站上的基本示例。
One more thing to point out is in your script, if(isset($_COOKIE["username"])&&isset($_COOKIE["password"])){ has no else statement. 需要指出的另一点是,脚本中if(isset($_COOKIE["username"])&&isset($_COOKIE["password"])){没有else语句。 If one or both of these cookies are not defined, no code will be executed, and what I am assuming is a protected page will be displayed publicly. 如果未定义这些cookie中的一个或两个,则不会执行任何代码,而我假设是受保护的页面将公开显示。 You may want to add an else statement, something along the lines of: 您可能需要添加else语句,类似以下内容:
else{
header("location:http://www.example.com/login.php");
}
Hope you're able to make this functional and awesome! 希望您能够使它功能强大!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.