会话缓存问题

时间:2010-06-10 12:26:00

标签: php

我对php会话有一个奇怪的问题。我在我的网站上使用它们进行授权。我存储了两个变量 - 当前在会话中记录了用户的id和用户名。当我使用一个用户名登录时,除了注销并使用另一个用户名再次登录之前,使用会话变量而不是当前用户返回上一个用户的id。

最奇怪的是,只有在将一些数据插入数据库时​​才会发生这种情况。当我直接回显此变量时,会显示正确的id,但是当我将新记录插入数据库时​​,此变量会发送错误的id。

这是我用于将数据发送到数据库的PHP代码:

<?php
session_start();
//connect database
require_once 'dbc.php';

$authorID = $_SESSION['user_id'];
if ( $authorID != 0 ) {
        $content = htmlentities($_POST["answ_content"],ENT_COMPAT,'UTF-8');
        $dro = date('Y-m-d H:i:s');
        $qID = $_POST["question_ID"];
        $author = 'avtori';


        $sql="INSERT INTO comments (comment_ID, comment_post_ID, comment_author, comment_date, comment_content, user_id) 
            VALUES
          (NULL, '$qID', '$author', '$dro', '$content', '$authorID')";

        $result = mysql_query($sql);

} else {
    echo 'error';
}

?>

有人可以帮忙吗?

这是退出功能:

function logout()
{
global $db;
session_start();

if(isset($_SESSION['user_id']) || isset($_COOKIE['user_id'])) {
mysql_query("update `users` 
            set `ckey`= '', `ctime`= '' 
            where `id`='$_SESSION[user_id]' OR  `id` = '$_COOKIE[user_id]'") or die(mysql_error());
}           

/************ Delete the sessions****************/
unset($_SESSION['user_id']);
unset($_SESSION['user_name']);
unset($_SESSION['user_level']);
unset($_SESSION['HTTP_USER_AGENT']);
session_unset();
session_destroy(); 

/* Delete the cookies*******************/
setcookie("user_id", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_name", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_key", '', time()-60*60*24*COOKIE_TIME_OUT, "/");

header("Location: index.php");
}

以下是身份验证脚本:

include 'dbc.php';

$err = array();

foreach($_GET as $key => $value) {
    $get[$key] = filter($value); //get variables are filtered.
}

if ($_POST['doLogin']=='Login')
{

foreach($_POST as $key => $value) {
    $data[$key] = filter($value); // post variables are filtered
}


$user_email = $data['usr_email'];
$pass = $data['pwd'];


if (strpos($user_email,'@') === false) {
    $user_cond = "user_name='$user_email'";
} else {
      $user_cond = "user_email='$user_email'";

}


$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users WHERE 
           $user_cond
            AND `banned` = '0'
            ") or die (mysql_error()); 
$num = mysql_num_rows($result);

  // Match row found with more than 1 results  - the user is authenticated. 
    if ( $num > 0 ) { 

    list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result);

    if(!$approved) {
    //$msg = urlencode("Account not activated. Please check your email for activation code");
    $err[] = "Account not activated. Please check your email for activation code";

    //header("Location: login.php?msg=$msg");
     //exit();
     }

        //check against salt
    if ($pwd === PwdHash($pass,substr($pwd,0,9))) { 
     // this sets session and logs user in  
       session_start();
       session_regenerate_id (true); //prevent against session fixation attacks.

       // this sets variables in the session 
        $_SESSION['user_id']= $id;  
        $_SESSION['user_name'] = $full_name;
        $_SESSION['user_level'] = $user_level;
        $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);

        //update the timestamp and key for cookie
        $stamp = time();
        $ckey = GenKey();
        mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());

        //set a cookie 

       if(isset($_POST['remember'])){
                  setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                  setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
                  setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                   }
        if(empty($err)){            
          header("Location: myaccount.php");
         }
        }
        else
        {
        //$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
        $err[] = "Invalid Login. Please try again with correct user email and password.";
        //header("Location: login.php?msg=$msg");
        }
    } else {
        $err[] = "Error - Invalid login. No such user exists";
      }     
}

3 个答案:

答案 0 :(得分:3)

杀死我发布的代码有多少人容易受到 SQL injection 的攻击!

<?php
$content = htmlentities($_POST["answ_content"],ENT_COMPAT,'UTF-8');
        // ^ Attack  vector
$dro = date('Y-m-d H:i:s');
$qID = $_POST["question_ID"];
    // ^ Attack vector
$author = 'avtori';

$sql="INSERT INTO comments (comment_ID, comment_post_ID, comment_author, comment_date, comment_content, user_id) 
      VALUES
      (NULL, '$qID', '$author', '$dro', '$content', '$authorID')";
?>

<强> Sanitize your database inputs

答案 1 :(得分:0)

您可以使用session_regenerate_id确保使用新会话ID并销毁旧会话ID:

session_start();
if ($userIsAuthentic) {
    session_regenerate_id(true);
}

如果您没有使用PHP 5.1.0或更高版本,则可以使用此等效项替换缺少的 delete_old_session 参数:

session_start();
if ($userIsAuthentic) {
    $_SESSION = array();
    session_destroy();
    session_write_close();
    session_start();
    session_regenerate_id();
}

答案 2 :(得分:0)

尝试从轨道上训练会话:session_destroy

调用它,核对其会话cookie,立即结束脚本,并将用户定向到登录页面。他们将在那里进行新的会话并正确登录。

相关问题
最新问题