isset(SESSION ['用户'])无效

时间:2014-10-19 22:15:39

标签: php

我有这个php脚本无法检测会话变量是否存在。我一直在寻找堆栈溢出一段时间,我找不到任何解决我问题的方法。这是代码:

<?php
session_start();
if(isset($_SESSION['user'])){
?>
<html>
<head>
</head>
<body>
it exists
</body>
</html>
<?php
    }
    else{
?>
<html>
<head>
</head>
<body>
nope
</body>
</html>
<?php
    }
}
else{
?>
<html>
<head>
</head>
<body>
it doesn't
</body>
</html>
<?php
}
?>

这是设置会话的代码:

<?php
session_start();
$dsn = 'mysql:host=localhost;dbname=noterate';
$usernameForSQL = '*******';
$passwordForSQL = '*********';
$db = new PDO($dsn, $usernameForSQL, $passwordForSQL);
function checkLogin($usrn, $pswd, $database){
    $query = "SELECT * FROM accounts WHERE username='$usrn' and userpassword='$pswd'";
    $statement = $database->prepare($query);
    $statement->execute();
    if($statement->rowcount() > 0){
        return true;
    }
    else{
        return false;
    }
}
if(isset($_POST['username']) && isset($_POST['password'])){
    $username = $_POST['username'];
    $password = $_POST['password'];
    if(checkLogin($username, $password, $db, 'accounts')){
        $_SESSION['user'] = $username;
?>

1 个答案:

答案 0 :(得分:2)

请参阅此帖子了解如何处理密码...它使用mysqli,但您应该能够轻松了解它如何与pdo一起使用。 https://stackoverflow.com/a/26321573/623952

插入您的密码:

$password_to_insert_into_db = password_hash($plaintext_password, PASSWORD_BCRYPT);

我更改了变量名称和内容。 b / c对我来说更容易。

<?php

session_start();

// for my testing...  
$_POST['username'] = 'noterate';
$_POST['password'] = 'noterateE';
// ----------------------------------- 

$dsn = 'mysql:host=localhost;dbname=test';   

$usernameForSQL = 'root';
$passwordForSQL = ''; 

$db = new PDO($dsn, $usernameForSQL, $passwordForSQL);

$user = isset($_POST['username']) ? $_POST['username'] : ''; 
$pass = isset($_POST['password']) ? $_POST['password'] : ''; 

if (!empty($user) && !empty($pass)) { 
   if (checkLogin($user, $pass, $db)) {
      $_SESSION['user'] = $user;
   }
   else echo "error: user not validated<br/>";
}

function checkLogin($user, $pass, $db)  {

   $query = "select * 
               from user 
              where username = ? ";

   $stmt = $db->prepare($query);
   $stmt->execute(array($user));

   $result = $stmt->fetch(PDO::FETCH_ASSOC);
   if ($result) { 
      if (password_verify($pass, $result['password'])) {
         $_SESSION['user'] = $user; 
         return true; 
      }
      // else... password doesn't match
   }
   // else... username doesn't exist 

   return false; 
}
/*
mysql> describe user;
+----------+-------------+------+-----+---------+----------------+
| Field    | Type        | Null | Key | Default | Extra          |
+----------+-------------+------+-----+---------+----------------+
| userid   | int(11)     | NO   | PRI | NULL    | auto_increment |
| username | varchar(60) | YES  | UNI | NULL    |                |
| password | varchar(60) | YES  |     | NULL    |                |
+----------+-------------+------+-----+---------+----------------+
3 rows in set (0.02 sec)



mysql> select * from user;
+--------+-------------+--------------------------------------------------------------+
| userid | username    | password                                                     |
+--------+-------------+--------------------------------------------------------------+
|      1 | my_username | $2y$10$fc48JbA0dQ5dBB8MmXjVqumph1bRB/4zBzKIFOVic9/tqoN7Ui59e |
|      2 | stuff       | $2y$10$o3s39w.9HqeuUP0j7o9qv.NyMSFMfbsa6SzNZi2gnOo4Zol69w/mm |
|     17 | new_user    | $2y$10$lIFIUN2q0UzB9Wtmc/kuCuW7driQkpZHiPIiwQPskanSPXqQbXZGu |
|     18 | noterate    | $2y$10$YEsHG2X4rjPArViZTUtM4uEs27e.GR7g05T7Ajno2j0aogMXADbQ2 |
+--------+-------------+--------------------------------------------------------------+
4 rows in set (0.00 sec)

*/
?>


<?php 
session_start();

var_dump($_SESSION); 

if (isset($_SESSION['user'])) { ?>  
   <div>it exists</div> 
<?php } else { ?>  
   <div>nope</div> 
<?php } ?>