我有一个基本登录设置,供用户访问文档请求表单。 它工作正常,除了我第一次登录。第一次,我被重定向到正确的页面,$ _GET变量清楚地显示登录成功,但会话已被杀死/重新生成,所以它包括登录表单而不是帐户页面。它只在我打开浏览器后第一次登录时发生。
这让我头疼了好几天。我有session_start();在所有内容之前,在标题之前没有发送任何内容,所以我没有得到它。以下是代码。
partner_login.php
<?php session_start();
$_SESSION['logtoken']=sha1(microtime('get_as_float'));
$_SESSION['reqtoken']=sha1(microtime('get_as_float'));
//I set some text vars here
if(isset($_SESSION['loginsuccess'])&&($_SESSION['loginsuccess']=="1")){
include_once('sqlconnect.php');
$thisuser=$_SESSION['username'];
$query="SELECT * FROM userinfo WHERE username='$thisuser'";
$result=$mysqli->query($query);
$row = $result->fetch_assoc();
$firstname=$row['firstname'];
$lastname=$row['lastname'];
}
$thiscontent=(isset($_SESSION['loginsuccess'])&&$_SESSION['loginsuccess']=="1")?include('account.php'):include('loginform.php');
$insideCONTENTHOLDER="
<div id='CONTENT' style='width:741px;min-height:800px;background-color:white;float:right;border-right:4px solid #a0a0a0;border-top:4px solid #a0a0a0;padding:20px;'>
".$txt['TITLE']."<p>".$txt['TEXT']."<p>".$thiscontent."</div><!--END CONTENT DIV-->";
include_once('template.php');
?>
logingate.php
<?php session_start();
if (!isset($_SESSION['logtoken'])||!isset($_POST['token'])||(empty($_SESSION['logtoken']))||(empty($_POST['token']))||($_SESSION['logtoken'] != $_POST['token'])) {
$_SESSION['loginsuccess'] = "0";
header( "Location: partner_login.php?loginfail=1&err=6" );//err 6 == session token!=post token
}
elseif (!isset($_POST['username']) || !isset($_POST['password'])) {
header( "Location: partner_login.php?loginfail=1&err=0" );//err 0 == one of them was not set
}
elseif (empty($_POST['username']) || empty($_POST['password'])) {
header( "Location: partner_login.php?loginfail=1&err=00" );//err 00 == one of them was empty
}
else{
//connect to database $db, char set UTF_8
include_once('sqlconnect.php');
//sql injection protect
function clean($thisvar){
$thisvar=$mysqli->real_escape_string($thisvar);
return $thisvar;
}
//escape all input
$user = $mysqli->real_escape_string($_POST['username']);
$pass = $mysqli->real_escape_string($_POST['password']);
//salt and hash password from table
$query="SELECT * FROM userinfo WHERE username='$user'";
$result1=$mysqli->query($query);
$row = $result1->fetch_assoc();
$passhash = sha1($pass.$row['salt']);
//check that at least one row was returned
$query2="SELECT * FROM userinfo WHERE username='$user' and passwordhash='$passhash'";
$result=$mysqli->query($query2);
$rowCheck = $result->num_rows;
if($rowCheck > 0){
//session variables
$_SESSION['username'] = $user;
$_SESSION['loginsuccess'] = "1";
header( "Location: partner_login.php?lsuccess=1&user=$user" );
}
else {
header( "Location: partner_login.php?loginfail=1&err=9" ); //err 9 == username and password don't match in table
}
}
?>
以下是会话的phpinfo()部分:
会话支持已启用已注册的存储处理程序文件用户sqlite
已注册的序列化处理程序php php_binary wddx 指令本地值主值session.auto_start关闭session.bug_compat_42 On On session.bug_compat_warn On On session.cache_expire 180 180 session.cache_limiter nocache nocache
session.cookie_domain没有值没有值
session.cookie_httponly Off off session.cookie_lifetime 0 0
session.cookie_path / / session.cookie_secure关闭关闭 session.entropy_file没有值没有值session.entropy_length 0 0
session.gc_divisor 100 100 session.gc_maxlifetime 1440 1440
session.gc_probability 1 1 session.hash_bits_per_character 4 4
session.hash_function 0 0 session.name PHPSESSID PHPSESSID
session.referer_check没有值没有值
session.save_handler文件文件session.save_path / tmp / tmp
session.serialize_handler php php session.use_cookies On On session.use_only_cookies Off off session.use_trans_sid 0 0
谢谢你的帮助!
答案 0 :(得分:3)
我曾经遇到过类似的问题,但是如果Sessions没有从“www”传递到没有“www”的话。因此,要解决此问题,请使用www将所有用户重定向到您的网站。或者在加载页面的其余部分之前没有www。
我希望这会有所帮助
答案 1 :(得分:-1)
在第一行中使用下面的代码访问拳头出现的页面,例如index.php
session_start();