我正在使用PHP 5.3.6(Yahoo)并且使用$ _POST存在保存/检索会话变量的问题。我通过设置ENABLE_POST_DATA_READING=OFF在我的开发环境(PHP 5.5.6)中重新创建了这个问题。
我是PHP的新手,并且一直在努力解决原因,现在有了潜在的解决方案(php://输入????)。以下是我遇到问题的页面,它无法读取会话变量以加载 mbrsvc.php 页面。
<!DOCTYPE html>
<?php
session_start();
$inactive = 600;
// check to see if $_SESSION["timeout"] is set
if (isset($_SESSION["timeout"])) {
// calculate the session's "time to live"
$sessionTTL = time() - $_SESSION["timeout"];
if ($sessionTTL > $inactive) {
session_destroy();
header("Location: /ssl/index.php");
}
}
$_SESSION["timeout"] = time();
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login</title>
</head>
<body>
<?php
// {removed CSS include & function include references}
require 'include/hdr1.php';
?>
<div id="fNav">
<div class="arrowgreen">
<ul>
<li><a href="index.php" title="Home">Home</a></li>
<li><a href="logout.php" title="Close">Close</a></li>
</ul>
</div>
</div>
<div id="fMain">
<?php
if (isset($_POST['Submit'])):
$flag='ok';
else :
$flag='new';
$emailid="";
endif;
if ($flag=='new'):
//echo 'New Form being displayed<br>' ;
//echo time();
endif;
if (isset($_POST['Submit'])): //Form has already been displayed and submit button clicked
if (isset($_POST['cname'])):
$inputvalue=$_POST['cname'];
else:
$inputvalue='notset';
endif;
$inputopt = trim($_POST['tinput']);
require 'include/opendb.php';
switch ($inputopt):
case "MemberID":
// Processing for Member ID entered;
$memberid = filter_var(trim($inputvalue), FILTER_SANITIZE_STRING);
if (!$memberid):
echo 'Invalid Memebr ID entered... please retry';
echo "<input type='button' value='Retry' onClick='history.go(-1)'>" ;
return;
endif;
$sql01 = "select acnt.customerid, acnt.userid, acnt.pswd, members.firstname,
members.lastname, acnt.idseq, acnt.daystamp, acnt.hashlog, acnt.prole
from acnt, members
WHERE !acnt.obs_fg and members.customerid = acnt.customerid
and acnt.customerid like '" . $memberid."'";
break;
case "email" :
//do e-mail validation, then match e-mail to user ID & set SQL
$emailid = filter_var(trim($inputvalue), FILTER_VALIDATE_EMAIL);
if (!$emailid):
echo 'Invalid e-mail address provided' ;
echo '<big>Please provide valid e-mail address</big><br>';
$flag='bademail';
echo "<input type='button' value='Retry' onClick='history.go(-1)'>" ;
return;
endif;
$sql01 = "select acnt.customerid, acnt.userid, acnt.pswd, members.firstname,
members.lastname, acnt.idseq, acnt.daystamp, acnt.hashlog, acnt.prole
from acnt, members
WHERE !acnt.obs_fg and members.customerid = acnt.customerid
and acnt.userid like " . "'" .trim($emailid)."'";
break;
default:
break;
endswitch;
if ($flag <>'ok'):
echo "<input type='button' value='Retry' onClick='history.go(-1)'>" ;
else: // all entries are correct and let us proceed with the database checking etc …
endif;
if (isset($mysqli)):
// verifying db handle is set
else:
require 'include/opendb.php';
endif;
$result = mysqli_query($mysqli, $sql01) or die (mysqli_error($mysqli));
$num = mysqli_num_rows($result);
if ($num==0):
//No results, acnt record does not exist
echo "<p>Your Login does not seem to be setup yet.</p>";
echo '<p>Click <a href="newlogin.php">here to set up your login.</a>';
return ;
else:
while ($row = mysqli_fetch_row($result)) :
$memberid = $row[0]; // customerID
$userid = $row[1]; //email userID
$emailid = $row[1]; //repeating same value for emialID as userID
$pwdh1 = $row[2]; //pswd
$firstname = $row[3]; //firstname
$lastname = $row[4]; //lastname
$idseq = $row[5]; //idseq
$salt = $row[6]; //daystamp
$hashlog = $row[7]; //hashlog
$prole = $row[8]; //prole
endwhile;
mysqli_close($mysqli);
$srcip = getRealIpAddr();
$timeformat='Y-m-d-G-i-s-e';
$timenow = date($timeformat,$_SERVER['REQUEST_TIME']);
if (!isset($loggedin)):
$loggedin = 0;
endif;
endif;
if (!isset($_POST['pswd'])):
echo '<big><b>Password cannot be blank</b></big><br>';
$flag='blankpswd';
$pwd='';
if ($flag <>'ok'):
echo "<input type='button' value='Retry' onClick='history.go(-1)'>" ;
else: // all entries are correct and let us proceed with the database checking etc …
endif;
else:
$pwd = filter_input(INPUT_POST, 'pswd', FILTER_SANITIZE_URL);
endif;
include 'include/ihash.php';
if ($hashlog == 'BLOWFISH'):
$salt = substr($pwdh1,0,28) . '$';
$pwdh2 = crypt($pwd, $salt);
else:
$pwdh2 = hash_hmac($hashalog, $pwd, $salt);
endif;
if ($pwdh1==$pwdh2):
session_regenerate_id();
$a = session_id();
$timeformat='Y-m-d-G-i-s-e';
$timenow = date($timeformat,$_SERVER['REQUEST_TIME']);
$logintime = time();
$loggedin = 1;
$srcip = getRealIpAddr();
$loginid = $memberid;
$userid = $emailid;
$_SESSION['memberid'] = $memberid ;
$_SESSION['loginid'] = $loginid;
$_SESSION['srcip'] = $srcip;
$_SESSION['userid'] = $userid;
$_SESSION['firstname'] = $firstname;
$_SESSION['lastname'] = $lastname;
$_SESSION['idseq'] = $idseq;
$_SESSION['loggedin'] = $loggedin;
$_SESSION['firstname'] = $firstname;
$_SESSION['lastname'] = $lastname;
$_SESSION['idseq'] = $idseq;
$_SESSION['logintime'] = $logintime;
$_SESSION['prole'] = $prole;
$_SESSION['a'] = $a ;
$sqllog = 'insert into userlog (loginid, srcip, action) values ('. $loginid.', "' .$srcip . '", "Logged in" )';
$res=mysqli_query($mysqli, $sqllog);
if (!$res):
endif;
$sqlupdate = "Update acnt set lastlogdt = "."'".$timenow."'"." where idseq = ".$idseq ;
$updateres = mysqli_query($mysqli, $sqlupdate);
if ($updateres==0):
else:
endif;
//consider to be logged in
session_commit(); //added this to try to have updated session variables written
// capture & insert IP & datetime into acnt
mysqli_close($mysqli);
print "<script>";
print " self.location='mbrsvc.php'"; // Comment this line if you don't want to redirect
print "</script>";
return;
else:
//password did not match what was stored
$srcip=getRealIpAddr();
$loginid=$memberid;
$userid=$emailid;
$flag='badcredentials';
echo 'Credentials did not match, please retry';
echo "<input type='button' value='Retry' onClick='history.go(-1)'>" ;
mysqli_close($mysqli);
exit;
endif;
//end of FormSubmit
else :
//Display form
echo '<form action="login.php" method="post">';
echo 'Enter your Member ID or e-mail address (and select which you entered below):<br />';
echo '<input type="text" name="cname" maxlength="60" size="30" value ="" tabindex="1"/>';
echo '<p>';
echo 'Member ID <INPUT CHECKED type="radio" name="tinput" value="MemberID" tabindex="2"><br>';
echo 'E-Mail Address<INPUT type="radio" name="tinput" value="email" tabindex="3"><br></p>';
echo '<p>Password: <input type="password" name="pswd" size="30" maxlength="30" value="" tabindex="4"/></p>';
echo '<input type="Submit" name="Submit" value="Submit" tabindex="5"/>';
echo '<input type="reset" name="reset" value="Reset" tabindex="6"/>';
echo '<p>Forgot Your Password? <a href="resetsec.php"/> Click here. </a> </p>';
echo '</form>';
endif;
?>
</div>
</body>
</html>
非常感谢您提供的任何帮助!
答案 0 :(得分:1)
在$ _SESSION中使用单引号,即使用$ _SESSION [&#39; timeout&#39;]而不是$ _SESSION [&#34; timeout&#34;]