会话变量不起作用? (PHP)
[英]Session variables not working? (PHP)
问题描述
I am having an issue with 2 files: login_config.php and profile.php .
我对 2 个文件有疑问: login_config.php和profile.php 。
- login_config.php consists of a log in system, which sets $_SESSION['key'] true upon the completion of several forms of authentication. login_config.php 包含一个登录系统,它在完成多种形式的身份验证后将 $_SESSION['key'] 设置为 true。
- profile.php is the page the user is redirected to after success. profile.php 是用户成功后重定向到的页面。
I want data on profile.php to only be accessible with $_SESSION['key'] set (upon successful login).我希望 profile.php 上的数据只能通过设置 $_SESSION['key'] 访问(成功登录后)。
My question: What is incorrect with my code?我的问题:我的代码有什么问题? Furthermore, why am I presented with the error upon login submission that is only supposed to return if $_SESSION['key'] is false/not set, as opposed to the targeted profile.php page?此外,为什么我在登录提交时会出现错误,如果 $_SESSION['key'] 为假/未设置,而不是目标 profile.php 页面,则该错误应该返回?
CODE: (login_config.php)代码:(login_config.php)
<?php
// POST VARIABLES
$submit = $_POST['login_submit'];
$username = $_POST['login_username'];
$password = $_POST['login_password'];
$email = $_POST['login_email'];
require 'password_config.php';
if(isset($submit)){
require 'db/connect.php';
// PASSWORD VERIFYING
$pass_query = "SELECT password FROM users WHERE email='$email'";
$queried = mysql_query($pass_query);
while($row = mysql_fetch_array($queried)){
$user_pass = $row['password'];
$veri_password = password_verify($password, $user_pass);
}
if(!$veri_password === true){$errors[] = '-Account does not exist ';}
// CHECKING NUM ROWS
$sql = "SELECT id, username FROM users WHERE password='$user_pass' AND email='$email'";
$entered_user = mysql_query($sql);
$num_rows = mysql_num_rows($entered_user);
// ERRS ARRAY ESTABLISHED
$errors = array();
// FURTHER VERIFYING
if( empty($password) || empty($email) )
{
$errors[] = 'Please do not leave fields empty';
}
elseif( $num_rows != 1 )
{
$errors[] = '-Account does not exist ';
}
elseif( $num_rows == 1 )
{
session_start();
$_SESSION['key'] === true;
while($row = mysql_fetch_array($entered_user)){
$_SESSION['id'] = $row['id'];
$_SESSION['email'] = $email;
$_SESSION['user'] = $row['username'];
$_SESSION['pass'] = $password;
header('Location: profile.php');
exit();
}
}
}
CODE: (profile.php)代码:(profile.php)
<?php
session_start();
if($_SESSION['key'] !== true){
die ("please <a href='login.php'>log in</a> to view this page");
}
?>
<html>
<head>
<title>Profile</title>
<link href='css/main.css' rel='stylesheet' />
</head>
<body>
<div id='container'>
<?php require 'include/header.php'; ?>
<?= 'NJM ID # ==>'.$_SESSION['id'].'<br />'.'Username ==>'.$_SESSION['user'].'<br/>'.'Password ==>'.$_SESSION['pass'].'<br/>'.'<br />' ?>
<a href='logout.php'>Log out!</a>
<br />
-OR-
<br />
<p>Try our beta mode<a href='forum.php'> forum</a></p>
<?php require 'include/footer.php'; ?>
</div>
</body>
</html>
Note: I am aware I am vulnerable to SQL attacks at the current state of code, I will be fixing this later, also I am stuck with the deprecated version of MySQL.注意:我知道在当前的代码状态下我很容易受到 SQL 攻击,我稍后会修复这个问题,我也坚持使用已弃用的 MySQL 版本。
4 个解决方案
解决方案1
4 已采纳 2015-07-12 11:56:03
In profile.php you have to call session_start();在profile.php中你必须调用session_start(); before using $_SESSION .在使用$_SESSION之前。 session_start() doesn't just start a new session, but will also continue an existing session (it will 'start' the session handling functionality, if you will). session_start()不仅会启动一个新会话,还会继续一个现有会话(如果您愿意,它会“启动”会话处理功能)。 Without calling it, you cannot use $_SESSION .如果不调用它,您将无法使用$_SESSION 。
解决方案2
1 2015-07-12 13:01:14
1st: I would use termary operators for checking the existence of the values I need, for avoiding the "undefined index 'login_username'" error.第一:我会使用三元运算符来检查我需要的值是否存在,以避免“未定义索引'login_username'”错误。 Like this:像这样:
$username = isset($_POST['login_username']) ? $_POST['login_username'] : '';
$password = isset($_POST['login_password']) ? $_POST['login_password']) : '';
$email = isset($_POST['login_email']) ? $_POST['login_email'] : '';
2nd: I would use PDO for connecting with the MySQL server, for security reasons, and not only.第二:出于安全原因,我会使用 PDO 连接 MySQL 服务器,而不仅仅是。
session_start();
if (isset($submit)){
// select all data from db for the current user
$st = $db->prepare('SELECT * FROM users WHERE email=?');
$st->execute([$email]);
//$rows = count_rows_here
if($rows == 1){
$row = $stmt->fetch();
if(password_verify($password, $row['pass'])){
$_SESSION['key'] = true; // notice the '=', and not '==='
$_SESSION['id'] = $row['id'];
$_SESSION['email'] = $row['email'];
$_SESSION['user'] = $row['username'];
$_SESSION['pass'] = $row['password'];
header('Location: profile.php');
} else {
echo 'Error!';
}
}
}
解决方案3
0 2015-07-12 12:21:00
I would try first to remove the exit() call after you have headered to the next PHP page.在您转到下一个 PHP 页面后,我会先尝试删除exit()调用。 It isn't necessary as you have no code below it and it might be affecting the session (I don't think so though)没有必要,因为它下面没有代码,它可能会影响会话(但我不这么认为)
If this doesn't work (probably wont) add to profile.php after you have started the session var_dump($_SESSION) and have a look/post its contents.如果这不起作用(可能不会)在您开始会话var_dump($_SESSION)并查看/发布其内容后添加到profile.php 。
解决方案4
0 2015-07-12 12:52:47
I have fixed this by assigning the $_SESSION['key'] a variable with a value.我通过为 $_SESSION['key'] 分配一个具有值的变量来解决此问题。
$_SESSION['key'] = $check = 'check';
Then to test this in profile.php, I have entered the following code:然后在 profile.php 中进行测试,我输入了以下代码:
if(isset(!$_SESSION['key'])){die ('example')}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.