您好我开始关注,然后调整Adam Khoury的视频来创建社交媒体网络。代码我似乎总是为用户登录状态返回值true,甚至删除了所有cookie等。
我几乎没有触及Adam的代码,重新命名了我相信的几个变量,然后创建了我自己的函数来调用函数并处理返回的数据。我假设我已经搞砸了这些功能如何相互分享信息,但不确定在哪里或做什么来纠正它。
任何帮助我保持正确方向的帮助都会很棒。
<?php
session_start();
require_once("includes/db_conx.php");
$login_status;
$logged_user = "";
// Create globally accessable variables to store username and login status
function dataCheck() {
checkSession();
global $login_status, $logged_user;
if (checkSession() === false) {
$login_status = "false";
$logged_user = "";
} else {
$login_status = "true";
$logged_user = preg_replace('#[^a-z0-9_]#i', '', $_SESSION['username']);
}
}
// User Verify function
function evalLoggedUser($conx,$id,$u,$p){
$sql = "SELECT ip FROM users WHERE userID='$id' AND username='$u' AND password='$p' AND activated='1' LIMIT 1";
$query = mysqli_query($conx, $sql);
$numrows = mysqli_num_rows($query);
if($numrows > 0){
return true;
}
}
function checkSession() {
global $db_conx;
// Checks to see if the user is already logged in and a session has been created
if(isset($_SESSION["userid"]) && isset($_SESSION["username"]) && isset($_SESSION["password"])) {
$log_id = preg_replace('#[^0-9]#', '', $_SESSION['userid']);
$log_username = preg_replace('#[^a-z0-9_]#i', '', $_SESSION['username']);
$log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']);
// Verify the user
$global_verified = evalLoggedUser($db_conx,$log_id,$log_username,$log_password);
} else {
// Check for recent cookie data
checkCookies();
}
}
function checkCookies() {
global $user_verified;
// Checks to see if the user has visited the site recently and has details logged in cookies
if(isset($_COOKIE["id"]) && isset($_COOKIE["user"]) && isset($_COOKIE["pass"])){
$_SESSION['userid'] = preg_replace('#[^0-9]#', '', $_COOKIE['id']);
$_SESSION['username'] = preg_replace('#[^a-z0-9_]#i', '', $_COOKIE['user']);
$_SESSION['password'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['pass']);
$log_id = $_SESSION['userid'];
$log_username = $_SESSION['username'];
$log_password = $_SESSION['password'];
// Verify the user
$global_verified = evalLoggedUser($db_conx,$log_id,$log_username,$log_password);
if($global_verified == true){
// Update their lastlogin datetime field
$sql = "UPDATE users SET lastlogin=now() WHERE userID='$log_id' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
} else {
return false;
}
}
}
?>
答案 0 :(得分:1)
你需要在checkSession()函数中返回一些东西......
if(isset($_SESSION["userid"]) && isset($_SESSION["username"]) && isset($_SESSION["password"])) {
$log_id = preg_replace('#[^0-9]#', '', $_SESSION['userid']);
$log_username = preg_replace('#[^a-z0-9_]#i', '', $_SESSION['username']);
$log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']);
// Verify the user
$global_verified = evalLoggedUser($db_conx,$log_id,$log_username,$log_password);
return true;
} else {
// Check for recent cookie data
checkCookies();
return false;
}
答案 1 :(得分:0)
checkSession()不会返回任何内容。这意味着checkSession() === false检查将始终失败。
如评论中所述,您的代码存在许多安全问题,我会考虑修复它们。
答案 2 :(得分:0)
如果没有注销脚本,很难测试登录脚本。一旦脚本记录下来,您将数据保存到会话中,此时您的checkSession()将始终返回true,直到您的会话超时或您编写注销脚本。以下代码会将您注销,以便您可以尝试重新登录:
session_start();
$_SESSION = array();
session_destroy();
正如其他两位回答建议的那样,你也错过了checkSession()中的返回值,但我怀疑你应该这样做,而不是上面的建议:
function checkSession() {
global $db_conx;
// Checks to see if the user is already logged in and a session has been created
if(isset($_SESSION["userid"]) && isset($_SESSION["username"]) && isset($_SESSION["password"])) {
$log_id = preg_replace('#[^0-9]#', '', $_SESSION['userid']);
$log_username = preg_replace('#[^a-z0-9_]#i', '', $_SESSION['username']);
$log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']);
// Verify the user
$global_verified = evalLoggedUser($db_conx,$log_id,$log_username,$log_password);
} else {
// Check for recent cookie data
$global_verified = checkCookies();
}
return $global_verified;
}