Question

我必须首先说我对PHP很新，并尽我所能。

我已经广泛搜索了一个解决方案但是因为有类似的问题/答案，我还没有能够解决我的问题。

我有一个相当简单的登录界面/检查为login.php和一个secure.php（将在我的帖子末尾显示这两个文件）用户被重定向到用户名＆amp;密码匹配数据库。

当您在填写正确的用户/传递时按下登录按钮时没有任何反应，因为登录的会话显然是错误的，它只是不断循环login.php。

其余部分没有填写所有表格，错误的通行证或用户通知都正常工作，所以没有错。

那么，如何将我的会话设为TRUE并在secure.php上显示登录的用户名？

Login.php：

<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="login screen" content="">
<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
<title>TEST</title>
<link rel="stylesheet" href="css/style.css">

<?php

session_start();

if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
    if (isset($_POST['username']) && trim($_POST['username']) != '' && 
        isset($_POST['password']) && trim($_POST['password']) != '')
    {
        try 
        {
            $maxAttempts = 4;
            $attemptsTime = 10;

            $db = new PDO('mysql:host=localhost;dbname=users', 'root', '');
            $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

            $checkUsers = 
                "SELECT 
                    user_id
                FROM
                    users
                WHERE
                    username = :username
                AND
                    password = :password";
            $userStmt = $db->prepare($checkUsers);
            $userStmt->execute(array(
                                ':username' => $_POST['username'],
                                ':password' => $_POST['password'])
                                );
            $user = $userStmt->fetchAll();

            $checkTries =
                "SELECT
                    username
                FROM
                    loginfail
                WHERE
                    DateAndTime >= NOW() - INTERVAL :attemptsTime MINUTE
                AND
                    username = :username    
                GROUP BY
                    username, IP
                HAVING
                    (COUNT(username) = :maxAttempts)";
            $triesStmt = $db->prepare($checkTries);
            $triesStmt->execute(array(
                                ':username' => $_POST['username'],
                                ':attemptsTime' => $attemptsTime,
                                ':maxAttempts' => $maxAttempts
                                ));
            $tries = $triesStmt->fetchAll();

            if (count($user) == 1 && count($tries) == 0)
            {
                $_SESSION['user'] = array('user_id' => $user[0]['user_id'], 'IP' => $_SERVER['REMOTE_ADDR']);
                header('Location: secure.php');
                die;
            }
            else
            {
                $insertTry = 
                    "INSERT INTO
                        loginfail
                            (username, 
                            IP,
                            dateAndTime)
                    VALUES
                        (:username,
                        :IP,
                        NOW())";
                $insertStmt = $db->prepare($insertTry);
                $insertStmt->execute(array(
                                        ':username' => $_POST['username'],
                                        ':IP' => $_SERVER['REMOTE_ADDR']
                                        ));
                if(count($tries) > 0)
                {
                    header('Refresh: 3; url=login.php');
                    $message = 'To many login tries, try again in a couple of minutes.';
                }
                else
                {
                    header('Refresh: 3; url=login.php');
                    $message = 'Username or password not correct.';
                }
            }
        }
        catch (PDOException $e)
        {
            $message = $e->getMessage();
        }
        $db = NULL;
    }
    else
    {
        header('Refresh: 3; url=login.php');
        $message = 'Please fill in all required fields.';
    }
}
?>

<body>

    <?php
        if (isset($message))
        {
            echo $message;
        }
    ?>

    <form method="post" action="login.php" class="login">

    <p>
        <label for="username">User:</label>
        <input type="text" name="username" id="username">
    </p>

    <p>
        <label for="password">Password:</label>
        <input type="password" name="password" id="password">
    </p>

    <p class="login-submit">
        <button type="submit" class="login-button">Login</button>
    </p>

    </form>

</body>

Secure.php：

<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="secure" content="">
<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
<title>Secure</title>
<link rel="stylesheet" href="css/style.css">

<?php 

session_start(); 

if(!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] == false) 
{ 
    header('Location: login.php'); 
    exit(); 
}  
echo 'Welcome '.$_SESSION['user'].' and thanks for logging in.</center>'; 
?>

Answer 1

您没有$_SESSION["logged_in"] ....您有$_SESSION['user']

试试这个：

if(!isset($_SESSION['user']) || $_SESSION['user'] == false){ 
  header('Location: login.php'); 
   exit(); 
 } 
   echo 'Welcome '.$_SESSION['user'].' and thanks for logging in.</center>';

Answer 2

在session_start（）;必须在所有输出之前

<?php session_start(); ?>    

<meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="login screen" content="">
    <meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
    <title>TEST</title>
    <link rel="stylesheet" href="css/style.css">

Answer 3

您没有设置$_SESSION['logged_in']。所以在secure.php中它会重定向回login.php。在重定向之前将$_SESSION['logged_in']设置为true，它将起作用

Answer 4

你必须看两点： - 放置“session_start”的位置 - 如何保存文件

您必须在发送任何字节之前启动会话。因此，“session_start（）”应放在文件的开头。在开始使用SESSION的PHP代码之前，不能使用HTML代码，空格或“介绍”。

了解如何保存文件。除了“UTF-8”和“没有BOM的UTF-8”之外，它不一样。使用第一种类型，您将无法使用SESSION。

无法让$ _SESSION ['user']显示/会话未实际录制？

4 个答案: