点击链接到另一个页面时,我的网站会记录我

时间:2015-07-07 17:57:13

标签: php mysql session server logout

我的网站会话存在问题。我建立了一个网站,要求用户登录才能查看网页。它在我的域下工作完全完美,但是当我将所有文件上传到不同的服务器时,临时性让客户端在这个服务器上预览网页我得到了这个问题我在标题中说明了。它会自动说密码不正确。您仍然可以正常登录,但如果您尝试导航到网站中的其他页面,它会在99%的时间内将您登录。<​​/ p>

我正在使用PHPSecurePages作为我的登录表单,所以在我的每个网页的开头我都有

 <?php
      // Connect To Secure Login
      $cfgProgDir = 'phpSecurePages/';
      include($cfgProgDir . "secure.php"); 

这就是secure.php的样子

// Create a constant that can be checked inside the files to be included.
// This gives an indication if secure.php has been loaded correctly.
define('LOADED_PROPERLY', true);

// Check if secure.php has been loaded correctly
if (isset($_GET['cfgProgDir']) || isset($_POST['cfgProgDir']) || isset($_GET['languageFile']) || isset($_POST['languageFile'])) {
        echo "Parsing of phpSecurePages has been halted!";
        exit();
        }

// include configuration
require($cfgProgDir . 'config.php');

// https support
if (getenv('HTTPS') == 'on') {
        $cfgUrl = 'https://';
        }
else {
        $cfgUrl = 'http://';
        }

// getting other variables

    $phpSP_message = false;

// include functions and variables
if ( !defined("FUNCTIONS_LOADED") ) {
        // check if functions were already loaded
        include($cfgProgDir . 'objects/functions.php');
        }
include($cfgProgDir . 'lng/' . $languageFile);


// choose between login or logout
if (isset($logout) && !(isset($_GET['logout']) || isset($_POST['logout']))) {
        // logout
        include($cfgProgDir . 'objects/logout.php');
        }
else {
        // starting login check
        if ($noDetailedMessages == true) {
                $strUserNotExist = $strUserNotAllowed = $strPwNotFound = $strPwFalse = $strNoPassword = $strNoAccess;
                }

        // make post variables global
        if (isset($_POST['entered_login'])) $entered_login = $_POST['entered_login'];
        if (isset($_POST['entered_password'])) $entered_password = $_POST['entered_password'];

        // check if login is necessary
        include($cfgProgDir . "objects/checklogin.php");

        // check if IP is allowed (if using IP-restriced access)
        if ($use_IP_restricted_access==true) {
                include($cfgProgDir . "objects/checklogin_ip.php");
                }

        // check login with Database
        if ($useDatabase == true) {
                include($cfgProgDir . 'objects/checklogin_db.php');
                }

        // check login with Data
        elseif ($useData == true) {
                include($cfgProgDir . 'objects/checklogin_data.php');
                }

它检查这个php文件(checklogin.php)

// check if login is necessary

// Check if secure.php has been loaded correctly
if ( !defined("LOADED_PROPERLY") || isset($_GET['cfgProgDir']) || isset($_POST['cfgProgDir'])) {
        echo "Parsing of phpSecurePages has been halted!";
        exit();
}

if (!isset($entered_login) && !isset($entered_password)) {
        // use data from session
        session_start();
        // session hack to make sessions on old php4 versions work
        if (phpversion() > 4.0) {
                if (isset($_SESSION['login'])) $login = $_SESSION['login'];
                if (isset($_SESSION['password'])) $password = $_SESSION['password'];
                }
        }
else {
        // use entered data
        session_start();
        // session hack to make sessions on old php4 versions work
        if (phpversion() <= 4.0) {
                session_unregister("login");
                session_unregister("password");
                }
        // encrypt entered login & password
        $login = $entered_login;
        if ($passwordEncryptedWithMD5 && function_exists(md5)) {
                $password = md5($entered_password);
                }
        else {
                $password = $entered_password;
                }
        // session hack to make sessions on old php4 versions work
        if (phpversion() > 4.0) {
                $_SESSION['login'] = $login;
                $_SESSION['password'] = $password;
                }
        else {
                session_register("login");
                session_register("password");
                }
        }

if (!isset($login)) {
        // no login available
        include($cfgProgDir . "interface.php");
        exit;
        }

if (!isset($password)) {
        // no password available
        $phpSP_message = $strNoPassword;
        include($cfgProgDir . "interface.php");
        exit;
        }

// login and password variables exist
// continue to checking them
?>

0 个答案:

没有答案