我正在使用PDO构建这个简单的登录/注册/注销系统。我正在尝试添加会话,以便未登录的用户无法导航到home.php,但即使我添加了session_start()并将电子邮件存储为$_SESSION['user_email'] = $email_log。
我仍然在没有登录的情况下导航到home.php。
登录代码:
if (isset($_POST['submit_log']) == 1) {
$stmt_lg = $conn->prepare("SELECT id, email, password FROM user WHERE email = :email_log AND password = :password_log");
$stmt_lg->bindParam(":email_log", $email_log);
$stmt_lg->bindParam(":password_log", $password_log);
$stmt_lg->execute();
$user = $stmt_lg->fetch(PDO::FETCH_ASSOC);
if ($user === false) {
echo "<script>alert('Username or password is incorrect.');</script>";
} else {
$_SESSION['user_email'] = $user['email_log'];
$_SESSION['logged_in'] = time();
header('Location: home.php');
exit;
}
}
home.php:
$sess = $_SESSION['user_email'];
$sess_ch = $conn->prepare("SELECT email FROM user WHERE email = :user_email");
$sess_ch->bindParam(":user_email", $sess);
$sess_ch->execute();
$ses = $sess_ch->setFetchMode(PDO::FETCH_ASSOC);
if ($ses === 1) {
echo "<script>window.location.href = 'index.php';</script>";
}
logout.php:
<?php
if (isset($_POST['logout'])) {
unset($_SESSION['user_email']);
$_SESSION = array();
session_destroy();
header("Location: index.php");
}
?>
的index.php:
<?php
session_start();
$servername = "localhost";
$username = "root";
$password = "";
$name = $_POST['name'];
$email = $_POST['email'];
$pass = $_POST['password'];
$pass2 = $_POST['password2'];
$email_log = $_POST['email_log'];
$password_log = $_POST['password_log'];
try {
$conn = new PDO("mysql:host=$servername;dbname=program", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo "<script>alert('Connected successfully');</script>";
if (isset($_POST['submit']) == 1) {
$stmt_ch = $conn->prepare("SELECT email FROM user WHERE email = :email");
$stmt_ch->bindParam(":email", $email);
$stmt_ch->execute();
if ($stmt_ch->rowCount() === 1) {
echo "<script>alert('Username already taken.');</script>";
} else {
$stmt_re = $conn->prepare("INSERT INTO user (name, email, password) VALUES (:name, :email, :password)");
$stmt_re->bindParam(":name", $name);
$stmt_re->bindParam(":email", $email);
$stmt_re->bindParam(":password", $pass);
$stmt_re->execute();
echo "<script>alert('Account was successfully registerd.');</script>";
}
}
if (isset($_POST['submit_log']) == 1) {
$stmt_lg = $conn->prepare("SELECT id, email, password FROM user WHERE email = :email_log AND password = :password_log");
$stmt_lg->bindParam(":email_log", $email_log);
$stmt_lg->bindParam(":password_log", $password_log);
$stmt_lg->execute();
$user = $stmt_lg->fetch(PDO::FETCH_ASSOC);
if ($user === false) {
echo "<script>alert('Username or password is incorrect.');</script>";
} else {
$_SESSION['user_email'] = $user['email_log'];
$_SESSION['logged_in'] = time();
header('Location: home.php');
exit;
}
}
} catch(PDOException $e) {
echo "Connection failed: " . $e->getMessage();
}
?>
答案 0 :(得分:0)
删除此部分代码,因为$ses将在失败时返回true和false,此外,您只需检查会话变量是否已设置。
if ($ses === 1) {
echo "<script>window.location.href = 'index.php';</script>";
}
在您的home.php顶部检查是否未设置$_SESSION['user_email'],如果未设置,则重定向到其他页面
session_start();
if(!isset($_SESSION['user_email'])){
//Redirect to other page since the user_email is not set
//Let just say you will redirect to index.php file
header("Location: index.php");
}
答案 1 :(得分:0)
这是不正确的:var_dump($ses);因为setFetchMode返回一个bool。因此,如果您$ses === true,您可能会发现$ses = $sess_ch->fetch();
if(!$ses){ header('Location: index.php'); }
,这与1不相同;因此你的if语句返回false。
相反,请使用:
EnvDTE.TextSelection ts = DTE.ActiveDocument.Selection as EnvDTE.TextSelection;
string relativePath = ts.Text;
string absolutePath = System.IO.Path.Combine(System.IO.Path.GetDirectoryName(DTE.Solution.FileName), relativePath);
DTE.ItemOperations.OpenFile(absolutePath, null);
编辑澄清:我在home.php谈论的