Question

我正在为我正在为网站的“成员”部分工作的网站创建一个非常基本的用户登录界面。我用$ _SESSION变量来存储信息。 ['access']存储关于是否允许用户访问的布尔值，如果用户名/密码不匹配（对于错误处理），则['invalid']为真，如果错误处理，则['no_attempt']为真用户尝试访问受限页面而不登录，['uri']存储他们尝试访问的页面的URI而不登录。

到目前为止，我对页面进行了编码，一切正常，但是当['no_attempt']为真时，错误信息永远不会显示。以下是我的网页摘录：

的login.php

session_start();
if(md5($_POST['username']) === '[username hash]' && md5($_POST['password']) === '[password hash]') {
    // allow access to members pages    
    $_SESSION['login']['allow'] = true;

    // clear error messages
    $_SESSION['login']['invalid'] = false;
    $_SESSION['login']['no_attempt'] = false;

    // if a url hasn't been stored for redirect, direct to the members home page
    if (!isset($_SESSION['login']['redirect']) || empty($_SESSION['login']['redirect'])) $_SESSION['login']['redirect'] = '/members';
    header("Location: {$_SESSION['login']['redirect']}");
}
else {
    $_SESSION['login']['invalid'] = true;
    header('Location: /');
}

每个受限制网页的开头都以此代码开头：

session_start();
if($_SESSION['login']['allow'] != true) {
    $_SESSION['login']['redirect'] = $_SERVER['REQUEST_URI'];
    $_SESSION['login']['no_attempt'] = true;
    header('Location: /');
}
require ('../assets/includes/site-header.php');

网站-的header.php
此页面在我网站的每个页面的开头调用。它有标题，导航栏和类似的东西。以下只是侧栏的会员登录部分。

if(isset($_SESSION['login']['allow']) && $_SESSION['login']['allow'] == true) {
    echo "<li><a href=\"/members\" id=\"members\">Members</a></li>\n";
}
else {
    echo "<li>\n";
    echo "<div class=\"expandable\">Members <span class=\"show-hide\">+</span></div>\n";
    echo "<div class=\"nav-details\">\n";
    if (isset($_SESSION['login']['invalid']) && $_SESSION['login']['invalid'] == true) {
        echo "<div id=\"login-error\">The username or password you<br />entered was incorrect.</div>\n";                                    
    }
    elseif (isset($_SESSION['login']['no_attempt']) && $_SESSION['login']['no_attempt'] == true) {
        echo "<div id=\"login-error\">You must login before<br />accessing that page.</div>\n";
    }
    echo "<form method=\"post\" action=\"/members/login.php\" id=\"login-form\">\n";
    echo "Username:<br />\n";
    echo "<input type=\"text\" name=\"username\" /><br /><br />\n";
    echo "Password:<br />\n";
    echo "<input type=\"password\" name=\"password\" /><br /><br />\n";
    echo "<input type=\"submit\" value=\"Login\" id=\"login-button\" />\n";
    echo "</form>\n";
    echo "</div>\n";
    echo "</li>\n";
}
$_SESSION['login']['invalid'] = false;
$_SESSION['login']['no_attempt'] = false;

Answer 1

我终于能够解决我的问题！错误是我在每个受限页面顶部包含的代码片段。我改变了：

session_start();
if($_SESSION['login']['allow'] != true) {
    $_SESSION['login']['redirect'] = $_SERVER['REQUEST_URI'];
    $_SESSION['login']['no_attempt'] = true;
    header('Location: /');
}
require ('../assets/includes/site-header.php');

到此：

session_start();
if($_SESSION['login']['allow'] != true) {
    $_SESSION['login']['redirect'] = $_SERVER['REQUEST_URI'];
    $_SESSION['login']['no_attempt'] = true;
    header('Location: /');
}
else {
    require ('../assets/includes/site-header.php');
}

我猜这与我在site-header.php上设置$_SESSION['login']['invalid'] = false; $_SESSION['login']['no_attempt'] = false;有关。我仍然是php的初学者，但我想也许是因为在页面重定向页面之前需要处理site-header.php上的php代码header('Location: /');如果有人知道这是为什么我的问题已得到解决，或者如果是其他问题，我会很高兴听到它！

Answer 2

将代码的这一部分分开......

   elseif (isset($_SESSION['login']['no_attempt']) && $_SESSION['login']['no_attempt'] == true) {
    echo "<div id=\"login-error\">You must login before<br />accessing that page.</div>\n";
}

以下......

    elseif(isset($_SESSION['login']['no_attempt'])
    {
        if($_SESSION['login']['no_attempt'] === true)
          {
                echo "<div id=\"login-error\">You must login before<br />accessing that page.</div>\n";
          }
    }

看看是否有效。注意我使用'==='运算符......这可以确保它是'相同'

PHP $ _SESSION变量出乎意料地行动

2 个答案: