无法验证用户身份

时间:2012-08-15 17:56:19

标签: php mysql

我在使用$_SESSION变量时遇到了很多麻烦。我正在尝试为用户创建一种登录和退出的方式。我可以登录用户但我似乎无法在切换页面时维护会话。当用户正确登录时,他们将被带到profile.php。但如果我返回index.php,则会打印以下错误:

Notice: Undefined index: login in /Applications/MAMP/htdocs/www/Shared sites/userlogreg/index.php on line 3

我对此非常陌生,但从SO和其他地方看,我似乎无法弄明白。任何帮助将不胜感激。

的index.php

<?php
session_start();
if ($_SESSION['login'] == 1) {
    echo "<h1>Logged in!</h1>"; 
} else {
    echo "<h1>Not logged in</h1><br/>";
}

?>
<!DOCTYPE HTML>
<html>
<head>
    <title>Index page</title>
</head>
<body>
    <h2>Login</h2>
    <form action="login.php" method="POST">
        <div>
            <label for="emailSignIn">Email:</label>
            <input type="email" name="email" placeholder="Email" required="required" />
        </div>
        <div>
            <label for="passwordSignIn">Password:</label>
            <input type="password" name="password" placeholder="Password" required="required" />
        </div>
        <input type="submit" name="submit" value="Sign in" />
    </form> 

    <h2>Register</h2>
    <form action="register.php" method="POST">
        <div>
            <label for="firstnameRegister">First name:</label>
            <input type="text" name="firstname" placeholder="First name" required="required" />
        </div>
        <div>
            <label for="lastnameRegister">Last name:</label>
            <input type="text" name="lastname" placeholder="Last name" required="required" />
        </div>
        <div>
            <label for="emailRegister">Email:</label>
            <input type="email" name="email" placeholder="Email" required="required" />
        </div>
        <div>
            <label for="passwordRegister">Password:</label>
            <input type="password" name="password" placeholder="Password" required="required">
        </div>
        <input type="submit" name="submit" value="Create account" />
    </form>

</body>

</html>

的login.php

<?php

$email = sanitize_input($_POST['email']); //echo "Sanitized email: ".$email; echo "<br/>";
$password = $_POST['password']; //echo "Inputted password: ".$password; echo "<br/>";

if ((!isset($email)) || (!isset($password))) {
    // VISITOR NEEDS TO ENTER AN EMAIL AND PASSWORD
    //echo "Data not provided";
} else {
    // CONNECT TO MYSQL
    $mysql = mysqli_connect("localhost", "root", "root");
    if(!$mysql) {
    //echo "Cannot connect to PHPMyAdmin.";
    exit;
    } else {

    }
}
// SELECT THE APPROPRIATE DATABASE
$selected = mysqli_select_db($mysql, "languageapp");
if(!$selected) {
    //echo "Cannot select database.";
    exit;
} else {

}

// GET THE USER'S UNIQUE SALT FROM THE DATABASE
$unique_salt = mysqli_query($mysql, "select uniqueSalt from user where email = '".$email."'");
$row = mysqli_fetch_array($unique_salt);
//echo "Salt: ".$row['uniqueSalt']; echo "<br/>";

// HASH THE PASSWORD 
$iterations = 10;
$hashed_password = crypt($password,$row['uniqueSalt']); 
for ($i = 0; $i < $iterations; ++$i)
{
    $hashed_password = crypt($hashed_password . $password,$row['uniqueSalt']);
}

//echo "Password entered by user: ".$hashed_password; echo "<br/>";

$user_db_password = mysqli_query($mysql, "select password from user where email = '".$email."'");
$row = mysqli_fetch_array($user_db_password);
//echo "User's password: ".$row['password']; echo "<br/>";

// query the database to see if there is a record which matches
$query = "select count(*) from user where email = '".$email."' and password = '".$hashed_password."'";
$result = mysqli_query($mysql, $query);
if(!$result) {
    //echo "Cannot run query.";
    exit;
}

$row = mysqli_fetch_row($result);
$count = $row[0];

if ($count > 0) {
    session_start();
    $_SESSION['login'] = 1;
    $_SESSION['email'] = $email;
    $_SESSION['errors'] = "";
    header("location:profile.php");
    //echo "<h1>Login successful!</h1>";
    //echo "<p>Welcome.</p>";
    //echo "<p>This page is only visible when the correct details are provided.</p>";
} else {
    session_start();
    $_SESSION['login'] = '';
    header("location:index.php");
    //echo "<h1>Login unsuccessful!</h1>";
    //echo "<p>The email and password combination entered was not recognized</p>";
}

// CLEAN THE INPUT
function sanitize_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}

?>

1 个答案:

答案 0 :(得分:4)

更改此行:

if ($_SESSION['login'] == 1) {

..对此:

if (isset($_SESSION['login']) && $_SESSION['login'] == 1) {

这样,您可以在访问之前检查是否设置了'login'