[英]PHP Session between pages behaving erratically
我的网站上有一个“登录”页面,由“登录操作”脚本处理,成功后重定向到“发布”页面。 “发布”页面具有用于发布各种类型的内容的链接,例如“发布音频”。 “ post”页面可以正常工作,因为它可以显示用户名(如果已通过身份验证),但是从那以后就很麻烦:如果经过身份验证的用户单击“ post-audio”,则以某种方式将其注销,然后将其重定向到登录页面。 但是,过了一段时间,(或者如果我在“后音频”脚本中进行了更改并撤消了更改),它又可以正常工作了。 它让我发疯。 你能帮我吗?
login-act.php:
<? ob_start();//Start buffer output ?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="mystyle-a.css">
<title>BQuotes CMS: User Generated Content: Login Notification</title>
</head>
<body class='center'>
<?php
session_start();
if(isset($_POST["captcha"])&&$_POST["captcha"]!=""&&$_SESSION["code"]==$_POST["captcha"])
{
// echo "<font color='green'>Correct Code Entered";
//Do req
$host="host"; // Host name
$username="user"; // Mysql username
$password="password"; // Mysql password
$db_name="db"; // Database name
$tbl_name="table"; // Table name
$tbl_name2="table2"; // Table name 2
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Get values from form
$myusername=mysql_real_escape_string($_POST['myusername']);
$mypassword=mysql_real_escape_string($_POST['mypassword']);
// Validate the login
$sql2="SELECT * FROM $tbl_name2 WHERE username='$myusername' and password='$mypassword'";
$result2=mysql_query($sql2);
$count=mysql_num_rows($result2);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
{
session_start();
$_SESSION['myusername'] = $myusername;
header ("Location: mybq-post.php");
}
else {
echo "<div class='center2'><font color='red'>Invalid Login Details. Not Logged In.</div>";
echo "<br>";
echo "<div class='center2'><font color='red'>Please go back and try again.</div>";
echo "<br>";
echo "<div class='center2'><a href='mybq-login.php'>Back</a></div>";
}
}
else {
echo "<div class='center2'><font color='red'>Wrong Captcha. Not Logged In.</div>";
echo "<br>";
echo "<div class='center2'><font color='red'>Please go back and try again.</div>";
echo "<br>";
echo "<div class='center2'><a href='mybq-login.php'>Back</a></div>";
}
?>
<?php
// close connection
//mysql_close();
?>
</body> </html>
<? ob_flush();//Flush buffer output ?>
post.php:
<?php
session_start();
if (!(isset($_SESSION['myusername']) && $_SESSION['myusername'] != '')) {
header ("Location: mybq-login.php");
}
if ($_SESSION['timeout'] + 10 * 60 < time()) {
// session timed out
session_destroy();
//header("Location: mybq-logout.php");
}
$_SESSION['timeout'] = time();
echo "<body class='left'><header><a href='mybq-logout.php'>Logout</a></header></body>" . $_SESSION['myusername'];
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="mystyle-a.css">
<title>BQuotes CMS: User Generated Content: Post Index</title>
</head>
<body class='center'>
<div class='center2'>
<b>MyBQuotes Post</b><br>
<a href='mybq-post-txt.php'>Post Text</a> <a href='mybq-post-img.php'>Post Image</a><br>
<a href='mybq-post-audio.php'>Post Audio</a> <a href='mybq-post-video.php'>Post Video<br>
<a href='index.php'>CMS Index</a> <a href='mybq-index.php'>MyBQuotes Main</a><br>
<font size="0.5px;" color="red"><b>Disclaimer: </b>Poster solely responsible for posted content!
</div>
</body> </html>
post-audio.php:
<?php
session_start();
if (!(isset($_SESSION['myusername']) && $_SESSION['myusername'] != '')) {
header ("Location: mybq-login.php");
}
if ($_SESSION['timeout'] + 10 * 60 < time()) {
// session timed out
session_destroy();
//header("Location: mybq-logout.php");
}
$_SESSION['timeout'] = time();
echo "<body class='left'><header><a href='mybq-logout.php'>Logout</a></header></body>" . $_SESSION['myusername'];
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="mystyle-a.css">
<title>BQuotes CMS: User Generated Content: Post Audio</title>
</head>
<div class='center2'>
<body class='center'>
<b>MyBQuotes Post Audio:</b><br>
<font size=2>Allowed File Type: MP3<br />
Max File Size: 8MB</p>
<form name=mybq-post-audio action="mybq-post-audio-act.php" method="post" enctype="multipart/form-data">
<!--
Username:<br />
<input type="text" size="25" name="myusername" /><br />
Password:<br />
<input type="password" size="25" name="mypassword" /><br />
-->
Audio:<br />
<input type="file" name="audio" id="myaudio" /><br />
Tag:<br />
<input type="text" size="25" name="mytag" /><br />
Enter Image Text:<br />
<input name="captcha" type="text">
<img src="captcha.php" /><br>
<input type="submit" value="Post" /><br />
</form>
<a href="forg-pass.htm"><div class='tagtext'>Forgot Login details?</a>
<br />
<a href="index.php">CMS Index</a> <a href="mybq-post.php">MyBQuotes Post</a>
</div>
</body> </html>
任何帮助表示赞赏。 (我知道我的某些代码已被弃用……我正在努力:))
在您的登录表单( login-act.php
)中,您没有设置$_SESSION['timeout']
因此,当您访问post.php
页面时,检查$_SESSION['timeout'] + 10 * 60 < time()
为始终为true, session_destroy()
破坏您的会话。
解决方案是在login-act.php
脚本中添加设置超时的行,即:
session_start();
$_SESSION['myusername'] = $myusername;
$_SESSION['timeout'] = time();
也要始终在任何重定向后exit
,如果您不退出,尽管浏览器将重定向,导致服务器告诉他,脚本仍将继续在服务器中执行,从而使您的代码处于打开状态,难以利用漏洞和奇怪的行为进行调试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.