我必须首先说我对PHP很新,并尽我所能。
我已经广泛搜索了一个解决方案但是因为有类似的问题/答案,我还没有能够解决我的问题。
我有一个相当简单的登录界面/检查为login.php和一个secure.php(将在我的帖子末尾显示这两个文件)用户被重定向到用户名&密码匹配数据库。
当您在填写正确的用户/传递时按下登录按钮时没有任何反应,因为登录的会话显然是错误的,它只是不断循环login.php。
其余部分没有填写所有表格,错误的通行证或用户通知都正常工作,所以没有错。
那么,如何将我的会话设为TRUE并在secure.php上显示登录的用户名?
Login.php:
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="login screen" content="">
<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
<title>TEST</title>
<link rel="stylesheet" href="css/style.css">
<?php
session_start();
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
if (isset($_POST['username']) && trim($_POST['username']) != '' &&
isset($_POST['password']) && trim($_POST['password']) != '')
{
try
{
$maxAttempts = 4;
$attemptsTime = 10;
$db = new PDO('mysql:host=localhost;dbname=users', 'root', '');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$checkUsers =
"SELECT
user_id
FROM
users
WHERE
username = :username
AND
password = :password";
$userStmt = $db->prepare($checkUsers);
$userStmt->execute(array(
':username' => $_POST['username'],
':password' => $_POST['password'])
);
$user = $userStmt->fetchAll();
$checkTries =
"SELECT
username
FROM
loginfail
WHERE
DateAndTime >= NOW() - INTERVAL :attemptsTime MINUTE
AND
username = :username
GROUP BY
username, IP
HAVING
(COUNT(username) = :maxAttempts)";
$triesStmt = $db->prepare($checkTries);
$triesStmt->execute(array(
':username' => $_POST['username'],
':attemptsTime' => $attemptsTime,
':maxAttempts' => $maxAttempts
));
$tries = $triesStmt->fetchAll();
if (count($user) == 1 && count($tries) == 0)
{
$_SESSION['user'] = array('user_id' => $user[0]['user_id'], 'IP' => $_SERVER['REMOTE_ADDR']);
header('Location: secure.php');
die;
}
else
{
$insertTry =
"INSERT INTO
loginfail
(username,
IP,
dateAndTime)
VALUES
(:username,
:IP,
NOW())";
$insertStmt = $db->prepare($insertTry);
$insertStmt->execute(array(
':username' => $_POST['username'],
':IP' => $_SERVER['REMOTE_ADDR']
));
if(count($tries) > 0)
{
header('Refresh: 3; url=login.php');
$message = 'To many login tries, try again in a couple of minutes.';
}
else
{
header('Refresh: 3; url=login.php');
$message = 'Username or password not correct.';
}
}
}
catch (PDOException $e)
{
$message = $e->getMessage();
}
$db = NULL;
}
else
{
header('Refresh: 3; url=login.php');
$message = 'Please fill in all required fields.';
}
}
?>
<body>
<?php
if (isset($message))
{
echo $message;
}
?>
<form method="post" action="login.php" class="login">
<p>
<label for="username">User:</label>
<input type="text" name="username" id="username">
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password">
</p>
<p class="login-submit">
<button type="submit" class="login-button">Login</button>
</p>
</form>
</body>
Secure.php:
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="secure" content="">
<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
<title>Secure</title>
<link rel="stylesheet" href="css/style.css">
<?php
session_start();
if(!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] == false)
{
header('Location: login.php');
exit();
}
echo 'Welcome '.$_SESSION['user'].' and thanks for logging in.</center>';
?>
答案 0 :(得分:1)
您没有$_SESSION["logged_in"]
....您有$_SESSION['user']
试试这个:
if(!isset($_SESSION['user']) || $_SESSION['user'] == false){
header('Location: login.php');
exit();
}
echo 'Welcome '.$_SESSION['user'].' and thanks for logging in.</center>';
答案 1 :(得分:0)
在session_start();必须在所有输出之前
<?php session_start(); ?>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="login screen" content="">
<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
<title>TEST</title>
<link rel="stylesheet" href="css/style.css">
答案 2 :(得分:0)
您没有设置$_SESSION['logged_in']
。所以在secure.php中它会重定向回login.php。在重定向之前将$_SESSION['logged_in']
设置为true,它将起作用
答案 3 :(得分:0)
你必须看两点: - 放置“session_start”的位置 - 如何保存文件
您必须在发送任何字节之前启动会话。 因此,“session_start()”应放在文件的开头。 在开始使用SESSION的PHP代码之前,不能使用HTML代码,空格或“介绍”。
了解如何保存文件。 除了“UTF-8”和“没有BOM的UTF-8”之外,它不一样。 使用第一种类型,您将无法使用SESSION。