PHP / MYSQL如何给_SESSION命名

时间:2013-06-17 22:52:30

标签: php mysql session session-timeout sessionid

我是PHP的新手,我正在尝试建立一个包含会员登录的网站(没有会员面板)。我有一个简单的网页,只有在您登录时才能查看某些页面。

您能否告诉我如何给_SESSION提供临时名称?

这是登录脚本:

if (isset($_POST['formsubmitted'])) {
// Initialize a session:
session_start();
$error = array();//this aaray will store all error messages


if (empty($_POST['e-mail'])) {//if the email supplied is empty 
    $error[] = 'You forgot to enter  your Email ';
} else {


    if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['e-mail'])) {

        $Email = $_POST['e-mail'];
    } else {
         $error[] = 'Your EMail Address is invalid  ';
    }


}


if (empty($_POST['Password'])) {
    $error[] = 'Please Enter Your Password ';
} else {
    $Password = $_POST['Password'];
}


   if (empty($error))//if the array is empty , it means no error found
{ 



    $query_check_credentials = "SELECT * FROM members WHERE (Email='$Email' AND password='$Password' AND Aprobat='DA') AND Activation IS NULL";



    $result_check_credentials = mysqli_query($dbc, $query_check_credentials);
    if(!$result_check_credentials){//If the Query Failed 
        echo 'Query Failed ';
    }

    if (@mysqli_num_rows($result_check_credentials) == 1)//if Query is successful 
    { // A match was made.




        $_SESSION = mysqli_fetch_array($result_check_credentials, MYSQLI_ASSOC);//Assign the result of this query to SESSION Global Variable
        $_SESSION['start'] = time(); // taking now logged in time
        $_SESSION['expire'] = $_SESSION['start'] + (30 * 60) ;
        header("Location: about.php");


    }else
    { 

        $msg_error= 'Either Your Account is inactive or Email address /Password is  Incorrect';
    }

}  else {



echo '<div class="errormsgbox"> <ol>';
    foreach ($error as $key => $values) {

        echo '  <li>'.$values.'</li>';



    }
    echo '</ol></div>';

}


if(isset($msg_error)){

    echo '<div class="warning">'.$msg_error.' </div>';
}
/// var_dump($error);
mysqli_close($dbc);

}

这是只能由登录用户查看的页面脚本。

ob_start();
session_start();
if(!isset($_SESSION['Username'])){
     header("Location: login.php");
session_destroy();
}

这是注销脚本:

session_start();
unset($_SESSION["username"]);  // where $_SESSION["nome"] is your own variable. if you do not have one use only this as follow **session_unset();**
session_destroy();
header("Location: index.php");

如果有人帮我改进这个脚本,我真的很赞。 我想要的另一件事是我是否正确设置_SESSION过期。

m trying to use Prepared statement and I don知道如何使用它。

这是带有Prepared语句的代码,我收到此错误:致命错误:在第38行的/home/siteseby/public_html/login.php中的非对象上调用成员函数bind_param()

if (isset($_POST['formsubmitted'])) {
// Initialize a session:
session_start();
$error = array();//this aaray will store all error messages


if (empty($_POST['e-mail'])) {//if the email supplied is empty 
    $error[] = 'You forgot to enter  your Email ';
} else {


    if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['e-mail'])) {

        $Email = $_POST['e-mail'];
    } else {
         $error[] = 'Your EMail Address is invalid  ';
    }


}


if (empty($_POST['Password'])) {
    $error[] = 'Please Enter Your Password ';
} else {
    $Password = $_POST['Password'];
}


   if (empty($error))//if the array is empty , it means no error found
{ 

$qstmt = "SELECT * FROM users WHERE (Email = ? AND password = ? AND Aprobat='DA') AND Activation IS NULL";
$stmt = $dbc->prepare($qstmt);
$stmt->bind_param($Email, $Password);
$query_check_credentials = $stmt->execute();
$result_check_credentials = $query_check_credentials;
    if(!$result_check_credentials){//If the QUery Failed 
        echo 'Query Failed ';
    }

    if (@mysqli_num_rows($result_check_credentials) == 1)//if Query is successfull 
    { // A match was made.




        $_SESSION = mysqli_fetch_array($result_check_credentials, MYSQLI_ASSOC);//Assign the result of this query to SESSION Global Variable
        $_SESSION['start'] = time(); // taking now logged in time
        $_SESSION['expire'] = $_SESSION['start'] + (2 * 60) ;
        $_SESSION['email'] = $Email;
        header("Location: about.php");
        exit;


    }else
    { 

        $msg_error= 'Either Your Account is inactive or Email address /Password is Incorrect';
    }

}  else {



echo '<div class="errormsgbox"> <ol>';
    foreach ($error as $key => $values) {

        echo '  <li>'.$values.'</li>';



    }
    echo '</ol></div>';

}


if(isset($msg_error)){

    echo '<div class="warning">'.$msg_error.' </div>';
}
/// var_dump($error);
mysqli_close($dbc);

} // End of the main Submit conditional.

2 个答案:

答案 0 :(得分:0)

一切似乎都很好......(对于一个新手,至少)

至于你如何处理会话,我建议你在stackoverflow中检查会话劫持/固定相关的Q / A.或者更好的是,使用SSL加密您的数据。话虽这么说,我认为你会更好,使用预备语句和命名参数来处理你的mysql查询,而不是笨拙的方式(Email='$Email' AND password='$Password再次,你会在这里很容易找到教程。

最后但并非最不重要的是,良好的代码格式,避免错误抑制,如if (@mysqli_,并且在标题重定向之后不使用退出,即仅使用header("Location: login.php");通常被认为是错误的想法。

答案 1 :(得分:0)

首先,您必须在代码的开头调用session_start(),因为与会话创建相关联的cookie是在HTTP标头中发送的。接下来,在登录脚本的末尾,设置一个会话:

$_SESSION['email'] = $email;

现在已经设置了会话,您应该在用户需要登录的每个页面中检查它以查看(记得在输出任何内容之前以session_start()开头):

session_start();
if (isset($_SESSION['email'] {

//whatever should happen with a logged-in user
}

请记住,如果以前设置过,我们只能使用自定义会话,我这样说是因为我看到你在没有先设置“用户名”会话的情况下通过了if(!isset($_SESSION['Username']))

相关问题
最新问题