我在登录页面上设置会话变量,然后重定向到主页,其中名为isLoggedIn()的函数决定include() s signed-in.php或membership-container.php在标题中。如果此人已登录,则会显示signed-in.php,如果客户端未登录,则显示membership-container.php。登录后,显示signed-in.php按预期显示,但是当我重新加载时该页面显示membership-container.php。
登录页面:
<!DOCTYPE html>
<?php
session_start();
/*error_reporting(0);*/
require 'users/database/connect-database.php';
require 'users/database/database-functions.php';
if ($_POST) {
$email = sanitize($connection, strip_tags($_POST['login_email']));
$password = sanitize($connection, strip_tags($_POST['login_password']));
$encrypted_password = sha1($password);
if (!empty($email) && !empty($password)) {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error = 'Your email is not valid.';
} else if(exists($connection, 'email', 'members', 'email', $email) == false) {
$error = "We didn't find anyone with that email and password. Have you joined SamHalesJr.com yet?";
} else if (exists($connection, 'email', 'members', 'password', $encrypted_password) == false) {
$error = "Please enter the correct password.";
} else if (detail($connection, 'active', 'members', 'email', $email) != 1) {
$error = "You haven't activated your account!";
} else {
$query = login($connection, $email, $encrypted_password);
if ($query == true) {
ini_set('session.gc_maxlifetime', $inactive_session);
$_SESSION['session'] = time();
$_SESSION['logged_in'] = detail($connection, 'user_id', 'members', 'email', $email);
if (isLoggedIn()) {header('Location: /home');}
}
}
} else {
$error = 'Please enter an email and password.';
}
}
require 'users/database/disconnect-database.php';
?>
<html>
<head>
<meta charset="utf-8">
</head>
<body>
<form action="/login" method="POST">
<input placeholder="Email" value="<?php echo $email; ?>" type="text" name="login_email"><br>
<input placeholder="Password" value="<?php echo $password; ?>" type="password" name="login_password"><br>
<input type="submit" value="Login">
</form>
</body>
</html>
我知道connect-database.php和disconnect-database.php有效,以下是database-functions.php的内容:
<?php
$inactive_session = 7200;
function sanitize($connection, $data) {
return mysqli_real_escape_string($connection, $data);
}
function exists($connection, $detail, $table, $row, $value) {
$query = mysqli_query($connection, "SELECT `$detail` FROM `$table` WHERE `$row` = '$value'");
$count = mysqli_num_rows($query);
return ($count >= 1) ? true : false;
}
function generate($password) {
$password = hash('sha512', $password);
return $password;
}
function isLoggedIn() {
if (isset($_SESSION['logged_in'])) {
return true;
} else {
return false;
}
}
function detail($connection, $detail, $table, $row, $value) {
$query = mysqli_query($connection, "SELECT `$detail` FROM `$table` WHERE `$row` = '$value'");
$associate = mysqli_fetch_assoc($query);
return $associate[$detail];
}
function login($connection, $email, $password) {
$query = mysqli_query($connection, "SELECT `email`, `password` FROM `members` WHERE `email` = '$email' AND `password` = '$password'");
$count = mysqli_num_rows($query);
if ($count >= 1) {
return true;
} else {
return false;
}
}
function logout() {
unset($_SESSION['logged_in']);
session_unset();
session_destroy();
}
?>
我是否更正session_start()和任何其他$_SESSION['']变量需要在<html>标记之前?以下是我在每个页面中<html>标记之前放置的代码:
<?php
include 'users/database/database-functions.php';
ini_set('session.gc_maxlifetime', $inactive_session);
session_start();
if (isset($_SESSION['session']) && (time() - $_SESSION['session'] > $inactive_session)) {
logout();
}
$_SESSION['session'] = time(); // Update session
?>
如果您需要任何其他信息,请发表评论,非常感谢任何人的帮助。我已经在这方面工作了很长时间,我仍然是会话处理和功能的新手。
为了说清楚,我的问题是当我输入___correct___info到/login并点击登录按钮时,它会重定向到/home页面,它会显示{{1}在标题中,但是当我重新加载signed-in.php时,它会显示/home。
如果它有帮助,在我重新加载主页后(登录后),它仍会显示membership-container.php cookie,就像它显示PHPSESSID时一样。它还表示cookie“在浏览会话结束时”到期。我不知道这是否意味着什么,但事实上它仍然显示signed-in.php cookie可能意味着会话仍然存在并且错误在我的PHPSESSID函数中。
也可能有助于查看标题内部的确切内容:
isLoggedIn()感谢任何帮助我解决此问题的人。