PHP无法设置会话变量

时间:2014-12-18 09:53:52

标签: php

从登录页面我捕获用户和密码值:

<?php
session_start();
$error=''; 
$rows = 0;
if (isset($_POST['submit'])) {
    $username=$_POST['username'];
    $password=$_POST['password'];
    $mysqli = new mysqli("localhost","xxxxx","xxxxx","xxxxxxx");
    if (mysqli_connect_errno()) {
        printf("Connect failed: %s\n", mysqli_connect_error());
        exit();
    }
    $username = stripslashes($username);
    $password = stripslashes($password);
    $username = $mysqli->real_escape_string($username);
    $password = $mysqli->real_escape_string($password);
    $query = "select count(*) from login where password='$password' AND username='$username'";
   if ($stmt = $mysqli->prepare($query)) {
        $stmt->execute();
        $stmt->store_result();
        $rows = $stmt->num_rows;
        $stmt->close();
   }
}
$mysqli->close();
if ($rows == 1) {
    $_SESSION['login_user']=$username; 
    header("location: profile.php"); 
} else {
    header("location: login.php"); 
    $error = "Username or Password is invalid";
} 
?>

我的profile.php脚本如下所示:

<?php
include('session.php');
?>
<!DOCTYPE html>
<html>
<head>
<title>Your Home Page</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
   <div id="profile">
     <b id="welcome">Welcome : <i><?php echo $login_session; ?></i></b>
     <b id="logout"><a href="logout.php">Log Out</a></b>
   </div>
</body>
</html>

和session.php

<?php
if(!isset($_SESSION['login_user'])){
    header('Location: login.php');
}
?>

我的代码流就像提交登录表单时一样,validate_login.php源代码将验证用户的详细信息。如果细节正确,将显示profile.php页面或再次返回登录页面。

我有3个困难;

  1. 如何调试PHP脚本?
  2. 为什么我的代码又回到了登录页面 - 我已经通过硬编码错误的未定义变量(强制转储)进行了测试 - 我发现在进入if条件时输入的行定义了会话变量[if(if) $ rows == 1)]
  3. 我们可以通过其他方式验证会话 - 基本上只有登录用户才能看到更多页面吗?

3 个答案:

答案 0 :(得分:1)

你现在没有会话在session.php

<?php
if(!isset($_SESSION['login_user'])){
header('Location: login.php');
}
?>

您需要添加session_start();

所以你会得到

<?php
session_start();
if(!isset($_SESSION['login_user'])){
header('Location: login.php');
}
?>

为了安全起见,最好使用准备好的prepared statements。 对于错误的handelings,尝试做一些真正的会话吗?。

if(session_id() == '' || !isset($_SESSION)) {
    // session isn't started
    echo "No session";
}

答案 1 :(得分:0)

你的session.php应该是

  

empty()基本上简洁等同于!isset($var) || $var == false

<?php
session_start();
if(empty($_SESSION['login_user'])){
header('Location: login.php');
}
?>

将session.php包含在您的脚本中以及任何其他适用于注册用户的页面

<?php
include_once('session.php');
$error=''; 
$rows = 0;
if (isset($_POST['submit'])) {
$username=$_POST['username'];
$password=$_POST['password'];
$mysqli = new mysqli("localhost","xxxxx","xxxxx","xxxxxxx");
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}
$username = stripslashes($username);
$password = stripslashes($password);
$username = $mysqli->real_escape_string($username);
$password = $mysqli->real_escape_string($password);
$query = "select count(*) from login where password='$password' AND username='$username'";
if ($stmt = $mysqli->prepare($query)) {
$stmt->execute();
$stmt->store_result();
$rows = $stmt->num_rows;
$stmt->close();
}
}
$mysqli->close();
if ($rows == 1) {
$_SESSION['login_user']=$username; 
header("location: profile.php"); 
} else {
header("location: login.php"); 
$error = "Username or Password is invalid";
} 
?>

答案 2 :(得分:0)

在使用任何会话变量之前调用session_start()函数。

如果收到如下警告:警告:无法修改标题信息 - 已发送的标题(输出从脚本:行开始),然后使用@ suppress operator

@session_start() //@ for error suppression