我正在创建一个具有不同权限级别的用户的登录系统。我遇到的问题是Session变量不在页面之间持久存在。 1级用户似乎正常工作,但即使设置了会话变量,2级用户也无法浏览登录页面。目前我有3个页面:登录页面,主页和限制页面,用户必须登录才能查看。 1级用户只有帐户名(电子邮件地址),必须从管理员处获取临时密码。密码过期后,他们必须获取另一个临时密码或提升其权限才能登录.2级和3级用户同时拥有帐户名(电子邮件地址)和非过期密码。我的问题在于2级和3级帐户。出于某种原因,当他们登录时,会话变量已设置,但不会从登录页面重定向。此外,如果他们尝试访问要求他们登录的页面,则会删除会话变量。
主页的目录位置:root / index.php
主页的PHP代码:
<?php
session_start();
//echo print_r($_SESSION);
?>
登录页面的目录位置:root / pages / folder / login.php
登录页面的PHP代码:
<?php
session_start();
//echo print_r($_SESSION);
if (isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] == true) {
//echo "logged in";
header("location: restrictedPage.php");
}
?>
受限页面的目录位置:root / pages / folder / restrictedPage.php
限制页面的Php代码:
<?php
session_start();
//echo print_r($_SESSION);
//phpinfo();
if (isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] == true) {
//echo "logged in";
}
else {
header("location: login.php");
}
?>
登录脚本的目录位置:root / scripts / loginScript.php
登录脚本的PHP代码:
<?php
$host = "localhost"; // Host name
$username = "test"; // mysqli username
$password = "test"; // mysqli password
$db_name = "database"; // Database name
// Connect to server and select databse.
$con = mysqli_connect($host, $username, $password, $db_name)or die("cannot connect");
// username and password sent from form
$username = $_POST['login'];
$password = $_POST['password'];
//sql queries
$accountQuery = "SELECT * FROM accounts WHERE email='$username'";
$emailPasswordQuery = "SELECT * FROM accounts WHERE email='$username' && password='$password'";
$level1PasswordQuery = "SELECT * FROM level1Passwords WHERE password = '$password' && DATEDIFF(CURDATE(), date_created) <= 3";
// Protects against mysqli injection (more detail about mysqli injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($con, $username);
$password = mysqli_real_escape_string($con, $password);
$result = mysqli_query($con, $accountQuery);
$count = mysqli_num_rows($result); //counts number of rows that match username
$accountArray = mysqli_fetch_array($result); //converts query result into an array
$accountLevel = $accountArray['accountLevel']; //gets permissions level
if (strcmp($accountLevel, "1") == 0) {
$level1Result = mysqli_query($con, $level1PasswordQuery);
$count2 = mysqli_num_rows($level1Result); //counts number of rows that match password and arent expired
$level1ResultArray = mysqli_fetch_array($level1Result);
// If $username and $password are valid and password isnt expired, both row counts will = 1
if ($count == 1 && $count2 == 1) {
session_start();
$_SESSION['loginError'] = 0;
$_SESSION['loggedIn'] = true;
$_SESSION['username'] = $username;
$_SESSION['accountLevel'] = $accountLevel;
//echo print_r($_SESSION); //prints all session variables
mysqli_close($con);
header("location: ../pages/folder/restrictedPage.php");
//header("location: ../pages/folder/login.php");
}
else {
$_SESSION['loginError'] = 1;
header("location: ../pages/folder/login.php");
}
}
else if(strcmp($accountLevel, "2") == 0 || strcmp($accountLevel, "3") == 0) {
$level2Result = mysqli_query($con, $emailPasswordQuery);
$count2 = mysqli_num_rows($level2Result); //counts number of rows that match password
//$level2ResultArray = mysqli_fetch_array($level2Result);
// If $username and $password are valid, both row counts will = 1
if ($count == 1 && $count2 == 1) {
session_start();
$_SESSION['loginError'] = 0;
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
$_SESSION['accountLevel'] = $accountLevel;
header("location: ../pages/folder/restrictedPage.php");
mysqli_close($con);
}
else {
$_SESSION['loginError'] = 1;
header("location: ../pages/folder/login.php");
}
}
else {
$_SESSION['loginError'] = 1;
header("location: ../pages/folder/login.php");
}
?>
任何帮助将不胜感激!提前谢谢!
修改
从我的PHP代码中删除echo语句并不能解决我的php会话不能持续用于2级和3级用户的问题
此外,如果用户通过点击浏览器上的后退按钮导航回登录页面,则会将其记录下来。有没有办法阻止这种情况发生?