这是位于根文件夹(/)
中的index.php<?php session_start(); ?>
<?php
include_once "Includes/Database/check_login.php";
if (login_check() == TRUE) : ?>
this is an protected page!
<?php else : ?>
<!DOCTYPE html>
<html>
<head>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"> </script>
</head>
<body>
<script>location.href='loginpage.php';</script>
</body>
<?php endif; ?>
这是位于根文件夹(/)
中的loginpage.php<?php session_start(); // session starts with the help of this function
include_once "Includes/Database/check_login.php";
?>
<!DOCTYPE html>
<html>
<head>
<title>Hardcorefight.dk</title>
<link rel="stylesheet" href="Includes/Layout/Index/loginlayout.css" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"> </script>
</head>
<body>
<div class="fixedwebsitesize" id="fixedwebsitesize">
<div class="outerlogin" id="outerlogin">
<div class="login" id="login">
<form action="Includes/Database/login.inc.php" method="post" name="login_form"> <!-- This is the login form, that sends to login.inc.php.-->
<div class="username" id="username">
<input type="text"
name="user"
placeholder="user"
class="user_login"
/>
</div>
<div class="password" id="password">
<input type="password"
name="pass"
class="pass_login"
placeholder="Password"
/>
</div>
<div class="loginbutton" id="loginbutton" >
<input type="submit"
value="Login"
class="login_input"
/>
</div>
</form>
</div>
</div>
<div class="logoutbox"> <!-- This is an button that changes to register or log out depending if the user is logged in or not -->
<input type="button"
<?php if (login_check() == TRUE) : ?>
onclick="location.href='destroysession.php';"
value="Log Out"
<?php else : ?>
onclick="location.href='register.php';"
Value="register"
<?php endif; ?>"
class="logout_button"
/>
</div>
</div>
</body>
</html>
这是位于Database文件夹中的login.inc.php(/ Includes / Database /) 它检查输入信息是否正确并进行会话。
<?php
session_start(); // session starts with the help of this function
include_once "db_connect.php"; // include the connect file to the db.
$user_input = $_POST['user']; //Get's the post['user'] from loginpage.php
$pass_input = $_POST['pass']; //Get's the post['pass'] from loginpage.php
if($result = $db_new->query("SELECT * FROM members WHERE username='$user_input'")){ // chooses the row from the DB that matches the username that the user wrote
if($result->num_rows == 1){ //verify if there only is one user with that username
$row = $result->fetch_assoc();
if(password_verify($pass_input, $row["password"])){ //verify the password if it is the right password
echo "password match";
$_SESSION['username']=$row["username"]; //makes the session with the username
$_SESSION['email']=$row["email"]; //makes the session with the email
$_SESSION['id']=$row["id"]; //makes the session with the id
$_SESSION['password']=$row["password"]; //makes the session with the password
header("Location: /index.php"); // go to index
}
else { //if password is incorrect it will echo this.
echo "password incorrect";
}
}
else{ // if user doesn't exist it will echo this
echo "user doesn't exist";
}
}
else {
die($db_new->error);
}
这是位于Database文件夹中的check_login.php(/ Includes / Database /) 这会读取会话并检查信息是否与数据库匹配,如果匹配函数= TRUE,则为= FALSE。
<?php
function login_check(){
session_start(); // session starts with the help of this function
include_once "db_connect.php";
$id = $_SESSION['id'];
$password = $_SESSION['password'];
$username = $_SESSION['username'];
$email = $_SESSION['email'];
if(isset($id, //checks if all the sesions exist.
$password,
$username,
$email)){
if($result = $db_new->query("SELECT * FROM members WHERE username='$username'")){ //select the row that's equal the username from the session.
if ($result->num_rows == 1) { //checks if there only is 1 row with the username
$row = $result->fetch_assoc();
$db_password = $row["password"];
$db_id = $row["id"];
$db_email = $row["email"];
if ($password == $db_password) { // checks if the session password equal the DB password
if ($id == $db_id) { // checks if the session ID equal the DB ID
if ($email == $db_email) { // checks if the session email equal the DB email
//logged in
return TRUE;
} else {
//not logged in (error in email verify)
return FALSE;
}
} else {
//not logged in (error in id verify)
return FALSE;
}
} else {
//not logged in (error in password_verify)
return FALSE;
}
} else {
//not logged in (error in num_rows)
return FALSE;
}
} else {
//not logged in (error in query)
return FALSE;
}
} else {
//not logged in (error in isset)
return FALSE;
}
}
答案 0 :(得分:0)
将值设置到会话后,您需要在重定向用户之前调用session_write_close。在$_SESSION数组中设置值后,在login.inc.php中:
...
$_SESSION['id']=$row["id"]; //makes the session with the id
$_SESSION['password']=$row["password"]; //makes the session with the password
session_write_close();
header("Location: /index.php"); // go to index
...
否则,您在会话中更改的内容将丢失。
答案 1 :(得分:0)
对不起,会议无法解决所有问题。
我已经解决了问题,问题不在编程中,而是在我的PHP中。
我服务器上的主驱动器空间不足,因此无法保存任何内容,因此无法保存会话。
感谢所有其他反馈,它将帮助我提高代码的安全性。