会话未反映在页面中

时间:2014-05-30 18:11:12

标签: php session

我创建了会话名称($ _SESSION ['有效'] ="是";)反映在所有页面中,它在某些页面中工作但有些页面没有,特别是在(pwdchange.php)我不知道为什么。有人可以看到我的代码,让我知道错误在哪里。并指导我通过。并且还没有在/ tmp目录中创建会话文件。

我的代码

第一页ifstatment.php 

<html>
<body>
<h1>Welcome To Internet HotSpot</h1>

<form action="auth.php" method="post">
Username: <br><input type="text" name="username"></br>
Password: <br><input type="password" name="password"></br>


<div id="main">
<div class="floatdiv">

<input type="submit" name = 'submit' value= 'Login'>
</form>
</div>

<div class="floatdiv">

<form method="POST" action="adminlogin1.php">
<button type="submit">admin login</button>
</form>
</div>
</div>


 <style type="text/css">
 #main
 {
 position:relative;
    width:200px;
 }
.floatdiv
 {
 float:left;
    width=80px
  }
</style>

</body>
</html>

第二页

Auth.php 

<? ob_start(); ?>
<?php

session_start();

//connecting to database

$db = mysql_connect("localhost","sqldata","sqldata") or die(mysql_error());

//selecting our database

$db_select = mysql_select_db("accounts", $db) or die(mysql_error());

ini_set('session.bug_compat_42',0);
ini_set('session.bug_compat_warn',0);

//Retrieving data from html form

if(empty($_POST["username"]))
{

echo "Error you must enter username and password</br>";

}

$username = $_POST['username'];

$password = $_POST['password'];


$_SESSION['username']= $_POST['username'];
//for mysql injection (security reasons)

$username = mysql_real_escape_string($username);

$password = mysql_real_escape_string($password);



//checking if such data exist in our database and display result

$result= mysql_query("select * from uptable where username = '$username' ");

$row = mysql_fetch_array( $result );

$storedPassword = $row['password'];


$hash= crypt($password,$storedPassword)===$storedPassword;

if ($hash)
{

$_SESSION['valid'] = "yes";

$_SESSION['logged_in'] = true;

header("Location: check.php");

$ip = $_SERVER['REMOTE_ADDR'];

exec("/usr/bin/sudo -u apache sudo  /sbin/iptables  -I INPUT -s $ip -j ACCEPT");

exit;
}


else
{
if ($_SESSION['valid'] != "yes")

{

$ip = $_SERVER['REMOTE_ADDR'];

exec("/usr/bin/sudo -u apache sudo  /sbin/iptables  -D INPUT -s $ip -j ACCEPT");

session_destroy();

session_unset();

header("location:ifstatment.php");

exit();
}
}

?>
<? ob_flush(); ?>

Check.php 

<? ob_start(); ?>

<html>
<body>
<?php

error_reporting(E_ALL);


session_start();


$username= $_SESSION['username'];
print_r($valid= $_SESSION['valid']);

include('search.php');

if ($_SESSION['valid'] != "yes")

{

$ip = $_SERVER['REMOTE_ADDR'];

exec("/usr/bin/sudo -u apache sudo  /sbin/iptables  -D INPUT -s $ip -j ACCEPT");

session_destroy();

session_unset();

header("location:ifstatment.php");

exit();
}

$page = $_SERVER['PHP_SELF'];
$sec = 10;
header("Refresh: $sec; url=$page");

$ip = $_SERVER['REMOTE_ADDR'];
timeout($username, $ip);

echo "<br> Hi $username.</br>";

echo "<br>You Have Logged In Successfully.</br>";

$ip = $_SERVER['REMOTE_ADDR'];

$txt="Your ip Address Is ";

echo $txt . " " .  $ip;

?>

</body>
</html>
<? ob_flush(); ?>

<html>
<body>
<form method="POST" action="logout.php">
<button type="submit">Logout</button>
</form>

<br> update your account password </br>

<form method="POST" action="pwdchange.php">
<button type="submit">update</button>
</form>

</body>
</html>

pwdchange.php 

<?php

session_start();

print_r($valid= $_SESSION['valid']);
print_r($hadi=$_SESSION["valid"]);
print_r($logged_in= $_SESSION["logged_in"]);

?>

1 个答案:

答案 0 :(得分:1)

session_start() 必须在任何输出之前:

<? ob_start(); ?>

<html>
<body>
<?php

error_reporting(E_ALL);


session_start();

应该是:

<? 
ob_start(); 
session_start();
error_reporting(E_ALL); // This should be up here, too
?>

<html>
<body>

(你应该考虑使用doctype

相关问题
最新问题