$ _SESSION在转到个人资料时会发生变化
我已经创建了一个登录脚本,在用户登录时设置了用户名和令牌会话,问题是如果我在登录会话后立即转到配置文件页面,不要继续,唯一的方法是防止这是通过在我登录后刷新索引页面然后设置会话。但是,只要我登录Krumo就会显示会话变量。
由于某种原因,它不会将会话注册为有效并显示未登录的消息。但是,如果我在导航到配置文件页面之前刷新索引页面(我登录的位置),则会话有效并被选中。
图片
- 我从索引页面登录后立即 -
- 如果我导航为个人资料页面 我登录后立即
此外,如果我从“个人资料”页面注销,它应该销毁会话并返回主页。但是当我回到主页时,我发现我有以前的会话令牌。
当我通过课程时,会有相当多的代码。
总结
- 我从索引页面登录
- 登录后我导航到个人资料页面,没有设置会话。
- 如果我在登录个人资料页面后刷新索引页面确实有一个会话集。
- 虽然我有一个有效的会话,如果我尝试从个人资料页面注销,我会得到一个令牌不匹配,索引页面会显示以前的会话令牌(这让我感到困惑)。
- 如果我从索引页面登录,我可以立即退出并且一切正常,前提是我没有进入个人资料页面并从那里退出。
发布变更
- 我添加了图片图片的链接。
- 将fonts.html从session_start移开,问题仍然存在。
在index.php文件中使用的PHP
Index.php文件:
<?php
session_start();
include_once("".$_SERVER['DOCUMENT_ROOT']."/includes/Krumo/class.krumo.php");
include_once("".$_SERVER['DOCUMENT_ROOT']."/auth/class_loader.php");
$sessCheck = new userFunc;
if($sessCheck->validSess('bool')){
$sess = true;
}
else{ $sess = false;}
krumo($_SESSION);
include("style/fonts/fonts.html");
?>
<?php
$bar = new accountBar;
$bar->getBar($sess);
?>
我的login.php文件获取发布到其的登录表单数据:
<?php
session_start();
include_once("".$_SERVER['DOCUMENT_ROOT']."/auth/class_loader.php");
$login = new login();
if(!isset($_POST['username']) || !isset($_POST['password'])){
$_SESSION['msg'] = "Please fill out all the information";
header("location:/");
}
$login = $login->startLogin($_POST['username'],$_POST['password']);
header("location:/");
?>
我的登录表单调用登录类:
<?php
session_start();
class login{
/**
* startLogin()
* PARAMETERS: username, password
* RETURN: start login process
* DESCRIPTION: Start login process and handle login functions
*/
function startLogin($u, $p){
$u = preg_replace('#[^a-z0-9_]#i', '', $u);
$u = strtolower($u);
$u = (trim($u));
$p = (trim($p));
if($u == "" || $p == ""){
unset($_SESSION['msg']);
$_SESSION['msg'] = "Please fill out all the information TEST";
//header("location:/");
return false;
}
$salt = $this->grabSalt($u);
//echo "salt is: ".$salt."<br>";
$p = md5($p.$salt);
//echo "password is: ".$p."<br>";
$ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
if($this->checkPswd($u, $p)){
// echo "Passwords Match!<br>";
$this->setSessions($u);
}
else{
unset($_SESSION['msg']);
$_SESSION['msg'] = "Username or password is not correct";
header("location:/");
}
}
/**
* grabSalt()
* PARAMETERS: username
* RETURN: salt for that user
* DESCRIPTION: Grab the users salt for use in password matching
*/
function grabSalt($u){
$conx = mysqli_connect("mysql.pipeten.co.uk", "********", "********", "******_GameAndShame");
$stmt = $conx->prepare("SELECT `UID` FROM users WHERE `username` = ? LIMIT 1");
$stmt->bind_param('s',$u);
if($stmt->execute()){
$stmt->bind_result($uid);
$stmt->fetch();
$stmt->close();
$stmt = $conx->prepare("SELECT `salt` FROM users_salts WHERE `UID` = ? LIMIT 1");
$stmt->bind_param('i',$uid);
if($stmt->execute()){
$stmt->bind_result($salt);
$stmt->fetch();
$stmt->close();
}else{$stmt->error; $stmt->close();}
}else{$stmt->error; $stmt->close();} //USER NOT FOUND IN DB
return $salt;
}
/**
* checkPswd()
* PARAMETERS: $p (password), $u (username)
* RETURN: true of false
* DESCRIPTION: takes the username and hashed password and checks it against the user in the database, if it matches up we return true
*/
function checkPswd($u, $p){
$conx = mysqli_connect("mysql.pipeten.co.uk", "********", "********", "******_GameAndShame");
$stmt = $conx->prepare("SELECT `password` from users WHERE `username` = ? LIMIT 1");
$stmt->bind_param('s',$u);
if($stmt->execute()){
$stmt->bind_result($dbp);
$stmt->fetch();
//echo "dbpassword is: ".$dbp."<br>";
if($dbp == $p){$stmt->close(); return true;}else{$stmt->close(); return false;}
}else{$stmt->error; $stmt->close();}
}
/**
* setSessions()
* PARAMETERS: $u (username)
* RETURN:
* DESCRIPTION: sets the user session for the person.
*/
function setSessions($u){
$ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
$t = md5($u.time());
$conx = mysqli_connect("mysql.pipeten.co.uk", "********", "********", "******_GameAndShame");
$stmt = $conx->prepare("UPDATE users SET `ip` = ?, `lastlogin` = NOW() WHERE `username` = ?");
$stmt->bind_param("ss",$ip,$u);
if($stmt->execute()){ $stmt->close();}else{$stmt->error; $stmt->close();}
$stmt = $conx->prepare("SELECT `token` from users_tokens WHERE `username` = ?");
$stmt->bind_param("s",$u);
if($stmt->execute()){
$stmt->bind_result($count);
$stmt->fetch();
$stmt->close();
if($count != NULL){
$stmt = $conx->prepare("UPDATE users_tokens SET `token` = ?, `IP` = ? WHERE `username` = ?");
$stmt->bind_param("sss",$t, $ip, $u);
if($stmt->execute()){$stmt->close();}else{$stmt->error; $stmt->close();}
}
else{
$stmt = $conx->prepare("INSERT INTO users_tokens (`username`, `token`, `IP`) VALUES (?, ?, ?)");
$stmt->bind_param("sss",$u, $t, $ip);
if($stmt->execute()){
}else{ $stmt->error; $stmt->close();}
}
}else{ $stmt->error; $stmt->close();}
// setcookie("u", $u, strtotime( '+30 days' ), "", "", "", TRUE);
// setcookie("t", $t, strtotime( '+30 days' ), "", "", "", TRUE);
echo "SUCCESS";
$_SESSION['t'] = $t;
$_SESSION['u'] = $u;
return;
}
}
?>
我的userFunc类文件:
function validSess($a = 'bool'){
$conx = mysqli_connect("mysql.pipeten.co.uk", "********", "********", "******_GameAndShame");
if(isset($_SESSION['u']) && isset($_SESSION['t'])){
$u = $_SESSION['u'];
$t = $_SESSION['t'];
$u = preg_replace('#[^a-z0-9_]#i', '', $u);
$t = preg_replace('#[^a-z0-9_]#i', '', $t);
$user_ok = $this->evalLoggedUser($conx,$u,$t);
if($user_ok){
if($a == 'bool'){
return true;
}
}else{return false;}
}
}
function evalLoggedUser($conx,$u,$t){
$stmt = $conx->prepare("SELECT `ip` FROM users WHERE `username` = ? LIMIT 1");
$stmt->bind_param("s",$u);
if($stmt->execute()){
$stmt->bind_result($ip);
$stmt->fetch();
$stmt->close();
}else{$stmt->error; $stmt->close();}
$stmt = $conx->prepare("SELECT * FROM users_tokens WHERE `username` = ? AND `IP` = ?");
$stmt->bind_param("ss",$u,$ip);
if($stmt->execute()){
$stmt->bind_result($uid, $user, $token, $ip2);
$stmt->fetch();
if($ip == $ip2){
if($ip2 == preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'))){
if($t == $token){
return true;
}else{ echo "Invalid Token, somebody else could have logged in as you?"; }
}else{header("location:/auth/logout.php");}
}else{ header("location:/auth/logout.php"); }
}else{ $stmt->error; $stmt->close();}
}
在我的profile.php页面的顶部,我有检查有效会话的代码:
<?php
session_start();
include("style/fonts/fonts.html");
include_once("".$_SERVER['DOCUMENT_ROOT']."/includes/Krumo/class.krumo.php");
include_once("".$_SERVER['DOCUMENT_ROOT']."/auth/class_loader.php");
krumo($_SESSION);
$sessCheck = new userFunc;
if($sessCheck->validSess('bool')){
$sess = true;
echo "SESSION IS VALID";
}
else{ $sess = false; $_SESSION['msg'] = "You are not logged in, please log in to access your profile.";}
?>
1 个答案:
答案 0 :(得分:1)
我已经解决了这个问题!
logout.php文件返回www。该网站的版本,而会议在非www上运行。该网站的版本,因为有些链接使用“/”来获取根路径,而有些使用了完整的地址,我在技术上导致了两个会话,一个是在www上运行的上一个会话。以及在非www。
上运行的新会话所有这一切都是由于我的.HTACCESS
中的一些网址重写造成的SUCCESS! (现在)
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?