为什么我的php会话不会在网页之间持续存在?

时间:2016-01-08 01:42:42

标签: php html mysql

我正在创建一个具有不同权限级别的用户的登录系统。我遇到的问题是Session变量不在页面之间持久存在。 1级用户似乎正常工作,但即使设置了会话变量,2级用户也无法浏览登录页面。目前我有3个页面:登录页面,主页和限制页面,用户必须登录才能查看。 1级用户只有帐户名(电子邮件地址),必须从管理员处获取临时密码。密码过期后,他们必须获取另一个临时密码或提升其权限才能登录.2级和3级用户同时拥有帐户名(电子邮件地址)和非过期密码。我的问题在于2级和3级帐户。出于某种原因,当他们登录时,会话变量已设置,但不会从登录页面重定向。此外,如果他们尝试访问要求他们登录的页面,则会删除会话变量。

主页的目录位置:root / index.php
主页的PHP代码:

<?php
    session_start();
    //echo print_r($_SESSION);
?>

登录页面的目录位置:root / pages / folder / login.php
登录页面的PHP代码:

<?php
    session_start();
    //echo print_r($_SESSION);
    if (isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] == true) {
        //echo "logged in";
        header("location: restrictedPage.php");
    }
?>

受限页面的目录位置:root / pages / folder / restrictedPage.php
限制页面的Php代码:

<?php
    session_start();
    //echo print_r($_SESSION);
    //phpinfo();
    if (isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] == true) {
        //echo "logged in";
    }
    else {
        header("location: login.php");
    }
?>

登录脚本的目录位置:root / scripts / loginScript.php
登录脚本的PHP代码:

<?php


$host = "localhost";                        // Host name 
$username = "test";                         // mysqli username 
$password = "test";                 // mysqli password 
$db_name = "database";          // Database name 

// Connect to server and select databse.
$con = mysqli_connect($host, $username, $password, $db_name)or die("cannot connect");

// username and password sent from form 
$username = $_POST['login']; 
$password = $_POST['password'];

//sql queries
$accountQuery = "SELECT * FROM accounts WHERE email='$username'";
$emailPasswordQuery = "SELECT * FROM accounts WHERE email='$username' && password='$password'";
$level1PasswordQuery = "SELECT * FROM level1Passwords WHERE password = '$password' && DATEDIFF(CURDATE(), date_created) <= 3";

// Protects against mysqli injection (more detail about mysqli injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($con, $username);
$password = mysqli_real_escape_string($con, $password);

$result = mysqli_query($con, $accountQuery);
$count = mysqli_num_rows($result);              //counts number of rows that match username
$accountArray = mysqli_fetch_array($result);    //converts query result into an array
$accountLevel = $accountArray['accountLevel'];  //gets permissions level

if (strcmp($accountLevel, "1") == 0) {
    $level1Result = mysqli_query($con, $level1PasswordQuery);
    $count2 = mysqli_num_rows($level1Result);   //counts number of rows that match password and arent expired
    $level1ResultArray = mysqli_fetch_array($level1Result);

    // If $username and $password are valid and password isnt expired, both row counts will = 1
    if ($count == 1 && $count2 == 1) {
        session_start();
        $_SESSION['loginError'] = 0;
        $_SESSION['loggedIn'] = true;
        $_SESSION['username'] = $username;
        $_SESSION['accountLevel'] = $accountLevel;
        //echo print_r($_SESSION); //prints all session variables
        mysqli_close($con);
        header("location: ../pages/folder/restrictedPage.php");
        //header("location: ../pages/folder/login.php");
    }
    else {
        $_SESSION['loginError'] = 1;
        header("location: ../pages/folder/login.php");
    }
}
else if(strcmp($accountLevel, "2") == 0 || strcmp($accountLevel, "3") == 0) {
    $level2Result = mysqli_query($con, $emailPasswordQuery);
    $count2 = mysqli_num_rows($level2Result);   //counts number of rows that match password
    //$level2ResultArray = mysqli_fetch_array($level2Result);

    // If $username and $password are valid, both row counts will = 1
    if ($count == 1 && $count2 == 1) {
        session_start();
        $_SESSION['loginError'] = 0;
        $_SESSION['loggedin'] = true;
        $_SESSION['username'] = $username;
        $_SESSION['accountLevel'] = $accountLevel;
        header("location: ../pages/folder/restrictedPage.php");
        mysqli_close($con);
    }
    else {
        $_SESSION['loginError'] = 1;
        header("location: ../pages/folder/login.php");
    }
}
else {
    $_SESSION['loginError'] = 1;
    header("location: ../pages/folder/login.php");
}
?>

任何帮助将不胜感激!提前谢谢!

修改
从我的PHP代码中删除echo语句并不能解决我的php会话不能持续用于2级和3级用户的问题 此外,如果用户通过点击浏览器上的后退按钮导航回登录页面,则会将其记录下来。有没有办法阻止这种情况发生?

0 个答案:

没有答案