[英]PHP Sessions issues on different environments
我正在通過會話傳遞用戶變量。 它在localhost上可以正常工作,但是一旦在Web服務器上它就會做一些奇怪的事情。
登錄后,會話變量將按預期工作.....直到您單擊大約三頁,然后突然變成POOF!
注意“ Welcome, jordan.
”,而不是“ Welcome, .
”,也是左上角。
會話功能: http : //imageshack.us/photo/my-images/32/loggedins.png/
會議POOF! http://imageshack.us/photo/my-images/515/loggedinno.png/
登錄/創建會話變量代碼:
<?php
include_once 'gtheader.php';
if (!isset($_SESSION['user']))
{
if (isset($_POST['user']))
{
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if (preg_match($txtMatch,$user))
{
if ($user == "" || $pass == "")
{
$error = "Please enter all required fields";
}
else
{
$query = "SELECT * FROM gtmembers WHERE user='$user'";
$result = queryMysql($query);
$rank = mysql_result($result, 0, 'rank');
if (!mysql_num_rows($result))
{
$error = "Username does not exist.";
}
else
{
$getPass = mysql_result($result, 0, 'pass');
$salt = substr($getPass, 0, 64);
$hash = $salt . $pass;
for ($i = 0; $i < 100000; $i++)
{
$hash = hash('sha256', $hash);
}
$hash = $salt . $hash;
if ($hash == $getPass)
{
if ($rank != "Banned")
{
$userLow = strtolower($user);
$_SESSION['user'] = $userLow;
$_SESSION['rank'] = $rank;
echo <<<_END
<script type="text/javascript">
window.location.href='index.php';
</script>
_END;
echo "Successfully logged in. Click <a href='index.php'>here</a> to continue.";
}
標題代碼:
<?php //gtheader.php
session_start();
include_once 'gtfunctions.php';
$loggedIn = FALSE;
if (isset($_SESSION['user']))
{
$user = $_SESSION['user'];
if ($user) echo "Current User: $user<br />";
else echo "Current User: None<br />";
$rank = $_SESSION['rank'];
$loggedIn = TRUE;
echo "is set SESSION['user']? Yes";
}
else echo "is set SESSION['user']? No";
echo "<div id='header'><a class='header' href='index.php'> <h1 id='headerTitle'>$appname</h1></a>";
if ($loggedIn == TRUE)
{
$query = "SELECT * FROM gtmessages WHERE recip='$user' AND status='0'";
$result = queryMysql($query);
if (mysql_num_rows($result) == 0) $num = "";
else $num = "[".mysql_num_rows($result)."]";
if ($rank == 'Owner' || $rank == 'Admin')
{
echo "Welcome, <a class='header' href='gtmembers.php?view=$user'>$user</a><a class='header' href='gtmessage.php'>$num</a>. [<a class='header' href='gtlogout.php'>Logout</a>] | <a class='header' href='gtadmin.php'>Admin</a><br />";
}
else
{
echo "Welcome, <a class='header' href='gtmembers.php?view=$user'>$user</a><a class='header' href='gtmessage.php'>$num</a>. [<a class='header' href='gtlogout.php'>Logout</a>]<br />";
}
}
?>
即使數組為空, isset()也會為數組返回true。
您應該改用!empty() 。
更新還請確保將服務器配置為以相同方式存儲變量。
更新2
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
include_once 'gtheader.php';
if (empty($_SESSION['user'])){
if (!empty($_POST['user'])){
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if (preg_match($txtMatch,$user)){
if (empty($user) || empty($pass)){
$error = "Please enter all required fields";
}else{
$query = "SELECT * FROM gtmembers WHERE user='".mysql_real_escape_string($user)."'";
$result = queryMysql($query);
$rank = mysql_result($result, 0, 'rank');
}
}
if (!mysql_num_rows($result)){
$error = "Username does not exist.";
}else{
$getPass = mysql_result($result, 0, 'pass');
$salt = substr($getPass, 0, 64);
$hash = $salt . $pass;
for ($i = 0; $i < 100000; $i++){
$hash = hash('sha256', $hash);
}
$hash = $salt . $hash;
if ($hash == $getPass){
if ($rank !== "Banned"){
$userLow = strtolower($user);
$_SESSION['user'] = $userLow;
$_SESSION['rank'] = $rank;
echo "<script type=\"text/javascript\">window.location.href='index.php';</script>";
echo "Successfully logged in. Click <a href='index.php'>here</a> to continue.";
}
}
}
}
}
?>
gtheader.php
<?php //gtheader.php
session_start();
error_reporting(E_ALL);
ini_set("display_errors", 1);
include_once 'gtfunctions.php';
$loggedIn = FALSE;
if(session_id() == "")
{ session_start(); }
if(empty($_REQUEST['PHPSESSID'])){
$session_id = session_id();
} else {
$session_id = $_REQUEST['PHPSESSID'];
}
if (!empty($_SESSION['user'])){
//This is not safe at all. Someone could change the user to %
$user = $_SESSION['user'];
echo "Current User: $user<br />";
//This is not safe either. Someone could change their rank to Admin.
$rank = $_SESSION['rank'];
$loggedIn = TRUE;
echo "is set SESSION['user']? Yes";
} else {
$user = '';
$rank = '';
echo "is set SESSION['user']? No";
}
echo "<div id='header'><a class='header' href='index.php'> <h1 id='headerTitle'>$appname</h1></a>";
if ($loggedIn == TRUE){
//without filtering, someone could set the user to % which would return everyone from the DB.
$query = "SELECT * FROM gtmessages WHERE recip='".mysql_real_escape_string($user)."' AND status='0'";
//This is not a standard function so we're assuming it's set in gtfunctions.php
$result = queryMysql($query);
//Here you're only checking if this is set, not how many
if (empty(mysql_num_rows($result))){
$num = "";} else {
//If they trick your SQL statement into returning more than one...
$num = "[".mysql_num_rows($result)."]";
}
if ($rank == 'Owner' || $rank == 'Admin')
{
echo "Welcome, <a class='header' href='gtmembers.php?view=$user'>$user</a><a class='header' href='gtmessage.php'>$num</a>. [<a class='header' href='gtlogout.php'>Logout</a>] | <a class='header' href='gtadmin.php'>Admin</a><br />";
} else {
echo "Welcome, <a class='header' href='gtmembers.php?view=$user'>$user</a><a class='header' href='gtmessage.php'>$num</a>. [<a class='header' href='gtlogout.php'>Logout</a>]<br />";
}
}
?>
您將需要在Firefox中使用諸如Firebug之類的東西來檢查標題,並查看它是否將cookie傳遞給您用於會話,或者會話是否僅存儲在服務器端。 同樣,如果會話是通過GET變量傳遞的。
對用戶提供的信息(例如會話)有很多盲目信任。 有人可能會劫持會話或欺騙更高的用戶名或等級。 在代碼中沒有檢查以查看是否正確設置了用戶等級。
我在gtheader下清理了一些SQL東西。 再次,人們對直接傳遞給SQL的內容缺乏信任。 如果執行查詢的SQL用戶具有對表的寫訪問權,那么您可能會遭受注入攻擊。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.