我正在通过会话传递用户变量。它在localhost上工作正常,但一旦在Web服务器上它就会做出奇怪的事情。
登录后,会话变量按原样工作.....直到你点击大约三页然后突然变为POOF!
请注意“Welcome, jordan.
”而不是“Welcome, .
”也是左上角。
会议功能: http://imageshack.us/photo/my-images/32/loggedins.png/
会话POOF! http://imageshack.us/photo/my-images/515/loggedinno.png/
登录/创建会话变量代码:
<?php
include_once 'gtheader.php';
if (!isset($_SESSION['user']))
{
if (isset($_POST['user']))
{
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if (preg_match($txtMatch,$user))
{
if ($user == "" || $pass == "")
{
$error = "Please enter all required fields";
}
else
{
$query = "SELECT * FROM gtmembers WHERE user='$user'";
$result = queryMysql($query);
$rank = mysql_result($result, 0, 'rank');
if (!mysql_num_rows($result))
{
$error = "Username does not exist.";
}
else
{
$getPass = mysql_result($result, 0, 'pass');
$salt = substr($getPass, 0, 64);
$hash = $salt . $pass;
for ($i = 0; $i < 100000; $i++)
{
$hash = hash('sha256', $hash);
}
$hash = $salt . $hash;
if ($hash == $getPass)
{
if ($rank != "Banned")
{
$userLow = strtolower($user);
$_SESSION['user'] = $userLow;
$_SESSION['rank'] = $rank;
echo <<<_END
<script type="text/javascript">
window.location.href='index.php';
</script>
_END;
echo "Successfully logged in. Click <a href='index.php'>here</a> to continue.";
}
标题代码:
<?php //gtheader.php
session_start();
include_once 'gtfunctions.php';
$loggedIn = FALSE;
if (isset($_SESSION['user']))
{
$user = $_SESSION['user'];
if ($user) echo "Current User: $user<br />";
else echo "Current User: None<br />";
$rank = $_SESSION['rank'];
$loggedIn = TRUE;
echo "is set SESSION['user']? Yes";
}
else echo "is set SESSION['user']? No";
echo "<div id='header'><a class='header' href='index.php'> <h1 id='headerTitle'>$appname</h1></a>";
if ($loggedIn == TRUE)
{
$query = "SELECT * FROM gtmessages WHERE recip='$user' AND status='0'";
$result = queryMysql($query);
if (mysql_num_rows($result) == 0) $num = "";
else $num = "[".mysql_num_rows($result)."]";
if ($rank == 'Owner' || $rank == 'Admin')
{
echo "Welcome, <a class='header' href='gtmembers.php?view=$user'>$user</a><a class='header' href='gtmessage.php'>$num</a>. [<a class='header' href='gtlogout.php'>Logout</a>] | <a class='header' href='gtadmin.php'>Admin</a><br />";
}
else
{
echo "Welcome, <a class='header' href='gtmembers.php?view=$user'>$user</a><a class='header' href='gtmessage.php'>$num</a>. [<a class='header' href='gtlogout.php'>Logout</a>]<br />";
}
}
?>
答案 0 :(得分:1)
isset()也会为数组返回true。
您应该使用!empty()。
<强>更新强> 还要确保服务器配置为以相同的方式存储变量。
更新2
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
include_once 'gtheader.php';
if (empty($_SESSION['user'])){
if (!empty($_POST['user'])){
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if (preg_match($txtMatch,$user)){
if (empty($user) || empty($pass)){
$error = "Please enter all required fields";
}else{
$query = "SELECT * FROM gtmembers WHERE user='".mysql_real_escape_string($user)."'";
$result = queryMysql($query);
$rank = mysql_result($result, 0, 'rank');
}
}
if (!mysql_num_rows($result)){
$error = "Username does not exist.";
}else{
$getPass = mysql_result($result, 0, 'pass');
$salt = substr($getPass, 0, 64);
$hash = $salt . $pass;
for ($i = 0; $i < 100000; $i++){
$hash = hash('sha256', $hash);
}
$hash = $salt . $hash;
if ($hash == $getPass){
if ($rank !== "Banned"){
$userLow = strtolower($user);
$_SESSION['user'] = $userLow;
$_SESSION['rank'] = $rank;
echo "<script type=\"text/javascript\">window.location.href='index.php';</script>";
echo "Successfully logged in. Click <a href='index.php'>here</a> to continue.";
}
}
}
}
}
?>
gtheader.php
<?php //gtheader.php
session_start();
error_reporting(E_ALL);
ini_set("display_errors", 1);
include_once 'gtfunctions.php';
$loggedIn = FALSE;
if(session_id() == "")
{ session_start(); }
if(empty($_REQUEST['PHPSESSID'])){
$session_id = session_id();
} else {
$session_id = $_REQUEST['PHPSESSID'];
}
if (!empty($_SESSION['user'])){
//This is not safe at all. Someone could change the user to %
$user = $_SESSION['user'];
echo "Current User: $user<br />";
//This is not safe either. Someone could change their rank to Admin.
$rank = $_SESSION['rank'];
$loggedIn = TRUE;
echo "is set SESSION['user']? Yes";
} else {
$user = '';
$rank = '';
echo "is set SESSION['user']? No";
}
echo "<div id='header'><a class='header' href='index.php'> <h1 id='headerTitle'>$appname</h1></a>";
if ($loggedIn == TRUE){
//without filtering, someone could set the user to % which would return everyone from the DB.
$query = "SELECT * FROM gtmessages WHERE recip='".mysql_real_escape_string($user)."' AND status='0'";
//This is not a standard function so we're assuming it's set in gtfunctions.php
$result = queryMysql($query);
//Here you're only checking if this is set, not how many
if (empty(mysql_num_rows($result))){
$num = "";} else {
//If they trick your SQL statement into returning more than one...
$num = "[".mysql_num_rows($result)."]";
}
if ($rank == 'Owner' || $rank == 'Admin')
{
echo "Welcome, <a class='header' href='gtmembers.php?view=$user'>$user</a><a class='header' href='gtmessage.php'>$num</a>. [<a class='header' href='gtlogout.php'>Logout</a>] | <a class='header' href='gtadmin.php'>Admin</a><br />";
} else {
echo "Welcome, <a class='header' href='gtmembers.php?view=$user'>$user</a><a class='header' href='gtmessage.php'>$num</a>. [<a class='header' href='gtlogout.php'>Logout</a>]<br />";
}
}
?>
你需要在Firefox中使用像Firebug这样的东西来检查标题,看看它是否正在为你的会话传递一个cookie,或者是否只在服务器端存储会话。如果会话是通过GET变量传递的。
对用户提供的信息(如会话)有很多盲目信任。有人可能会劫持会话或欺骗更高的用户名或排名。代码中没有检查是否正确设置了用户等级。
我清理了gtheader下的一些SQL内容。再一次,盲目信任直接传递给SQL的东西。如果执行查询的SQL用户具有对表的写访问权,那么您可能会发生注入攻击。