会话为所有用户返回0

时间:2013-12-07 09:17:26

标签: php session

我被困在注册和登录脚本上,出于某种原因,无论我登录的是谁,我的$ user_id都会返回0。我一遍又一遍地浏览代码,由于某种原因,会话似乎没有从数据库中获取用户ID。

我看了一眼,有几个人遇到过这个问题和他们的修复,如果有任何问题被证明对我不利。

的init.php

<?php

session_start();
//error_reporting(0);


require 'database/connect.php';
require 'functions/general.php';
require 'functions/users.php';

if (logged_in() === true) {
$session_user_id = $_SESSION['user_id'];
$user_data = user_data($session_user_id, 'user_id', 'username', 'password', 'first_name', 'last_name', 'email');

}

$errors = array();
?>

功能/ users.php

<?php

function logged_in() {
return (isset($_SESSION['user_id'])) ? true : false;
}

function user_data($user_id)
{
$data = array();
$user_id = (int)$user_id;

$func_num_args = func_num_args();
$func_get_args = func_get_args();

if($func_num_args > 0)
{
    unset($func_get_args[0]);
    $fields = '`' . implode('', $func_get_args) . '`';
    // check the query executed. mysql_query returns false if there is an     error
    if(($result = mysql_query("SELECT '".$fields."' FROM `users` WHERE `user_id` = '".$user_id."'")) !== false)
    {
        // check that the query did actually return any results
        if(mysql_num_rows($result))
        {
            return mysql_fetch_assoc($result); // return the result
        }
        // query didn't return any results
        else
        {
            echo 'user_data() query returned no results!';
        }
    }
    // query has failed find out why using msyql_error();
    else
    {
        echo 'user_data() query has failed - ' . mysql_error();
    }
}
return false;
}


function user_exists($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '".$username."'"), 0) == 1) ? true : false;
}

function user_active($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '".$username."' AND `active` = 1"), 0) == 1) ? true : false;
}

function user_id_from_username($username) {
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` =     '".$username."' AND `password` = '".$password."'"), 0, 'user_id');
}

function login($username, $password) {
$user_id = user_id_from_username($username);

$username = sanitize($username);
$password = MD5($password);

return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE    `username` = '".$username."' AND `password` = '".$password."'"), 0) == 1) ? '".$user_id."'     : false;
}
?>

的login.php

<?php 

include 'core/init.php';

if (empty ($_POST) === false) {
$username = $_POST['username'];
$password = $_POST['password'];

if (empty($username) === true || empty($password) === true) {
    $errors[] = 'You need to enter a username and or password';
    }else if (user_exists ($username) === false)  {
    $errors[] = 'Your username is not registered on our server. Have you <a          href = register.php> registered?</a>';
    }else if (user_active ($username) === false) {
    $errors [] = 'You need to activate your account!';
    }else {

        if (strlen($password) > 32) {
            $errors[] = 'password too long';
        }

        $login = login($username, $password);
        if ($login == false){
        $errors[] = 'Username or password is incorrect';
        } else {
        $_SESSION['user_id'] = $login;
        header ('LOCATION: index.php');
        exit();
        }
    }


}else {
    $errors[] = 'no data';  
    }

include 'includes/overall/header.php';
if (empty($errors) === false) {
?>
<h2>We tried to log you in, BUT...</h2>

<?php
}
echo output_errors($errors);

include 'includes/overall/footer.php';
?>

如果你知道如何解决这个问题,如果你遇到同样的问题,我将非常感激!我一直把头发拉到这个哈哈上面。

谢谢!

3 个答案:

答案 0 :(得分:1)

确保在内爆时使用一些胶水:

$fields = implode(', ', $func_get_args);

至少可以修复某些东西。我没有你所有的require'文件,或者你的数据库架构,所以我不能肯定地说。

答案 1 :(得分:0)

您的问题出在登录功能

// WRONG
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE    `username` = '".$username."' AND `password` = '".$password."'"), 0) == 1) ? '".$user_id."'     : false;

mysql_query()函数返回资源,如果失败或没有结果,则返回false。你的假设是它返回1.

$result = mysql_query("SELECT * FROM mytale WHERE somecondition");
$num_rows = mysql_num_rows($result);

注意: 你的代码编写得非常糟糕,因为它不安全,SO本身可能有几千个警告,要求人们不要像登录查询那样获取登录信息。请更新您的查询。

答案 2 :(得分:0)

改变这个:

unset($func_get_args[0]);
$fields = '`' . implode('', $func_get_args) . '`';
// check the query executed. mysql_query returns false if there is an     error
if(($result = mysql_query("SELECT '".$fields."' FROM `users` WHERE `user_id` = '".$user_id."'")) !== false)
{
    // check that the query did actually return any results
    if(mysql_num_rows($result))
    {
        return mysql_fetch_assoc($result); // return the result
    }
    // query didn't return any results
    else
    {
        echo 'user_data() query returned no results!';
    }
}

到此:

    $query = mysql_query("SELECT user_id, username, password, email FROM users WHERE user_id = '".mysql_real_escape_string($user_id)."'");

    if($query && mysql_num_rows($query))
    {
      return mysql_fetch_assoc($query); // return the result
    } else {
      // no results or error..
   }