Question

我尝试使用php session（）构建安全区域。基本工作流程：

登录 - ＆gt;转到检查用户页面：

查询用户的数据库
开始会话 - ＆gt;在session_start（）;然后设置会话变量
转到主页会员页面

检查用户页面上的

代码

session_start();
error_reporting(E_ALL); ini_set('display_errors', 1);
include 'dbconnect.php';
$email_address = isset($_POST['email_address']) ?        $_POST['email_address'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';

  $passwordmd5 = md5($password);
  $result = mysqli_query($con, "SELECT * FROM users WHERE email_address='$email_address' AND password='$passwordmd5' AND activated='1'");
  $login_check = mysqli_num_rows($result);
  if($login_check > 0){
  while($row = mysqli_fetch_array($result)){
  foreach( $row AS $key => $val ){
    $$key = stripslashes( $val );
}
      $_SESSION['first_name'] = $first_name;
}

我注意到如果我离开网站并回到浏览器中，我会从未定义的会话变量中获取。对我有意义，因为我离开了安全页面。但这里似乎有些不对劲。这应该是这样的吗？什么是最好的修复方法？这是位于安全站点中每个页面顶部的内容

ob_start();
session_start();
require_once ('verify.php'); 
$page_title = 'sponsor.php';
$sid = session_id();
$first_name=$_SESSION['first_name'];

脚本中出现错误＆＃39; /home/buzrw/public_html/web/website/php/main.php'第8行：未定义的索引：first_name

包含我的错误处理程序的verify.php脚本如下：

<?php 

// Flag variable for site status:
define('LIVE', TRUE);

// Admin contact address:
define('EMAIL', 'myemail');

// Site URL (base for all redirections. This is the address they will be redirected to if they try to access a protected page and they are not logged in.):
define ('BASE_URL', 'http://www.website.org/index.php');

// Location of the MySQL connection script:
define ('MYSQL', 'dbconnect.php');


// Create the error handler:
debug_backtrace;
function my_error_handler ($e_number, $e_message, $e_file, $e_line, $e_vars) {

// Build the error message.
$message = "<p>An error occurred in script '$e_file' on line $e_line: $e_message\n<br />";

// Add the date and time:
$message .= "Date/Time: " . date('n-j-Y H:i:s') . "\n<br />";

// Append $e_vars to the $message:
$message .= "<pre>" . print_r ($e_vars, 1) . "</pre>\n</p>";

if (!LIVE) { // Development (print the error).

    echo '<div class="error">' . $message . '</div><br />';

} else { // Don't show the error:

    // Send an email to the admin:
    mail(EMAIL, 'Site Error!', $message, 'From: admin@website.org');

    // Only print an error message if the error isn't a notice:
    if ($e_number != E_NOTICE) {
        echo '<div class="error">A system error occurred. We apologize for the inconvenience.</div><br />';
    }
} // End of !LIVE IF.

} // End of my_error_handler() definition.

// Use my error handler.
set_error_handler ('my_error_handler');

使用session

0 个答案: