PHP会话在不同的环境中发布

时间:2013-03-23 01:04:16

标签: php mysql session web localhost

我正在通过会话传递用户变量。它在localhost上工作正常,但一旦在Web服务器上它就会做出奇怪的事情。

登录后,会话变量按原样工作.....直到你点击大约三页然后突然变为POOF!

请注意“Welcome, jordan.”而不是“Welcome, .”也是左上角。

会议功能: http://imageshack.us/photo/my-images/32/loggedins.png/

会话POOF! http://imageshack.us/photo/my-images/515/loggedinno.png/

登录/创建会话变量代码:

<?php
        include_once 'gtheader.php';
        if (!isset($_SESSION['user']))
        {
        if (isset($_POST['user']))
        {
        $user = sanitizeString($_POST['user']);
        $pass = sanitizeString($_POST['pass']);
        if (preg_match($txtMatch,$user))
        {
        if ($user == "" || $pass == "")
        {
        $error = "Please enter all required fields";
        }
        else
        {
        $query = "SELECT * FROM gtmembers WHERE user='$user'";
        $result = queryMysql($query);
        $rank = mysql_result($result, 0, 'rank');
        if (!mysql_num_rows($result))
        {
        $error = "Username does not exist.";
        }
        else
        {
        $getPass = mysql_result($result, 0, 'pass');
        $salt = substr($getPass, 0, 64);
        $hash = $salt . $pass;
        for ($i = 0; $i < 100000; $i++) 
        {
        $hash = hash('sha256', $hash);
        }
        $hash = $salt . $hash;
        if ($hash == $getPass)
        {
        if ($rank != "Banned")
        {
        $userLow = strtolower($user);
        $_SESSION['user'] = $userLow;
        $_SESSION['rank'] = $rank;
        echo <<<_END
        <script type="text/javascript">
        window.location.href='index.php';
        </script>
        _END;
        echo "Successfully logged in. Click <a href='index.php'>here</a> to continue.";
        }

标题代码:

        <?php //gtheader.php
        session_start();
        include_once 'gtfunctions.php';
        $loggedIn = FALSE;

        if (isset($_SESSION['user']))
        {
        $user = $_SESSION['user'];
        if ($user) echo "Current User: $user<br />";
        else echo "Current User: None<br />";
        $rank = $_SESSION['rank'];
        $loggedIn = TRUE;
        echo "is set SESSION['user']? Yes";
        }
        else echo "is set SESSION['user']? No";

        echo "<div id='header'><a class='header' href='index.php'> <h1 id='headerTitle'>$appname</h1></a>";
        if ($loggedIn == TRUE)
        {
        $query = "SELECT * FROM gtmessages WHERE recip='$user' AND status='0'";
        $result = queryMysql($query);
        if (mysql_num_rows($result) == 0) $num = "";
        else $num = "[".mysql_num_rows($result)."]";
        if ($rank == 'Owner' || $rank == 'Admin')
        {
        echo "Welcome, <a class='header' href='gtmembers.php?view=$user'>$user</a><a     class='header' href='gtmessage.php'>$num</a>. [<a class='header'     href='gtlogout.php'>Logout</a>] | <a class='header' href='gtadmin.php'>Admin</a><br />";
        }
        else
        {
        echo "Welcome, <a class='header' href='gtmembers.php?view=$user'>$user</a><a     class='header' href='gtmessage.php'>$num</a>. [<a class='header'     href='gtlogout.php'>Logout</a>]<br />";
        }
        }
?>

1 个答案:

答案 0 :(得分:1)

即使数组为空,

isset()也会为数组返回true。

您应该使用!empty()

<强>更新 还要确保服务器配置为以相同的方式存储变量。

更新2

    <?php
            error_reporting(E_ALL);
            ini_set("display_errors", 1); 
    include_once 'gtheader.php';
    if (empty($_SESSION['user'])){
        if (!empty($_POST['user'])){
            $user = sanitizeString($_POST['user']);
            $pass = sanitizeString($_POST['pass']);
            if (preg_match($txtMatch,$user)){
                if (empty($user) || empty($pass)){
                    $error = "Please enter all required fields";
                }else{
                    $query = "SELECT * FROM gtmembers WHERE user='".mysql_real_escape_string($user)."'";
                    $result = queryMysql($query);
                    $rank = mysql_result($result, 0, 'rank');
                }
            }
            if (!mysql_num_rows($result)){
                $error = "Username does not exist.";
            }else{
                $getPass = mysql_result($result, 0, 'pass');
                $salt = substr($getPass, 0, 64);
                $hash = $salt . $pass;
                for ($i = 0; $i < 100000; $i++){
                    $hash = hash('sha256', $hash);
                }
                $hash = $salt . $hash;
                if ($hash == $getPass){
                    if ($rank !== "Banned"){
                        $userLow = strtolower($user);
                        $_SESSION['user'] = $userLow;
                        $_SESSION['rank'] = $rank;
                        echo "<script type=\"text/javascript\">window.location.href='index.php';</script>";
                        echo "Successfully logged in. Click <a href='index.php'>here</a> to continue.";
                    }
                }
            }
        }
    }
    ?>

gtheader.php

    <?php //gtheader.php
    session_start();
            error_reporting(E_ALL);
            ini_set("display_errors", 1); 

            include_once 'gtfunctions.php';
            $loggedIn = FALSE;

            if(session_id() == "")
            {   session_start(); } 

            if(empty($_REQUEST['PHPSESSID'])){
                $session_id = session_id();
            } else {
                $session_id = $_REQUEST['PHPSESSID'];   
            }

            if (!empty($_SESSION['user'])){

                //This is not safe at all. Someone could change the user to %
                $user = $_SESSION['user'];

                    echo "Current User: $user<br />";
                //This is not safe either. Someone could change their rank to Admin.
                $rank = $_SESSION['rank'];

                $loggedIn = TRUE;
                echo "is set SESSION['user']? Yes";
            } else {
             $user = '';
             $rank = '';
             echo "is set SESSION['user']? No";
            }

            echo "<div id='header'><a class='header' href='index.php'> <h1 id='headerTitle'>$appname</h1></a>";
            if ($loggedIn == TRUE){
            //without filtering, someone could set the user to % which would return everyone from the DB.       
            $query = "SELECT * FROM gtmessages WHERE recip='".mysql_real_escape_string($user)."' AND status='0'";
            //This is not a standard function so we're assuming it's set in gtfunctions.php
            $result = queryMysql($query);
            //Here you're only checking if this is set, not how many
            if (empty(mysql_num_rows($result))){
                 $num = "";} else {
                     //If they trick your SQL statement into returning more than one...
                     $num = "[".mysql_num_rows($result)."]";
                 }
            if ($rank == 'Owner' || $rank == 'Admin')
            {
            echo "Welcome, <a class='header' href='gtmembers.php?view=$user'>$user</a><a class='header' href='gtmessage.php'>$num</a>. [<a class='header' href='gtlogout.php'>Logout</a>] | <a class='header' href='gtadmin.php'>Admin</a><br />";
            } else {
            echo "Welcome, <a class='header' href='gtmembers.php?view=$user'>$user</a><a     class='header' href='gtmessage.php'>$num</a>. [<a class='header'     href='gtlogout.php'>Logout</a>]<br />";
            }
       }
    ?>

你需要在Firefox中使用像Firebug这样的东西来检查标题,看看它是否正在为你的会话传递一个cookie,或者是否只在服务器端存储会话。如果会话是通过GET变量传递的。

对用户提供的信息(如会话)有很多盲目信任。有人可能会劫持会话或欺骗更高的用户名或排名。代码中没有检查是否正确设置了用户等级。

我清理了gtheader下的一些SQL内容。再一次,盲目信任直接传递给SQL的东西。如果执行查询的SQL用户具有对表的写访问权,那么您可能会发生注入攻击。