我做了这段代码:
文件index.php:
<?php
if (isset($_POST['valider']))
{ if (!isset($_SESSION)) { session_start(); }
require("function.php");
$email = mysql_escape_string($_POST['email']);
$password = mysql_escape_string($_POST['password']);
if(!VerifierAdresseMail($email)){?>
<script>alert('invalid mail');</script>
<?php
}
else{
if(!authentification($email,$password))
{?>
<script>alert('logging failed');</script>
<?php
}
else{
header('Location: choice.php');
}}
}
?>
在function.php中:
<?php
function VerifierAdresseMail($adresse)
{
$Syntaxe='#^[\w.-]+@[\w.-]+\.[a-zA-Z]{2,6}$#';
if(preg_match($Syntaxe,$adresse))
return true;
else
return false;
}
function statistics($id){
$HOST_DB ="localhost";
$NAME_DB="makempf3_captcha";
$USER_DB ="root";
$PWD_DB="";
$connect = mysql_connect($HOST_DB,$USER_DB,$PWD_DB);
$db=mysql_select_db($NAME_DB);
?><script>alert(<?php echo $cle ?>);</script><?php
$Log_query=mysql_query(
"
SELECT *
FROM tbl_captcha
WHERE user_id ='$id'
") or die(mysql_error());
$_SESSION['success'] =0;
$_SESSION['fail'] =0;
if ($Log_query == true && mysql_num_rows($Log_query) >0) {
?><script>alert('heni');</script><?php
while ($Res_user = mysql_fetch_array($Log_query) ) {
$_SESSION['success'] += $Res_user['success'];
$_SESSION['fail'] += $Res_user['fail'];
}
}
}
function authentification($mail,$pwd_U){
$HOST_DB ="localhost";
$NAME_DB="makempf3_captcha";
$USER_DB ="root";
$PWD_DB="";
$connect = mysql_connect($HOST_DB,$USER_DB,$PWD_DB);
$db=mysql_select_db($NAME_DB);
$Log_query=mysql_query(
"
SELECT *
FROM tbl_user
WHERE email ='$mail'
AND user_pass ='$pwd_U'
") or die(mysql_error());
if ($Log_query == true && mysql_num_rows($Log_query) >0) {
$Res = array();
while ($Res_user = mysql_fetch_array($Log_query) ) {
$_SESSION['mail'] = $mail;
$_SESSION['pwd'] = $pwd_U;
$_SESSION['id'] = $Res_user['id'];
}
return true;
}
else return false;
}
?>
当我在choice.php中验证$ _SESSION ['id']时,它为null,但在index.php(重定向之前)中它有一个值。我不明白为什么我失去了这个会话变量
答案 0 :(得分:2)
你的isset()检查是不够的,因为它只会在$_SESSION为NULL时执行,并且它永远不会 - 它是一个空数组而不是它总是存在,甚至在你调用之前session_start()。
答案 1 :(得分:0)
您必须始终运行session_start();才能使用会话,即使您只是阅读它们。此外,$_SESSION是一个超全局,因此它永远不会为空:http://php.net/manual/en/reserved.variables.session.php。
答案 2 :(得分:0)
您可以在没有isset()检查的情况下运行session_start。从手册:
session_start()根据通过GET或POST请求传递的会话标识符创建会话或恢复当前会话,或通过cookie传递。
不要忘记在choice.php中运行session_start
答案 3 :(得分:0)
你的Index.php应该是这样的。你永远不应该告诉用户他们错误的登录部分.....只是它失败了。
<?php
session_start();
require("function.php");
if (isset($_POST['valider']))
{
$email = mysql_escape_string($_POST['email']);
$password = mysql_escape_string($_POST['password']);
if(VerifierAdresseMail($email) && authentification($email,$password))
{
header('Location: choice.php');
}
else
{
echo "Invalid Login";
}
?>