我正在尝试使用PHP在我的登录脚本中设置会话,尽管它似乎没有设置任何会话。我将所有会话设置为写入路径'/'。我正在使用AJAX登录。
Start_secure_session功能:
function start_secure_session() {
$session_name = "CodeCluster";
$http_only = true;
$https = false;
ini_set("session.use_only_cookies", 1);
$cookie_parameters = session_get_cookie_params();
session_set_cookie_params($cookie_parameters['lifetime'], "/", $cookie_parameters['domain'], $https, $http_only);
session_name($session_name);
session_start();
session_regenerate_id(true);
}
登录功能:
function login($email, $password, $database) {
try {
$query = $database -> prepare("SELECT id, email, password, salt, activated FROM members WHERE email = :email LIMIT 1");
$query -> execute(
array(
"email" => $email
)
);
$info = $query -> fetch();
if(strlen($info[0]) > 0) {
if(account_is_locked($info['id'], $database)) {
echo "<response>Your account is locked, please try again in two hours!</response>";
exit();
} else {
if($info['activated'] == 1) {
$password = hash('sha512', $password.$info['salt']);
if($password === $info['password']) {
$_SESSION['cc_id'] = $info['id'];
$_SESSION['cc_email'] = $info['email'];
$_SESSION['cc_login_string'] = hash('sha512', $password.$_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);
$last_login = time();
$query = $database -> prepare("UPDATE members SET last_login = :last_login WHERE id = :id LIMIT 1");
$query -> execute(
array(
"last_login" => $last_login,
"id" => $info['id']
)
);
return true;
exit();
} else {
$query = $database -> prepare("INSERT INTO login_attempts(user_id, ip_address, attempt_time) VALUES (:id, :ip, :time)");
$query -> execute(
array(
"id" => $info['id'],
"ip" => $_SERVER['REMOTE_ADDR'],
"time" => time()
)
);
echo "<response>Email or password is incorrect! Please check your credentials!</response>";
exit();
}
} else {
echo "<response>Please activate your account! You should have received an email with an activation link!</response>";
exit();
}
}
} else {
echo "<response>Account with those details does not exist!</response>";
exit();
}
} catch(PDOException $e) {
echo "<response>We could not log you in; A report of the error has been sent to tech support!</response>";
mail("codecluster.official@gmail.com", "CodeCluster Login Error", "Login Error; Timestamp @ " . time() . " ; IP Address : " . $_SERVER['REMOTE_ADDR'] . " ;\r\n" . $e);
exit();
}
}
is_user_logged_in函数:
function is_user_logged_in($database) {
if(isset($_SESSION['cc_id'], $_SESSION['cc_email'], $_SESSION['cc_login_string'])) {
try {
foreach ($_SESSION as $session) {
strip_tags($session);
}
$query = $database -> prepare("SELECT password FROM members WHERE id = :id AND email = :email LIMIT 1");
$query -> execute(
array(
"id" => $_SESSION['cc_id'],
"email" => $_SESSION['cc_email']
)
);
if(strlen($query -> fetch()) > 0) {
$password = $query -> fetch();
$password = hash("sha512", $password.$_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);
if($password == $_SESSION['cc_login_string']) {
return true;
} else {
return false;
}
} else {
return false;
}
} catch(PDOException $e) {
mail("codecluster.official@gmail.com", "Code-Cluster Error", "Error occured whilst checking users logged in status; Timestamp @ ". time() . " ; \r\n" . $e);
return false;
exit();
}
} else {
return false;
}
}
当我if(is_user_logged_in($database)) {header("Location: home.php"); exit();}时,它不会重定向我。我已经测试了,似乎脚本无法找到让我相信它们为空的会话。
有什么理由说这是这样的吗?
编辑:我刚刚在index.php上对$ _SESSION执行了var_dump并打印出来: array(3){[“cc_id”] =&gt; string(1)“6”[“cc_email”] =&gt; string(24)“toxiclogic@hotmail.co.uk”[“cc_login_string”] =&gt; string(128)“这是编辑的,因为它是一个哈希密码”}编辑:“正在发送的标题”问题尚未解决此问题。
答案 0 :(得分:1)
在使用header()和session_start()之前,请勿输出任何内容。
检查空格。
将您的文件编码为UTF-8 without BOM。
答案 1 :(得分:0)
在致电session_start()之前,您在页面上有 ANYTHING (除了PHP评论)。将其移到每页顶部的函数外部。
另外,请确保在没有UTF-8的情况下对文件BOM进行编码。有关BOM是什么的更多信息,see here。