转到用户特定页面的 PHP 会话 [关闭]

【问题标题】:PHP sessions to go to user specific page [closed]转到用户特定页面的 PHP 会话 [关闭]
【发布时间】:2015-12-10 03:29:45
【问题描述】:

我正在尝试创建一个用户登录的页面,并将他们带到个性化页面。我遇到的问题是,当用户仍然登录时,如果他们输入通用 url,他们仍然登录并且他们的个性化页面是可见的。 (类似于您登录 Facebook 时,如果您输入 www.facebook.com,它会直接进入您的提要)我尝试为此使用会话,但没有运气。

<?php 
if(isset($_REQUEST['user']) != true) {
?>
<html>
    <head>
            <title>Welcome</title>
    </head>
</html>
<body bgcolor="white">
<h1>Welcome</h1><br>


 If you have an existing account, log in here:<br>
    <form name="loginForm" action="test.php" method="get">
        User name: <input type="text" name="user" /><br>
        Password: <input type="password" name="pass" /></br>
        <input type="submit" value="Login" />
    </form>
    <br>
    <hr>
    <br>
    Otherwise, if you'd like to create an account, please fill out the following form:<br>
    <form name="createAccountForm" action="test.php" method="get">
        User name: <input type="text" name="user" /><br>
        Password: <input type="password" name="pass" /><br>
        First name: <input type="text" name="fname" /><br>
        Last name: <input type="text" name="lname" /><br>
        <input type="hidden" name="create" value="true">
        <input type="submit" value="Create Account" />
    </form>

</body>
</html>
<?php
}
else if(isset($_REQUEST['user']) == true) {
session_start();
if(!isset($_SESSION['uname']))
{
  header('location:test.php?redirect='.$_SERVER['REQUEST_URI']);
  exit;
}

// personalized page code
}

【问题讨论】:

  • php.net/manual/en/function.error-reporting.php 也可能在标题之前输出。
  • if(isset($_REQUEST['user']) != true) 不能这样工作,if(isset($_REQUEST['user']) == true) 也是如此
  • 将内容发送到输出缓冲区后,您无法启动会话session_start();。将session_start(); 移动到第一个&lt;?php 之后
  • 接受下面给出的答案。祝你好运,您需要对其进行大量修改才能使其正常工作。

标签: php html session login


【解决方案1】:

EDIT:: 首先为您自己的现有代码提供解决方案。应该可以正常工作。

<?php 
session_start();
if(isset($_REQUEST['user'])) {

if(isset($_SESSION['uname']))
{
  header('location:test.php?redirect='.$_SERVER['REQUEST_URI']);
  exit;
}

// personalized page code
} else {

?>
<html>
    <head>
            <title>Welcome</title>
    </head>
</html>
<body bgcolor="white">
<h1>Welcome</h1><br>


 If you have an existing account, log in here:<br>
    <form name="loginForm" action="test.php" method="get">
        User name: <input type="text" name="user" /><br>
        Password: <input type="password" name="pass" /></br>
        <input type="submit" value="Login" />
    </form>
    <br>
    <hr>
    <br>
    Otherwise, if you'd like to create an account, please fill out the following form:<br>
    <form name="createAccountForm" action="test.php" method="get">
        User name: <input type="text" name="user" /><br>
        Password: <input type="password" name="pass" /><br>
        First name: <input type="text" name="fname" /><br>
        Last name: <input type="text" name="lname" /><br>
        <input type="hidden" name="create" value="true">
        <input type="submit" value="Create Account" />
    </form>

</body>
</html>
<?php
}
?>

这是我自己的一个登录解决方案(删掉了一点通用性)它还包括用于数据库的 PDO 查询和使用 php 的 password_hash 函数检查密码的代码。我将指出与您的问题特别相关的代码:

假设您正在构建登录页面,并希望将用户发送到与他们的状态相关的站点的其他部分。我认为整个剧本是相关的。您可以轻松地交换和更改会话变量值所导致的结果。

    <?php
        error_reporting(E_ALL);
        ini_set("display_errors", 1);
        //start the session before sending any other output
        session_start();
        require('dbconn.php');
    // checks if a session eid has been set, if so, send them to the usercp.
        if(isset($_SESSION['eid'])){ header("Location: usercp.php"); } else {

        try{
        //build a login page
        $loginpage ="<html><head><title>Portal Login</title></head><body>";
         $loginpage.="<div align=\"center\" id=\"box\">";
         $loginpage.="<table><tr><td><img src=\"images/login.jpg\" /></td></tr>";
         $loginpage.="<tr><td><div align=\"center\">";
         $loginpage.="<font face=\"Courier New, Courier, monospace\">Please enter your email<br />  address and password.</font><br />";
         $loginpage.="<br /><form action=\"\" method=\"post\" name=\"login\" ><div align=\"right\">";
         $loginpage.="<font face=\"Courier New, Courier, monospace\">Email:</font><input type=\"text\" size=\"40\" name=\"email\" />";
         $loginpage.="<br /><br /><font face=\"Courier New, Courier, monospace\">Password:</font><input type=\"password\" size =\"40\" name=\"password\" />";
         $loginpage.="<br /></div><br /><input type=\"reset\" value=\"Reset\" />  ";
         $loginpage.="&nbsp;&nbsp;<input name=\"submit\" type=\"submit\" value=\"Login!\" />";
         $loginpage.="</form></div></td></tr></table></div></body></html>";  

        //checks if somebody is trying to login
        if(isset($_POST['submit'])) 
        //checks that the username and password have both been filled out if not, show the login page
            {   if(!$_POST['email'] || !$_POST['password'])
               {
                   echo $loginpage;
               echo "Please enter your login details";
               } else {  //otherwise search the database for the email address
                        $db = NEW pdo($dsn, $db_user, $db_pass);
                        $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
                        $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
                        $email = $_POST['email'];
                        $password = $_POST['password'];
                        $check = $db->prepare("SELECT * FROM employees WHERE email = :email");
                        $check->bindParam(":email", $email);
                        $check->execute();
                       //unset the session variables
                        unset($_SESSION['eid']);
                        unset($_SESSION['email']);
                        unset($_SESSION['userlevel']);
                        unset($_SESSION['fname']);
                       //check if the password hash matches php's hash of the password
                        if(($row = $check->fetch()) && (password_verify($password,$row['password']))) {
                       // set the session variables
                        $_SESSION['eid'] = $row['eid'];   
                        $_SESSION['email'] = $row['email'];
                        $_SESSION['userlevel'] = $row['userlevel'];
                        $_SESSION['fname'] = $row['fname'];
                        // if the user's userlevel is higher than 1 give them the option of the admin page
                        if($row['userlevel'] > "1")  { 
                            echo "<center><a href='usercp.php'><h1>User Panel</h1></a><br><br><a href='admin/admincp.php'><h1>Admin Panel</h1></a></center>";

                                } else {   //otherwise send them straight to the usercp
                                    header("Location: usercp.php");
                                }


                        } else {  //if the email is not found or password is incorrect, show the loginpage again
                                echo $loginpage;
                                            echo "Login details incorrect, please contact your manager.";

                        }

               }

            } else {  //if nobody has logged in already, or tried to log in just now, show the login page

                         echo $loginpage;

            }
        //pdo error reporting code
        } catch (PDOException $e) {
    throw $e;
}

        }
        ?>

【讨论】:

  • 再看看这个if(!$_POST['email'] | !$_POST['password'])
  • 我认为您正在混合使用 MYSQI_PDO 数据库扩展。它们不兼容或不可互换
猜你喜欢
  • 1970-01-01
  • 1970-01-01
  • 2012-12-16
  • 2015-01-10
  • 1970-01-01
  • 1970-01-01
  • 2018-03-17
  • 2020-06-26
  • 1970-01-01
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode