这个网页有一个重定向循环PHP问题?

时间:2014-04-11 15:08:42

标签: php

我在login.phpindex.php文件中使用以下代码。

我在浏览器中获得了This webpage has a redirect loop error

我知道这个问题是由login.php文件中的逻辑引起的,代码如下:

$existCount = mysqli_num_rows($query); // count the row nums
            if ($existCount == 1) { // evaluate the count
                $row = mysqli_fetch_array($query, MYSQLI_ASSOC);
                $_SESSION["id"] = $row["id"];
                $_SESSION["manager"] = $manager;
                $_SESSION["password"] = $password;
                header("location: http://$storeShop.mysite.com/index.php");
                exit();
            } else {
                echo 'That information is incorrect, try again <a href="login">Click Here</a>';
                exit();
            }

特别是这一行:header("location: http://$storeShop.mysite.com/index.php");

我只是不知道如何解决这个问题!

的login.php 

<?php
session_start();
ob_start();

if (isset($_SESSION["manager"])) {

    /*

    IF THE USER IS LOGGED IN THE CODE BELOW SENDS THEM TO THEIR OWN SUBDOMAIN NAME
    WHICH IS STORED IN $_SESSION["storeShop"].

    CHANGE "REST_OF_URL" TO THE VALID DOMAIN IN THE HEADER FUNCTION.
    BUT DON'T REMOVE THE . (DOT)

    */

    header("Location: http://$_SESSION[storeShop].mysite.com/index.php");
    exit();

    // END OF EDIT.
}

?>
<?php

    if (isset($_POST["email"]) && isset($_POST["password"])) {
           $manager =  $_POST["email"]; // filter everything but numbers and letters
           $password = (!empty($_POST['password'])) ? sha1($_POST['password']) : ''; // filter everything but numbers and letters
            $storenameTable = $_REQUEST['storeShop'];   

            // Connect to the MySQL database  
            include "config/connect.php";


            $sql = "SELECT members.id, members.email, members.password, members.randKey, members.storeShop, storename.email, storename.password, storename.randKey, storename.storeShop
                FROM members
                INNER JOIN storename ON members.randKey = storename.randKey
                WHERE members.email = '$manager'
                AND members.password = '$password'
            ";


        $result = mysqli_query($db_conx,"SELECT storeShop FROM members WHERE email='$manager' AND password='$password'");

        while($row = mysqli_fetch_array($result))
          {
                $email = $row["email"];
                $password = $row["password"];
                $storeShop = $row["storeShop"];
                $_SESSION['email'] = $email;
                $_SESSION['password'] = $password;
                $_SESSION['storeShop'] = $storeShop;
          }

            // query the person
            // ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
            $query = mysqli_query($db_conx, $sql);
            if (!$query) {
                die(mysqli_error($db_conx));
            }
            $existCount = mysqli_num_rows($query); // count the row nums
            if ($existCount == 1) { // evaluate the count
                $row = mysqli_fetch_array($query, MYSQLI_ASSOC);
                $_SESSION["id"] = $row["id"];
                $_SESSION["manager"] = $manager;
                $_SESSION["password"] = $password;
                header("location: http://$storeShop.mysite.com/index.php");
                exit();
            } else {
                echo 'That information is incorrect, try again <a href="login">Click Here</a>';
                exit();
            }
        }


?>

的index.php 

<?php 
session_start();
ob_start();
    if (!isset($_SESSION["manager"])) {
    header("location: login"); 
    exit();
}
/*

    THE CODE BELOW COMPARES THE SUBDOMAIN TO THE USER'S STORESHOP SESSION
    IF THEY DON'T MATCH IT REDIRECTS THEM TO THEIR SUBDOMAIN.

    CHANGE "REST_OF_URL" TO THE VALID DOMAIN IN THE HEADER FUNCTION.
    BUT DON'T REMOVE THE . (DOT)

    */
else {

    $url = $_SERVER["HTTP_HOST"];
    $user_subdomain = explode(".", $url);

    if($_SESSION["storeShop"] != $user_subdomain[0]) {
        header("Location: http://$_SESSION[storeShop].mysite.com/index.php");

    }
}
ob_end_flush();

// Be sure to check that this manager SESSION value is in fact in the database
    $managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters
    $manager =  $_POST["email"]; // filter everything but numbers and letters
    $password = (!empty($_POST['password'])) ? sha1($_POST['password']) : ''; // filter everything but numbers and letters
    $storenameTable = $_REQUEST['storeShop'];
// Run mySQL query to be sure that this person is an admin and that their password session var equals the database information
// Connect to the MySQL database  
include "config/connect.php";
    $sql = "SELECT members.id, members.email, members.password, members.randKey, members.storeShop, storename.email, storename.password, storename.randKey, storename.storeShop
        FROM members
        INNER JOIN storename ON members.randKey = storename.randKey
        WHERE members.email = '$manager'
        AND members.password = '$password'
    "; // query the person
// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
    $query = mysqli_query($db_conx, $sql);
    if (!$query) {
        die(mysqli_error($db_conx));
    }
$result = mysqli_query($db_conx,"SELECT storeShop FROM members WHERE email='$manager' AND password='$password'");

while($row = mysqli_fetch_array($result))
  {
        $email = $row["email"];
        $password = $row["password"];
        $storeShop = $row["storeShop"];
        $_SESSION['email'] = $email;
        $_SESSION['password'] = $password;
        $_SESSION['storeShop'] = $storeShop;
  }


?>
有人可以指出我正确的方向吗?

提前致谢。

2 个答案:

答案 0 :(得分:0)

您将用户重定向到其他子域,并可能在此过程中丢失所有会话数据。

在致电session_start()之前,请确保您的Cookie对整个域名有效,即:

session_set_cookie_params(0, '/', '.mysite.com'); 
session_start();

More information here

编辑:您应该研究的其他一些事项:

(1)用户被重定向到&#34;登录&#34; (header("location: login");),您的哪些脚本将处理下一个请求? (你的意思是login.php?)

(2)login.php收到GET请求(没有活动会话)时会做什么?

答案 1 :(得分:0)

您已使用session_start()

在index.php中启动了另一个会话

从index.php页面中删除session_start()并确认它是否正常工作

相关问题
最新问题