将会话变量传递给登录重定向脚本

时间:2012-04-26 12:02:10

标签: php session url redirect login

我正在尝试存储用于登录重定向脚本的当前URL。我正在使用:

$_SESSION['url'] = $_SERVER['REQUEST_URI'];

在每个页面顶部的脚本中,我想要密码保护,如下所示:

<?php

//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();
$_SESSION['url'] = $_SERVER['REQUEST_URI'];

require('config.php');

require('functions.php'); 

//this is group name or username of the group or person that you wish to allow access to
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access(Administrators) != "yes")
{ 
include ('no_access.html'); 
exit;
}
?>

no_access.html看起来像这样:

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>NO ACCESS ALLOWED</title>
</head>

<body>

<b><font size="6">Access Denied!!!</font></b><p>Please login with proper 
credentials:</p>
<FORM METHOD="POST" ACTION="/login/redirect.php">
<P><font face="Verdana" size="2" color="#2852A8"><STRONG>Username:</STRONG><BR>
</font><font color="#2852A8" face="Verdana">
<INPUT TYPE="text" NAME="username" SIZE=25 MAXLENGTH=25></font></p>
<P><font face="Verdana" size="2" color="#2852A8"><STRONG>Password:</STRONG><BR>
</font><font color="#2852A8" face="Verdana">
<INPUT TYPE="password" NAME="password" SIZE=25 MAXLENGTH=25></font></p>
<P><font face="Verdana"><font color="#2852A8">
<input type="checkbox" name="remember" value="Yes"></font><font size="2" color="#2852A8">Remember 
me from this computer</font></font></p>
<P><font color="#2852A8">
<INPUT TYPE="submit" NAME="submit" VALUE="Login" style="font-family: Verdana"></font></P>
</FORM>
<p>&nbsp;</p>

</body>

</html>

redirect.php看起来像这样:

<?

//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();

session_start();

die(print($_SESSION['url']));

if(isset($_SESSION['url'])) 
   $url = $_SESSION['url']; // holds url for last page visited.
else 
   $url = "/bob.php"; // default page for

//require the functions file
require ("config.php");
require ("functions.php");

//check to see if cookies are already set, remember me
if ((!$lr_user) || (!$lr_pass))
{

$username = $_POST[username];
$password = $_POST[password];

}else{

$username = $lr_user;
$password = $lr_pass;

}

//if username or password is blank, send to errorlogin.html
if ((!$username) || (!$password)) 
{

    header("Location:$base_dir/errorlogin.html");
    exit;
}

//sets cookies to remember this computer if the user asks to
if ($_POST[remember] == "Yes")
{
setcookie("lr_user", $username, $duration, "/", $domain);
setcookie("lr_pass", $password, $duration, "/", $domain);
}

if ($_POST[activate] == "Yes")
{
        //make the connection to the database
        $connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
        $db = @mysql_select_db($db_name,$connection)or die(mysql_error());

        //build and issue the query
        $sql ="UPDATE $table_name SET verified = '1' WHERE username = '$_POST[username]'";
        $result = @mysql_query($sql,$connection) or die(mysql_error());
}

//sets session variables
sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $username, $password);

//check to see if the user has to change their password
if ($_SESSION[pchange] == "1")
{
    $_SESSION[redirect] = "$base_dir/pass_change.html";
}

//check to see if the user has activated the account
if ($_SESSION[verified] == "0")
{
    $_SESSION[redirect] = "$base_dir/not_activated.html";
}

//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());

//build and issue the query
$sql ="SELECT * FROM banned";
$result = @mysql_query($sql,$connection) or die(mysql_error());

while ($sql = mysql_fetch_object($result)) 
    {
    $banned = $sql -> no_access;
    if ($username == $banned || $REMOTE_ADDR == $banned)
        {
            include ('banned.html');
            exit;
        }
    }

$last_log = last_login();

//updates table with last log as now
$sql = "UPDATE $table_name SET last_login = '$last_log' WHERE username = '$_SESSION[user_name]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());

if (($_SESSION[redirect] != "$base_dir/errorlogin.html") && ($log_login == "1"))
{
    include('loglogin.php');
}

//redirects the user    
header("Location:$url");

?>

<head><title>Redirect</title></head>

由于某种原因,$_SESSION['url']未传递给redirect.php。 die(print($_SESSION['url']));不返回任何内容。

有人可以帮忙解决这个问题吗?

谢谢,

尼克

我目前的错误:

注意:第17行/home/nickputm/public_html/monthlymixup.com/login/redirect.php中的未定义索引:url

警告:未知:打开(/ tmp / sess_831fff9f72fafb8ec8a677ef794a7824,O_RDWR)失败:第0行的未知设备(28)上没有剩余空间

警告:未知:无法写入会话数据(文件)。请在第0行的Unknown中验证session.save_path的当前设置是否正确(/ tmp)

2 个答案:

答案 0 :(得分:1)

请尝试删除php开始标记<?后的空行和session_start()之前的空行;在redirect.php中

在php关闭标记(?&gt;)之后,还要检查并删除空格或空行。

尝试将no_access.html另存为no_access.php

答案 1 :(得分:0)

在设置标题之前尝试放置session_start

相关问题
最新问题