会话开始和停止错误 PHP

【问题标题】:Session Start and Stop Error Php会话开始和停止错误 PHP
【发布时间】:2012-01-01 18:01:55
【问题描述】:

Index.php

<?php
session_start();
require_once('../inc/db/dbc.php');
include('login_helper.php'); 
?>

<!--

html form

-->

Login/Logout Links depending on session state:
<?php 
    if($_SESSION['valid'] == 1){
        echo "<a href='logout.php'>Logout</a>";
        echo 'userID '.$userid;
    }
    else{
        echo "<a href='index.php'>Login</a>";
    }
?>

check_buyer.php

<?php
session_start(); #recall session from index.php where user logged include()
require_once('login_helper.php');
/*
function validateUser()
{
    session_regenerate_id (); //this is a security measure
    $_SESSION['valid'] == 1;
    $_SESSION['userid'] = $userid;
}
function isLoggedIn()
{
    if(isset($_SESSION['valid']) && $_SESSION['valid'])
        return true;
    return false;
}
*/

require_once('../inc/db/dbc.php');
$connect = mysql_connect($h, $u, $p) or die ("Can't Connect to Database.");
mysql_select_db($db);

$LoginUserName = $_POST['userName'];
$LoginPassword = mysql_real_escape_string($_POST['userPass']);
//connect to the database here
$LoginUserName = mysql_real_escape_string($LoginUserName);
$query = "SELECT uID, uUPass, dynamSalt
        FROM User
        WHERE uUName = '$LoginUserName';";
$result = mysql_query($query);
if(mysql_num_rows($result) < 1) //no such USER exists
{
    echo "Invalid Username and/or Password";
}
$ifUserExists = mysql_fetch_array($result, MYSQL_ASSOC);

$dynamSalt = $ifUserExists['dynamSalt'];  #get value of dynamSalt in query above
$SaltyPass = hash('sha512',$dynamSalt.$LoginPassword); #recreate originally created dynamic, unique pass

if($SaltyPass != $ifUserExists['uUPass']) # incorrect PASS
{
    echo "Invalid Username and/or Password";
}

else {
validateUser();
}
//if the user has not logged in
if(!isLoggedIn())
{
    echo "<html>
<head>
<meta http-equiv='refresh' content='0'; url=index.php'>
</head>
<body>
</body>
<html>";
    die();
}

?>

login_helper.php

<?php
 function validateUser()
{
    #session_regenerate_id (); //this is a security measure
    $_SESSION['valid'] == 1;
    $_SESSION['uID'] = $userid;
    echo "Session made";
}

function isLoggedIn()
{
    if(isset($_SESSION['valid']) && $_SESSION['valid'])
        return true;
    return false;
}

function logout()
{
    session_start();
    $_SESSION = array(); //destroy all of the session variables
    session_destroy();
   echo "
    <html>
    <head>
    <meta http-equiv='refresh' content='0'; url=index.php'>
    </head>
    <body>
    </body>
    <html>";
}
?>

pwhome.php

<?php
session_start();

function isLoggedIn()
{
    if(isset($_SESSION['valid']) && $_SESSION['valid'])
        return true;
    return false;
}

//if the user has not logged in
if(!isLoggedIn())
{
    header('Location: index.php');
    die();
}
?>

<?php 
    if($_SESSION['valid'] == 1){
        echo "<a href='logout.php'>Logout</a>";
        echo 'userID '.$userid;
    }
    else{
        echo "<a href='index.php'>Login</a>";
    }
?>

logout.php

<?php    
require_once('login_helper.php');
logout();
?>

当前状态:当我访问 index.php 并使用确实正确的凭据登录时,我会不断刷新 check_buyer.php

如何在 index.php 上提供有效凭据后,才能正确登录(从 index.php)并将我正确重定向到 pwhome.php?

【问题讨论】:

  • 文件名是logout.php还是Logout.php?
  • 您在哪里注销?在 index.php 还是在 check_buyer.php?
  • 试图拥有它,所以他们登录 index.php,它刷新该页面并返回 index.php 并出现链接“注销”。这有意义吗?
  • 如果他们点击注销,它会再次刷新index.php,然后显示“登录”出现
  • 如果你使用的是linux,你可以去/var/lib/php/session检查是否正在创建新的会话文件

标签: php session login session-cookies


【解决方案1】:

我想知道你的代码,如果你想注销并用新的会话值刷新 index.php,为什么不把header( 'Location: index.php' ); 放在你的注销函数中?

所以,我认为这可能会有所帮助,修改您的 logout.php

Logout.php

<?php  
session_start();
function logout()
{
  $_SESSION = array(); //destroy all of the session variables
  session_destroy();
  echo "logged out?";
  header( 'Location: index.php' );
}

logout();
?>

上次编辑:

试试这个代码:

Index.php

<?php
session_start();
require_once('../inc/db/dbc.php');
?>

<!-- 

html form 

-->

<?php 
    if($_SESSION['valid'] == 1){
        echo "<a href='logout.php'>Logout</a>";
        echo 'userID '.$userid;
    }
    else{
        echo "<a href='index.php'>Login</a>";
    }
?>

check_buyer.php

<?php
session_start(); #recall session from index.php where user logged include()

require_once('../inc/db/dbc.php');
$connect = mysql_connect($h, $u, $p) or die ("Can't Connect to Database.");
mysql_select_db($db);

$LoginUserName = $_POST['userName'];
$LoginPassword = mysql_real_escape_string($_POST['userPass']);
//connect to the database here
$LoginUserName = mysql_real_escape_string($LoginUserName);
$query = "SELECT uID, uUPass, dynamSalt
        FROM User
        WHERE uUName = '$LoginUserName';";
$result = mysql_query($query);
if(mysql_num_rows($result) < 1) //no such USER exists
{
    echo "Invalid Username and/or Password";
}
$ifUserExists = mysql_fetch_array($result, MYSQL_ASSOC);

$dynamSalt = $ifUserExists['dynamSalt'];  #get value of dynamSalt in query above
$SaltyPass = hash('sha512',$dynamSalt.$LoginPassword); #recreate originally created dynamic, unique pass

if($SaltyPass != $ifUserExists['uUPass']) # incorrect PASS
{
    echo "Invalid Username and/or Password";
}

else {
validateUser();
}
//if the user has not logged in
if(!isLoggedIn())
{
    header('Location: index.php');
    die();
}

function validateUser()
{
    session_regenerate_id (); //this is a security measure
    $_SESSION['valid'] = 1;
    $_SESSION['uID'] = $userid;
}

function isLoggedIn()
{
    if(isset($_SESSION['valid']) && $_SESSION['valid'])
        return true;
    return false;
}
?>

logout.php

<?php    
session_start();
function logout()
{
    $_SESSION = array(); //destroy all of the session variables
    session_destroy();
    header( 'Location: index.php' );
}
logout();
?>

【讨论】:

  • 我想确认一下,你什么时候运行 check_buyer.php ?你为什么要做两个注销功能?您可以通过从 check_buyer.php 中删除注销功能来简化操作。
  • check_buyer.phpindex.php 上提供usernamepassword 时被调用。我删除了check_buyer.php上的logout()函数
  • Call to undefined function validateUser() /check_buyer.php on line 31 那行是:else { validateUser(); }
  • 在您的check_buyer.php 中添加include('login_helper.php');
  • 做到了。我在尝试登录时得到这个:Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent in login_helper.php on line 4 当它转到check_buyer.phpusernamepassword 提交时。
【解决方案2】:

代替

header('Location: index.php');

尝试meta refresh 进行页面转发。关闭 php 块后,添加一些 HTML 代码,例如;

<html>
<head>
<meta http-equiv="refresh" content="0; url=index.php">
</head>
<body>
</body>
<html>

当您使用header() 功能进行页面转发时,有时会话无法正常工作。

【讨论】:

  • if($_SESSION['valid'] = 1) 这是我猜的问题。您使用了单个 = 而不是 ==
  • 这似乎解决了无法注销的问题,现在我可以了,但现在我似乎无法登录......
  • 尝试用元刷新替换所有 header("location:...") 块。它在过去真的帮助了我。如果存在条件重定向情况,只需在顶部使用 $url 之类的变量,然后在代码底部的元刷新块中使用它。
猜你喜欢
  • 2023-03-31
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2015-03-12
  • 2018-12-25
  • 1970-01-01
  • 1970-01-01
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode