为什么我的会话变量不起作用?

时间:2012-04-12 21:53:33

标签: php session session-variables

我已经检查过像php标签之前的白色空间这样的普通内容,并且有一个session_start()但是在我的生活中无法解决这个问题。我正在为客户制作一个登录系统,所以这是至关重要的事情。

基本上,一旦我到达第二页$ _SESSION ['username'];是空的。 我打印出来并且它是空的,但是atm会激活标题重定向,你可以在代码中看到它。

提前感谢您收到的任何帮助:)

相关守则:

<?php
session_start();

include '../resources/methods/Library.php';

if(isset($_SESSION['username']))
{
    //User already logged in!
    header('Location: Index.php');
}

//Username and password submitted by user
$usernameSubmitted = $_POST['username'];
$passwordSubmitted = $_POST['password'];

if($usernameSubmitted != "" && $passwordSubmitted != "")
{
    //User has entered both a username and a password. We shall validate them

    //Connect to database and select all the admin accounts
    connectToDB();
    $query = "SELECT * FROM admins" or die(mysql_error());
    $data = mysql_query($query) or die(mysql_error());
    $numberOfAdmins = mysql_num_rows($data) or die(mysql_error());


    //Check if the username corresponds to any found in the database                        
    $usernameValid = false;

    for($i = 0; $i < $numberOfAdmins; $i++)
    {
        if($usernameSubmitted == mysql_result($data, $i, "Username"))
        {
            $userToLogInAs = $i;
            $usernameValid = true;
        }
    }

    //If username is valid, check password
    if($usernameValid != false)
    {
        //Passwords are held as blowfish encryptions for security. Encypt this so we can compare
        $encryptedPasswordSubmitted = crypt($passwordSubmitted, '$2a$07$buzzybees5hivestottenhoe$');

        if($encryptedPasswordSubmitted == mysql_result($data, $userToLogInAs, "Password"))
        {
            //Create a session variable so the user remains logged in
            $_SESSION['username'] = $usernameSubmitted;

            //User entered the correct username and password, redirect them to the website.
            header('Location: Index.php');
        }
    }

    //If we've got this far then the user didn't authenticate successfully.
    $message = "<h2>Sorry, Invalid Credentials</h2><p>Check that you're tying your username and password correctly.</p>";
}

&GT;

下一页:

<?php
session_start();

if(!isset($_SESSION['username']))
{
    //User not signed in, send them to the log in page
    header('Location: Log-In.php');
}
?>

有什么想法吗?

谢谢, 丹尼

1 个答案:

答案 0 :(得分:1)

这只是猜测,但假设您只显示登录脚本的部分代码:

成功登录后重定向后不使用die(),因此之后的任何代码都会被执行。如果你在那里操纵$_SESSION变量,那可能会导致你的问题。

为安全起见,只需将代码更改为:

    if($encryptedPasswordSubmitted == mysql_result($data, $userToLogInAs, "Password"))
    {
        //Create a session variable so the user remains logged in
        $_SESSION['username'] = $usernameSubmitted;

        //User entered the correct username and password, redirect them to the website.
        header('Location: Index.php');
        die();    // this is important!
    }

看看是否能解决问题。请注意,您需要在重定向的任何位置执行此操作。

相关问题
最新问题