php $_SESSION['id'] 导致错误答案

【问题标题】：php $_SESSION['id'] is causing errorsphp $_SESSION['id'] 导致错误
【发布时间】：2015-10-22 15:48:37
【问题描述】：

index.php：

<?php
session_start();
require 'res/connection.php';
if($_SESSION['id'] !== null){
  header("Location: profile.php");
}
?>
<!DOCTYPE html>
<html>
<head>
  <title>Welcome to the members section, Login or Register</title>
  <link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
  <script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
  <script src="js/fadein.js"></script>
  <link rel="stylesheet" type="tex/css" href="css/master.css"/>
    <link rel="stylesheet" type="tex/css" href="css/form.css"/>
</head>
<body>
  <div class="container loginbdy">
    <div class="row">
      <div class="col-lg-12 loginform">
        <form action="" method="post" class="form">
          <h2>Log In :</h2>
          <label name="username-label">Username :</label>
          <input class="form-control" type="text" placeholder="Your username" name="username" id="username" maxlength="120"/>
          <label name="password-label">Password :</label>
          <input class="form-control" type="password" placeholder="Your password" name="password" id="password" maxlength="35"/></br>
          <input type="submit" class="btn btn-default" value="Log In" name="submit" /></br>
          <p>Not a member yet ? <a href="register.php" ><i><b>register</b></i></a></p>
        </form>
      </div>
        <div class="col-lg-3 errorlogin">
          <?php
          if(isset($_POST['submit'])){
            $username = mysqli_real_escape_string($con, $_POST['username']);
            $password = mysqli_real_escape_string($con, $_POST['password']);
              if(empty($username)){
                echo '
                <div class="alert alert-danger">
                  <strong>Error!</strong> username is empty.
                </div>
                ';
              }elseif(empty($password)){
                echo '
                <div class="alert alert-danger">
                  <strong>Error!</strong> password is empty.
                </div>
                ';
              }else{
                $result = mysqli_query($con,"SELECT * FROM `users` WHERE `username` = '$username'");
                $row_cnt = mysqli_num_rows($result);
                if($row_cnt === 0){
                  echo '
                  <div class="alert alert-danger">
                    <strong>Error!</strong> The username you tried to login with doesn\'t exist, would you like to <a href="register.php">register</a> it ?
                  </div>
                  ';
                }else{
                $row = mysqli_fetch_array($result);
                $userpassword = $row['password'];
                $salt = $row['salt'];
                $id = $row['user_id'];
                $hashedpassword = crypt($password,$salt);
                if($hashedpassword === $userpassword){
                  $_SESSION['id'] = $id;
                  echo "
                  <div class=\"alert alert-success\">
                    <strong>Session has been set</strong> you are now logged in! your user id is "; echo $_SESSION['id']; echo '
                  </div>
                  ';
                  $user_id = mysqli_query($con, "SELECT * FROM `users` WHERE `username` = '$username'");
                  $row = mysqli_fetch_array($user_id);
                  $id = $row['user_id'];
                  $firstname = $row['first name'];
                  $lastname = $row['last name'];
                  $semail = $row['email'];
                  $susername = $row['username'];
                  $spaid = $row['paid'];
                  $sdate = $row['date_created'];
                  $sconfirmed = $row['confirmed'];
                  $_SESSION['id'] = $id;
                  $_SESSION['fname'] = $firstname;
                  $_SESSION['lname'] = $lastname;
                  $_SESSION['email'] = $semail;
                  $_SESSION['username'] = $susername;
                  $_SESSION['paid'] = $spaid;
                  $_SESSION['date'] = $sdate;
                  $_SESSION['confirmed'] = $sconfirmed;
                  header('Location: profile.php');
                }else{
                  echo '
                  <div class="alert alert-danger">
                    <strong>Error!</strong> The username or password you entered is incorrect!
                  </div>
                  ';
                }
              }
            }
          }
           ?>
        </div>
    </div>
  </div>
</body>
</html>

<?php
session_start();
require 'res/connection.php';
if($_SESSION['id'] !== null){
  header("Location: profile.php");
}
?>
<!DOCTYPE html>
<html>
<head>
  <title>Welcome to the members section, Login or Register</title>
  <link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
  <script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
  <link rel="stylesheet" type="tex/css" href="css/master.css"/>
  <link rel="stylesheet" type="tex/css" href="css/form.css"/>
</head>
<body background="res/background.jpg">
  <div class="container">
    <div class="row">
      <div class="col-lg-9 registerform">
        <?php

        ?>
        <form action="" method="post" class="form">
          <h2>Register :</h2>

          <label name="lname-label">First Name :</label>
          <input class="form-control" type="text" placeholder="Your First Name" name="fname" id="fname" maxlength="100" tabindex="1" autofocus />
          <label name="lname-label">Last Name :</label>
          <input class="form-control" type="text" placeholder="Your Last Name" name="lname" id="lname" maxlength="100" tabindex="2" />
          <label name="username-label">Username :</label>
          <input class="form-control" type="text" placeholder="Your desired Username" name="username" id="username" maxlength="24" tabindex="3" />
          <label name="email-label">Email :</label>
          <input class="form-control" type="email" placeholder="Your Email address" name="email" id="email" maxlength="120" tabindex="4" />
          <label name="password-label">Password :</label>
          <input class="form-control" type="password" placeholder="Your desired password" name="password" id="password" maxlength="35" tabindex="5" />
          <label name="repassword-label">re enter Password :</label>
          <input class="form-control" type="password" placeholder="Your password again" name="repassword" id="repassword" maxlength="35" tabindex="6" />
          <label name="type-label">i am here to :</label></br>
          <select name="type" class="form-control" tabindex="7" >
            <option>develop websites</option>
            <option>hire a developer</option>
          </select>
          </br>
          <input type="submit" class="btn btn-default" value="Register" name="submit" /></br>
          <p>already a member ? <a href="index.php" ><i><b>Log In</b></i></a></p>
        </form>

      </div>
      <div class="col-lg-3 errorlog">
        <?php
        /* if submit button is clicked start the registration */
          if(isset($_POST['submit'])){
            /* get all the values from the textboxes */
            $fname = mysqli_real_escape_string($con,$_POST['fname']);
            $lname = mysqli_real_escape_string($con,$_POST['lname']);
            $username = mysqli_real_escape_string($con,$_POST['username']);
            $email = mysqli_real_escape_string($con,$_POST['email']);
            $password = mysqli_real_escape_string($con,$_POST['password']);
            $password_verification = mysqli_real_escape_string($con,$_POST['repassword']);
            $type = mysqli_real_escape_string($con,$_POST['type']);
            $paid = false;
            /* form validation */
        if(empty($fname)){
          echo '
          <div class="alert alert-danger">
            <strong>Error!</strong> first name is empty.
          </div>
          ';
        }else if(empty($lname)){
            echo '
            <div class="alert alert-danger">
              <strong>Error!</strong> Last name is empty.
            </div>
            ';
          }else if(empty($username)){
            echo '
            <div class="alert alert-danger">
              <strong>Error!</strong> Username is empty.
            </div>
            ';
          }else if(0 === preg_match("/.+@.+\..+/",$email)){
            echo '
              <div class="alert alert-danger">
                <strong>Error!</strong> The email you entered is invalid.
              </div>
              ';
            }else if(0 === preg_match("/.{6,}/",$password)){
              echo '
                <div class="alert alert-danger">
                  <strong>Error!</strong> Passwords has to be atleast 6 characters long.
                </div>
                ';
            }else if($password !== $password_verification){
              echo '
                <div class="alert alert-danger">
                  <strong>Error!</strong> The passwords you entered do not match.
                </div>
                ';
            }else if(empty($type)){
              echo '
                <div class="alert alert-danger">
                  <strong>Error!</strong> You can be eithere a developer or a host
                </div>
                ';
            }else{
              $query = "SELECT * FROM users WHERE username = '$username'";
              $equery = "SELECT * FROM users WHERE email = '$email'";
              if($result = mysqli_query($con,$query)){
                $row_cnt = mysqli_num_rows($result);
            if($row_cnt > 0){
              echo '
              <div class="alert alert-danger">
                <strong>Error!</strong> This username is already taken!
              </div>
              ';
            }else if ($eresult = mysqli_query($con,$equery)){
              $erow_cnt = mysqli_num_rows($eresult);
            if($erow_cnt > 0){
              echo '
              <div class="alert alert-danger">
                <strong>Error!</strong> This email is already registered!
              </div>
              ';
                }else{
                  $salt = rand(100 , 999) . rand(100 , 999) . rand(1000 , 9999);
                  $hashedpassword = crypt($password,$salt);
                  if($type === "develop websites"){
                    $type="developer";
                  }else if($type === "hire a developer"){
                    $type="owner";
                  }else{
                    echo'
                    <div class="alert alert-danger">
                      <strong>Error!</strong> you can only be an owner or a developer
                    </div>
                    ';
                  }
                  $date = date("m/d/Y h:i:sa");
                  $confirm = false;
                  $confirmation_code = rand(100,999) . "-" . rand(100,999);
                  $insertion = mysqli_query($con,"INSERT INTO `users` (`first name`, `last name`, `email`, `password`, `username`, `salt`, `type`, `paid`, `date_created`, `confirmed`,`confirmation_code`) VALUES ('$fname','$lname','$email','$hashedpassword','$username','$salt','$type','0','$date','$confirm','$confirmation_code')");
                  if($insertion){
                    echo "
                    <div class=\"alert alert-success\">
                      <strong>Success</strong> your account has been successfully created!
                    </div>
                    ";
                    $user_id = mysqli_query($con, "SELECT * FROM `users` WHERE `username` = '$username'");
                    $row = mysqli_fetch_array($user_id);
                    $id = $row['user_id'];
                    $firstname = $row['first name'];
                    $lastname = $row['last name'];
                    $semail = $row['email'];
                    $susername = $row['username'];
                    $spaid = $row['paid'];
                    $sdate = $row['date_created'];
                    $sconfirmed = $row['confirmed'];
                    $sconfirmation_code = $row['confirmation_code'];
                    $_SESSION['id'] = $id;
                    $_SESSION['fname'] = $firstname;
                    $_SESSION['lname'] = $lastname;
                    $_SESSION['email'] = $semail;
                    $_SESSION['username'] = $susername;
                    $_SESSION['paid'] = $spaid;
                    $_SESSION['date'] = $sdate;
                    $_SESSION['confirmed'] = $sconfirmed;
                    $_SESSION['confirmation_code'] = $sconfirmation_code;
                      if($user_id){
                    echo "
                    <div class=\"alert alert-success\">
                      <strong>Session has been set</strong> you are now logged in!
                    </div>
                    ";
                    echo"<script>
                    setTimeout(function () {
                    window.location.href = 'profile.php';},8000);
                    </script>";
                    echo "
                    <div class=\"alert alert-info\">
                      <strong>Thank you!</strong> in 8 seconds you will be redirected to your new profile
                    </div>
                    ";

                  }else{
                    echo "
                    <div class=\"alert alert-danger\">
                      <strong>Failed</strong> your account has been created, but we were unable to log you in, you will have to do this manually <A href=\"index.php\">here</a>
                    </div>";
                  }
                  }else{
                    echo "
                    <div class=\"alert alert-danger\">
                      <strong>Failed</strong> your account has not been created, something went wrong
                    </div>";
                  }
                  }
               }
              }
            }
          }
        ?>
      </div>
    </div>
  </div>
</body>
</html>

现在的问题是，一旦您登录或注册，它会通过检查以下内容来检查您是否正在进行会话：

if($_SESSION['id'] !== null){
  header("Location: profile.php");
}

但它返回一个错误说：
注意：未定义索引：id
我了解该错误是因为未设置会话，因此未设置导致此错误的变量 $_SESSION['id']，我想知道是否有另一种解决方法，不包括使用 cookie，因为我正在存储用户信息，在这种情况下 cookie 不安全
我尝试使用 session_id()，但是每当你开始会话时 session_id() 就会自动设置。因此，即使您未登录，它也会始终重定向到 profile.php

ps : 我知道我的 php 不是很整洁，我还是 php 新手，所以任何关于改进它的 cmet 将不胜感激

【问题讨论】：

你可以在使用前开始会话吗？？
在检查 $_SESSION['id'] 是否为空之前会话已经开始，我无法在 $_SESSION['id'] 中输入任何内容，因为它必须是用户 ID
在索引中你设置会话ID以及在顶部你检查它的空
有一个叫做isset的东西专门针对这种需求

标签： php mysql session cookies

【解决方案1】：

试试isset :-

 if(isset($_SESSION['id'])){
      header("Location: profile.php");
    }else{
    echo 'session is not set';die;
    }

【讨论】：

非常感谢，这个成功了，老实说我不知道为什么我没有想到它，如果你检查我的注册，它就是 if(empty($somevariable){}
欢迎，如果这有效请接受我的回答@PeterGeorgesBouSaada
我会接受你的回答，我只需要再等 6 分钟就可以了
没问题，你是回答最快的人，你不服
正确的方式你使用isset()，而不是empty()。

【解决方案2】：

使用isset！

if (isset($_SESSION['id'])) {
    // ..
}

Isset 检查 var/index 是否已定义，因此这对您来说非常有用。

请注意，isset 和 !empty 之间存在差异。 isset 只检查，如果定义了 var，!empty 会做更多的测试，比如 $var !== false, $var !== array(), $var !== '0', $var != = 0 等。

这在您的情况下可能无关紧要（除了，您有一个允许的 id=0），但总是很高兴知道。

【讨论】：

【解决方案3】：

<?php
Session_start();
if(isset($_SESSION['id'])
  Do what you wanna do
?>

你可以使用 isset() 来查看是否设置了 id。

【讨论】：

请将If改为if
@CrakC 谢谢没注意到。我用我的手机发布了。我的自动校正把第一个字母作为大写。

【解决方案4】：

if(isset($_SESSION['id'])){
    header("location: profile.php");
}

在 php 中 isset() 用于检查 id 是否设置。

【讨论】：