有些东西打破了loggin会话

时间:2012-10-13 11:16:01

标签: php session

我已经实现了这个Secure login script。 一切都很好,但我的文章编辑页面打破会议或某事。所以,如果我来到这个页面,它正在工作,但如果我走出这个页面,它就会告诉我。 “打破页面”的代码如下:

<?php
  include "includes/db_connect.php";
  include "includes/functions.php";
  sec_session_start();
  $page = $_SERVER['REQUEST_URI'];
  if(login_check($mysqli) == true) {
    include "includes/admin-header.php";
    $dotaz = new mysqli(HOST, USER, PASSWORD, DATABASE);
    if(empty($_GET['id'])){
      $stmt_articles = $dotaz->prepare("SELECT id, title, text FROM articles ORDER BY id DESC LIMIT 1");
      $stmt_articles->execute();
      $stmt_articles->store_result();
      $stmt_articles->bind_result($id_article, $title, $text);
      $stmt_articles->fetch();
    } else {
      $id=$_GET['id'];
      if($stmt_articles = $dotaz->prepare("SELECT id, title, text FROM articles WHERE id = ? LIMIT 1")) { 
      $stmt_articles->bind_param('i', $id);
      $stmt_articles->execute();
      $stmt_articles->store_result();
      $stmt_articles->bind_result($id_article, $title, $text);
      $stmt_articles->fetch();
      }
    } 
?>
  <div id='editation'>
    <div class='edit-title'>
      EDITACE: <a href="#" class='active'>ČLÁNKY</a> / <a href="#">NASTAVENÍ</a> <a href="#">NÁHLED</a>
    </div>
    <div class='edit-submenu'>
      <?php
        $dotaz2 = new mysqli(HOST, USER, PASSWORD, DATABASE);
        if($stmt_vypis = $dotaz2->prepare("SELECT id, title, text FROM articles ORDER BY id DESC LIMIT 0,8")) { 
          //do prepare se imho pouzije limit ?,? a pak se to bude bindovat pokazde jinymi cisly pro scrollovani?
          //$stmt_articles->bind_param('i', $id);
          $stmt_vypis->execute();
          $stmt_vypis->store_result();
          $stmt_vypis->bind_result($id_a, $titulek, $s_text);
          while($stmt_vypis->fetch()){
            echo "<a class='item' href=\"clanky.php?id=".$id_a."\">
                    <img src=\"http://25.media.tumblr.com/avatar_6feb8634e3d0_128.png\"/>
                    <p class='item-title'>".substr($titulek, 0, 20)."</p>
                    <p class='item-author'>Admin</p>
                    <div>
                      <p class='item-teaser'>".substr(strip_tags($s_text), 0, 20)."</p>
                      <p class='item-time'>Před 2 dny</p>
                    </div>
                </a>";            
          }
        }
      ?>
    </div>
    <script type="text/javascript">
      $(document).ready(function(){
        $(".edit-submenu").niceScroll({cursorcolor:"rgba(0, 0, 0, 0.6)"});
      });
    </script>
    <form action="clanky.php" method="post">
      <input type="text" size="80" name="title" value="<?php echo "$title"; ?>" />
      <textarea name="text" cols="100" rows="30"><?php echo "$text"; ?></textarea>
    </form>
  </div>
<?php
    include "includes/admin-footer.php";
  } else {
    if(!headers_sent()){
      header('Location: ./index.php?error=1');
    }
  }
?>

1 个答案:

答案 0 :(得分:0)

我必须编辑函数sec_session_start()并明确说明我的域为session_set_cookie_params()。

function sec_session_start() {
    $domain = 'example.com'; // note $domain
    $session_name = 'sec_session_id'; // Set a custom session name
    $secure = true; // Set to true if using https.
    $httponly = true; // This stops javascript being able to access the session id. 
    ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
    $cookieParams = session_get_cookie_params(); // Gets current cookies params.
    session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $domain, $secure, $httponly); // note $domain
    session_name($session_name); // Sets the session name to the one set above.
    session_start(); // Start the php session
    session_regenerate_id(true); // regenerated the session, delete the old one.     
}