PHP Session没有保持值

时间:2012-11-07 04:59:16

标签: php

经过几个小时的帖子和不同的论坛后,我终于放弃了。 通过尝试创建注册和登录页面,我在过去24小时内一直在学习PHP。 注册似乎工作(我确信有一些错误等,但是现在一切似乎都在sql中)。 至于我的登录页面,这是我遇到一些问题的地方。

NEW EDIT

这是我的registration.php 

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

//Set error msg to blank
$errorMsg = "";
// Check to see if the form has been submitted
if (isset($_POST['username'])) 
{
include_once 'db_connect.php';
$username = preg_replace('/[^A-Za-z0-9]/', '', $_POST['username']);
$password = preg_replace('/[^A-Za-z0-9]/', '', $_POST['password']); 
$accounttype = preg_replace('/[^A-Za-z]/','', $_POST['accounttype']);
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
//validate email with filter_var
if ((!$username) || (!$password) || (!$accounttype) || (!$email))
    {
    $errorMsg = "Everything needs to be filled out";
    } 
    else {
// if fields are not empty

// check if user name is in use
    $db_username_check = mysql_query("SELECT id FROM members WHERE          username='$username' LIMIT 1");
    $username_check = mysql_num_rows($db_username_check); 
// check if email is in use
    $db_email_check = mysql_query("SELECT id FROM members WHERE email='$email' LIMIT 1");
    $email_check = mysql_num_rows($db_email_check);

//if username is in use ... ERROR
    if ($username_check > 0)  { 
    $errorMsg = "ERROR: username is already in use";

// if username is ok check if email is in use       
    } else if ($email_check > 0) {
    $errorMsg = "ERROR: email is already in use"; 

    } else {

    session_start();
    $hashedPass = md5($password); 
// Add user info into the database table, claim your fields then values 
    $sql = mysql_query("INSERT INTO members (username, password, email, accounttype ) 
    VALUES('$username', '$hashedPass', '$email', '$accounttype')") or die (mysql_error());
    // Retrieves the ID generated for an AUTO_INCREMENT column by the previous query
    $id = mysql_insert_id();
    $_SESSION['id'] = $id; 
    mkdir("members/$id", 0755); 
    header("location: member_profile.php?id=$id");
    $errorMsg = "Registration Successful";
    exit();}

    }
// if the form has not been submitted
} else { $errorMsg = 'To register please fill out the form'; }
?>

这是我的Login.php 

<?php
 error_reporting(E_ALL);
    ini_set('display_errors', '1');

    // if the form has been submitted
    $errorMsg = "";
    if ($_POST['username']){

            include_once('db_connect.php');
            $username = stripslashes($_POST['username']);
            $username = strip_tags($username);
            $username = mysql_real_escape_string($_POST['username']);
            $password = mysql_real_escape_string($_POST['password']); 
            $hashedPass = md5($password);


            $sql = "SELECT username,password FROM members WHERE username ='$username' AND password = '$hashedPass'";
            $login_check = mysql_query($sql);
            $count = mysql_num_rows($login_check);
            $row = mysql_fetch_array($login_check);
            //var_dump($id, $username, $password);

                if($count==1)
                    {
                        session_start();
                        //$id = $row["id"]; 
                        //                $_SESSION['id'] = $userid; 
                        //                $username = $row['username'];  
                        //                $_SESSION['username'] = $username; 
                        //                header("location: member_profile.php?id=$userid"); 
                         echo "User name OK";
                         return true;
        } else {
            echo "Wrong username or password";
            return false;

                    }
                }

    ?>

每当有人注册$ id = mysql_insert_id();将从最后一个查询中提取ID并启动$ _SESSION ['id']。然而,在if($ count == 1)之后立即登录时,我完全迷失了。由于某种原因,名称和密码被检查并确实通过,但ID失败。 我确实尝试添加“SELECT id FROM members WHERE id ='$ id'”但我的$ id始终未定义。

我的member_profile.php是这样的:

<?php
session_start();
$toplinks = "";
if(isset($_SESSION['id'])) {
//If the user IS logged in show this menu
$userid = $_SESSION['id'];
$username = $_SESSION['username'];
$toplinks = '
<a href="member_profile.php?id=' .$userid. '"> Profile </a> &bull;
<a href="member_account.php">Account</a> &bull;
<a href="logout.php">Logout</a>
';

} else {
// If the user IS NOT logged in show this menu
$toplinks = '
<a href="register.php">JOIN</a> &bull;
<a href="login.php">LOGIN</a>
';

}

?>

感谢大家提供有关安全性,结构和编码风格的任何提示。对我来说这是php的第3天。

请原谅任何错误。

2 个答案:

答案 0 :(得分:2)

你的if正在进行评论检查 - 

<?php // if the form has been submitted $errorMsg = ""; if

编辑 - 

    <?php 
    // if the form has been submitted 
    $errorMsg = ""; 
    if(($_POST['username']) && ($_POST['password'])){

您正在使用mysql并在代码中使用mysqli - 

$row = mysqli_fetch_array($sql);

使用 - 

$row = mysql_fetch_array($sql);

查看您的会话以及评论中提到的Phil

session_start()

答案 1 :(得分:1)

替换代码

$row = mysqli_fetch_array($sql); to $row = mysql_fetch_array($login_check);  



if($count==1)
                    {

                        $id = $row['id'];
                        session_start();
                        $_SESSION['id'] = $id; 
                        //$row = mysqli_fetch_array($sql);
                        $username = $row['username'];  

                        $_SESSION['username'] = $username;
                        header("location: member_profile.php?id=$id");
                        exit();
                        } else {
                        echo "Wrong username or password";
                        return false;
                    }

如果表格中有任何ID字段,也请更改您的查询: 

$sql = "SELECT id,username,password FROM members WHERE username ='$username' AND password = '$hashedPass'";
相关问题
最新问题