页面之间的PHP会话行为不规律

时间:2013-08-31 12:19:38

标签: php session

我的网站上有一个“登录”页面,由“login-act”脚本处理,成功后会重定向到“帖子”页面。 “帖子”页面具有发布各种类型内容的链接,例如, “后的音频”。 'post'页面工作正常,因为它显示用户名,如果经过身份验证,但从那时起它就是灾难:如果经过身份验证的用户点击'post-audio',它会以某种方式将其记录下来并将其重定向到登录页面。但是,过了一段时间,(或者如果我在'后音频'脚本中制作和撤消更改),它再次正常工作。这让我疯了。你能帮忙吗?

登录-act.php:

<? ob_start();//Start buffer output ?>

<html>

<head>
<link rel="stylesheet" type="text/css" href="mystyle-a.css">
<title>BQuotes CMS: User Generated Content: Login Notification</title>
</head>

<body class='center'>

<?php
session_start();
if(isset($_POST["captcha"])&&$_POST["captcha"]!=""&&$_SESSION["code"]==$_POST["captcha"])
{
// echo "<font color='green'>Correct Code Entered";

//Do req





$host="host"; // Host name 
$username="user"; // Mysql username 
$password="password"; // Mysql password 
$db_name="db"; // Database name 
$tbl_name="table"; // Table name 
$tbl_name2="table2"; // Table name 2

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Get values from form 
$myusername=mysql_real_escape_string($_POST['myusername']);
$mypassword=mysql_real_escape_string($_POST['mypassword']);

// Validate the login
$sql2="SELECT * FROM $tbl_name2 WHERE username='$myusername' and password='$mypassword'";
$result2=mysql_query($sql2);

$count=mysql_num_rows($result2);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
             {
session_start();             
$_SESSION['myusername'] = $myusername;
header ("Location: mybq-post.php");

             }

else {
echo "<div class='center2'><font color='red'>Invalid Login Details. Not Logged In.</div>";
echo "<br>";
echo "<div class='center2'><font color='red'>Please go back and try again.</div>";
echo "<br>";

echo "<div class='center2'><a href='mybq-login.php'>Back</a></div>";
}


}

else {
echo "<div class='center2'><font color='red'>Wrong Captcha. Not Logged In.</div>";
echo "<br>";
echo "<div class='center2'><font color='red'>Please go back and try again.</div>";
echo "<br>";

echo "<div class='center2'><a href='mybq-login.php'>Back</a></div>";
}
?>


<?php 
// close connection 
//mysql_close();
?>


 </body> </html>
<? ob_flush();//Flush buffer output ?>

post.php中:

<?php

session_start();

if (!(isset($_SESSION['myusername']) && $_SESSION['myusername'] != '')) {

header ("Location: mybq-login.php");

}

if ($_SESSION['timeout'] + 10 * 60 < time()) {
// session timed out
session_destroy();
//header("Location: mybq-logout.php");
  }

$_SESSION['timeout'] = time();


echo "<body class='left'><header><a href='mybq-logout.php'>Logout</a></header></body>" . $_SESSION['myusername'];

?>

<html>

<head>
<link rel="stylesheet" type="text/css" href="mystyle-a.css">
<title>BQuotes CMS: User Generated Content: Post Index</title>
</head>

<body class='center'>

<div class='center2'>
<b>MyBQuotes Post</b><br>
<a href='mybq-post-txt.php'>Post Text</a> <a href='mybq-post-img.php'>Post Image</a><br>
<a href='mybq-post-audio.php'>Post Audio</a> <a href='mybq-post-video.php'>Post Video<br>
<a href='index.php'>CMS Index</a> <a href='mybq-index.php'>MyBQuotes Main</a><br>
<font size="0.5px;" color="red"><b>Disclaimer: </b>Poster solely responsible for posted content!
</div>

 </body> </html>

-audio.php后:

<?php

session_start();

if (!(isset($_SESSION['myusername']) && $_SESSION['myusername'] != '')) {

header ("Location: mybq-login.php");

}

if ($_SESSION['timeout'] + 10 * 60 < time()) {
// session timed out
session_destroy();
//header("Location: mybq-logout.php");
  }

$_SESSION['timeout'] = time();  


echo "<body class='left'><header><a href='mybq-logout.php'>Logout</a></header></body>" . $_SESSION['myusername'];
?>

<html>

<head>
<link rel="stylesheet" type="text/css" href="mystyle-a.css">
<title>BQuotes CMS: User Generated Content: Post Audio</title>
</head>

<div class='center2'>
<body class='center'>
<b>MyBQuotes Post Audio:</b><br>
<font size=2>Allowed File Type: MP3<br />
Max File Size: 8MB</p>
<form name=mybq-post-audio action="mybq-post-audio-act.php" method="post" enctype="multipart/form-data">

<!--
Username:<br />
<input type="text" size="25" name="myusername" /><br />
Password:<br />
<input type="password" size="25" name="mypassword" /><br />
-->

Audio:<br />
<input type="file" name="audio" id="myaudio" /><br />
Tag:<br />
<input type="text" size="25" name="mytag" /><br />

Enter Image Text:<br />
<input name="captcha" type="text">
<img src="captcha.php" /><br>

<input type="submit" value="Post" /><br />
</form>
<a href="forg-pass.htm"><div class='tagtext'>Forgot Login details?</a>
<br />
<a href="index.php">CMS Index</a> <a href="mybq-post.php">MyBQuotes Post</a>

</div>
 </body> </html>

感谢任何帮助。 (我知道我的一些代码已被弃用......我正在研究它:))

1 个答案:

答案 0 :(得分:1)

在您的登录表单(login-act.php)中,您未设置$_SESSION['timeout'],因此当您访问post.php页面时,检查$_SESSION['timeout'] + 10 * 60 < time()始终为真且{{1}摧毁你的会话。

解决方案是在session_destroy()脚本中添加设置超时的行,即:

login-act.php

在任何重定向之后也总是session_start(); $_SESSION['myusername'] = $myusername; $_SESSION['timeout'] = time(); ,如果你不退出,虽然浏览器会重定向导致服务器告诉他,脚本将继续在服务器中执行,让你的代码打开以获取漏洞并且奇怪行为难以调试。