当$ _SESSION变量在页面后随机变化时,排除故障的最佳方法是什么?

时间:2013-05-12 05:44:49

标签: php session post mysqli session-variables

我一直试图在过去的4个小时内修复此代码,似乎无法让它工作。 $ _SESSION变量在用户登录(或创建帐户)时设置,并在注销时销毁。然而,当我提交某个表单时,突然之前工作的$ _SESSION变量会抛出一个未定义的变量错误。我为大量内容道歉,但在尽职调查中,我得出结论,我自己找不到,必须向别人寻求帮助。

用户操作调用代码的顺序中的相关代码。

<?php
include 'db_connect.php';
include 'functions.php';
session_start();


// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];
$_SESSION['sessionInitialize'] = false;
// To protect mysqli injection (more detail about mysqli injection)
//$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$mypassword = md5(md5("SaLt".$mypassword."SaLt"));

$query = "SELECT * FROM secure_login.members WHERE username='" . $myusername . "' and password='" . $mypassword . "'";
$result = $mysqli->query($query) or die ($mysqli->error.__LINE__);

    // If result matched $myusername and $mypassword, table row must be 1 row
    if($result->num_rows == 1){
        initializeSessionVariables();
        // Register $myusername, $mypassword and redirect to file "acct.php"
        $_SESSION['currentUser']=$_POST['myusername']; 
        //$_SESSION['mypassword']=$_POST['mypassword']; 
        header("location:myAcct.php");
        }
    else {
        echo "Wrong Username or Password";
        header("location:index.php");
        }

$mysqli->close();
?>

为用户初始化相关会话变量的功能。

function initializeSessionVariables(){

    $_SESSION['currentUser'] = $_SESSION['currentUser'];
    $_SESSION['currentUserAcctId'] = "";
    $_SESSION['currentUserSummonerId'] = "";
    $_SESSION['currentUserLeagues'] = "";
    $_SESSION['currentUserEmail'] = "";
    $_SESSION['currentUserAvatarURL'] = "";
    $_SESSION['currentUserSummName'] = "";
    $_SESSION['currentUserRealName'] = "";
    $_SESSION['currentUserBday'] = "";
    $_SESSION['currentUserSecondEmail'] = "";
}

帐户页面。

<?php
    $summonerName=$_SESSION['currentUser'];
    echo "Current User: " . $_SESSION['currentUser'] . "<br>";
    echo "<br>Current User \$summonerName: " . $summonerName; 
    //Create prepared statement.
    $query = "SELECT * FROM `stats`.`summoners` WHERE `summoners`.`name`='" . $summonerName . "'";
    $result = $mysqli->query($query) or die ($mysqli->error.__LINE__);
    echo "<br>test<br><br>";
    Print_r ($result);
        //Run query if query object returned
        if ($result->num_rows == 0){
            echo "<h1>=0</h1>";
            //Free the result so it can be used in the following functions
            $result->free();
            getSummonerData(); //defined in functions.php
            injectSummonerData(); //defined in functions.php
            $query = "SELECT * FROM `stats`.`summoners` WHERE name='" . $summonerName . "'";
            $result = $mysqli->query($query) or die ($mysqli->error.__LINE__);
            //Get associative array for $result
            $row = $result->fetch_assoc();
            $_SESSION['currentUserAcctId'] = $row['acctId'];
            //Print data.
            printf ("<h3>Summoner Name: %s\n <br> Summoner Level: %s\n <br> AcctID: %s\n <br> SummonerID: %s</h3>", $row['name'], $row['summonerLevel'], $row['acctId'], $row['summonerId']);
            //Close result object
            //$result->close();
            echo "<br>";
            //Close DB Connection
            $mysqli->close();
        }
        else if($result->num_rows == 1){
            echo "<h1>=1</h1>";
            $row = $result->fetch_assoc();
            $_SESSION['currentUserAcctId'] = $row['acctId'];
            printf ("<h3>Summoner Name: %s\n <br> Summoner Level: %s\n <br> AcctID: %s\n <br> SummonerID: %s</h3>", $row['name'], $row['summonerLevel'], $row['acctId'], $row['summonerId']);
            echo "<br><h4>This data is already in the database. Did nothing.</h4>";
        }
    echo "<br>" . $_SESSION['currentUserAcctId'];
?>

Profile.php

<p>Profile info</p>
            <?php
                displayProfileInformation($_SESSION['currentUser']);
            ?>

displayProfileInformation Function

function displayProfileInformation($currentUser){
    include 'dbstat_connect.php';
    $query =  "SELECT * FROM `stats`.`userAccount` where `userAccount`.`profName` = '" . $currentUser ."'";
    if ($result = $mysqli->query($query) or die ($mysqli->error.__LINE__)){
        if ($result->num_rows == 1){
            $row = $result->fetch_assoc();
            echo "User Name: "; if(isset($currentUser)){echo $currentUser . "<br>";}
            echo "Email: "; if(isset($row['email'])){echo $row['email'] . "<br>"; $_SESSION['currentUserEmail'] = $row['email'];}
            echo "Avatar URL: "; if(isset($row['avatarURL'])){echo $row['avatarURL'] . "<br>"; $_SESSION['currentUserAvatarURL'] = $row['avatarURL'];}
            echo "Summoner Name: "; if(isset($row['summName'])){echo $row['summName'] . "<br>"; $_SESSION['currentUserSummName'] = $row['summName'];}
            echo "Real Name: "; if(isset($row['realName'])){echo $row['realName'] . "<br>"; $_SESSION['currentUserRealName'] = $row['realName'];}
            echo "Birthdate: "; if(isset($row['bday'])){echo $row['bday'] . "<br>"; $_SESSION['currentUserBday'] = $row['bday'];}
            echo "Secondary Email: "; if(isset($row['secondEmail'])){echo $row['secondEmail'] . "<br>"; $_SESSION['currentUserSecondEmail'] = $row['secondEmail'];}
            echo "<br>Dafuq yo =1";
        }
        else if ($result->num_rows == 0){
            echo "Dafuq yo =0";
            echo "User Name: " . $currentUser . "<br>";
            echo "Email: <br>";
            echo "Avatar URL: <br>";
            echo "Summoner Name: <br>";
            echo "Real Name: <br>";
            echo "Birthdate: <br>";
            echo "Secondary Email: <br>";
            echo "<h2>Enter what information you like by editing your profile below.</h2><br>";
        }
        else {
            echo "Critical Error: Contact Admin.";
        }


    }
}

editProfile.php

Edit Profile
        <?php editProfileInformationForm($_SESSION['currentUser']); ?>

editProfileInformationForm函数

function editProfileInformationForm($currentUser){
    echo "<form action='processEditProfile.php' method='post'>";
        echo "Profile Name: " . $_SESSION['currentUser'] . "<br>";
        echo "Account ID: " . $_SESSION['currentUserAcctId'] . "<br>";
        if (isset($_SESSION['currentUserEmail'])){
            echo "Email: <input name='email' type='text' id='email' value='" . $_SESSION['currentUserEmail'] . "'/><br />";
        }
        else {
            echo "Email: <input name='email' type='text' id='email' value=''/><br />";
        }
        if (isset($_SESSION['currentUserEmail'])){
            echo "Secondary Email: <input name='secEmail' type='text' id='secEmail' value='" . $_SESSION['currentUserSecondEmail'] . "' /><br />";
        }
        else {
            echo "Secondary Email: <input name=secEmail type='text' id=secEmail value=''/><br />";
        }
        if (isset($_SESSION['currentUserEmail'])){
            echo "Real Name: <input name='realName' type='text' id='realName' value='" . $_SESSION['currentUserRealName'] . "' /><br />";
        }
        else {
            echo "Real Name: <input name='realName' type='text' id='realName' value=''/><br />";
        }
        if (isset($_SESSION['currentUserAvatar'])){
            echo "Avatar: <input name='avatar' type='text' id='avatar' value='" . $_SESSION['currentUserAvatarURL'] . "'/><br />";
        }
        else {
            echo "Avatar: <input name='avatar' type='text' id='avatar' value=''/><br />";
        }
        if (isset($_SESSION['currentUserSummName'])){
            echo "Summoner Name: <input name='summName' type='text' id='summName' value='" . $_SESSION['currentUserSummName'] . "'/><br />";
        }
        else {
            echo "Summoner Name: <input name='summName' type='text' id='summName' value=''/><br />";
        }
        if (isset($_SESSION['currentUserBday'])){
            echo "Birthday: <input name='bday' type='text' id='bday' value='" . $_SESSION['currentUserBday'] . "'/><br />";
        }
        else {
            echo "Birthday: <input name='bday' type='text' id='bday' value=''/><br />";
        }
        echo "<small>(Bday Format~ YYYY-MM-DD)<small>";
    echo "<input type='submit' name='submit' value='Submit'>";
    echo "</form>";
}   

最后,这是2 $ _SESSION变量引发错误的地方。这似乎没有任何理由,因此我为什么要来找你们。

<?php
include 'dbstat_connect.php';
//include 'functions.php';
//echo $_SESSION['currentUser'] . "<br>";
//If stmt valid, prepare to insert profile info into `userAccount`
if ($stmt = $mysqli->prepare("INSERT INTO `stats`.`userAccount` values (". $_SESSION['currentUserAcctId'] . ", " 
    . $_SESSION['currentUser'] . ", ?, ?, ?, ?, ?, ?, NULL, NULL, NULL, NULL, NULL)")){
    //Bind paramaters
    if($stmt->bind_param('ssssss', $_POST['email'], $_POST['avatar'], $_POST['summName'],
        $_POST['realName'], $_POST['bday'], $_POST['secEmail'])){

        //Execute the query. If true, show proof. If false, display error.
        if($stmt->execute()){
            //Show proof of insertion
            echo "<h4>Your data has been inserted.</h4>";
        }
        //Check if stmt returned an error.
        else{
            Print_r ($stmt->get_warnings());
        }
        //Close statement
        $stmt->close();
    }
    //If $stmt statement returns an error, say so
    else if(!$stmt){
        printf ("Error: %s", $mysqli->error);
    }
    //Close DB Connection
    $mysqli->close();
}


echo $_POST['email'];


?>

我真的希望有人可以帮助我。我已经被困在这里很长一段时间了。

2 个答案:

答案 0 :(得分:3)

好像你忘了打电话给session_start();在你的上一个文件中;)

$query = "SELECT * FROM secure_login.members WHERE username='" . $myusername . "' and password='" . $mypassword . "'"; 

这个查询是顺便说一句。不安全,不受mysql注入保护。

您应该使用以下内容:

$query = "SELECT * FROM secure_login.members WHERE username='" . $mysqli->real_escape_string($myusername) . "' and password='" . $mysqli->real_escape_string($mypassword) . "'";

在$ myspassword上,escape-function可能是不必要的,因为这个值是经过哈希处理的。

答案 1 :(得分:1)

你确定你有吗

session_start();

在所有文件中,与此情况有关?

如果你想通过这些页面使用$ _SESSION变量,你必须拥有它。