我遇到的问题似乎很多人已经尝试了所有提供的解决方案,但似乎没有任何工作。
我的会话开始于每个页面重定向,并在重定向后调用header(location: exact url) {我尝试了会话保存和其他几个)。 Globals不是问题(PHP 7),文件属于子域(目前正在开发中)确切的链接:
exit();启动会话的文件位于文件夹
中localhost:1080/basefolder/admin/file.php
login.php - localhost:1080 / basefolder / admin / login.php
localhost:1080/basefolder/admin/php/file.php
会话功能位于 localhost:1080 / basefolder / admin / php / adminloginfunctions.php:
<?php
include 'php/adminloginfunctions.php';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($_POST['type'] == 'login'){
$username = $_POST['loginusername'];
$password = $_POST['loginpassword'];
if (login($username, $password)) {
header('Location: http://' . $_SERVER['SERVER_NAME'].':1080' . dirname($_SERVER['REQUEST_URI']) . '/home.php');
exit();
}
} else {
logout();
}
}
?>
重定向页面<?php
include 'adminmySQLCon.php';
sec_session_start();
function sec_session_start() {
$session_name = 'sec_session_id';
$secure = true;
$httponly = true;
if (ini_set('session.use_only_cookies', 1) === FALSE) {
header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
exit();
}
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"],
$cookieParams["path"],
$cookieParams["domain"],
$secure,
$httponly);
session_name($session_name);
session_start();
session_regenerate_id(true);
}
function login($email, $password) {
global $conn;
if ($stmt = $conn->prepare("SELECT Occupant.idOccupant, Occupant.Occ_Email, Occupant.Occ_Password, roles.RoleLevel
FROM Occupant INNER JOIN userrolemapping ON Occupant.idOccupant = userrolemapping.URMUserId
INNER JOIN roles on roles.idRoles = userrolemapping.URMRoleID
WHERE Occ_Email = ?
LIMIT 1")) {
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($user_id, $username, $db_password, $userrole);
$stmt->fetch();
if ($stmt->num_rows == 1) {
if (checkbrute($user_id) == true) {
return false;
} else {
if (password_verify($password, $db_password)) {
$user_browser = $_SERVER['HTTP_USER_AGENT'];
$_SESSION['user_id'] = $user_id;
$_SESSION['username'] = $username;
$_SESSION['login_string'] = hash('sha512',
$db_password . $user_browser);
$_SESSION['userrole'] = $userrole;
// Login successful.
return true;
} else {
$now = time();
$conn->query("INSERT INTO login_attempts(idOccupant, time)
VALUES ('$user_id', '$now')");
return false;
}
}
} else {
return false;
}
}
}
位于 localhost:1080 / basefolder / admin / home.php:
home.php导致错误:
注意:未定义的索引:用户名在&#39;文件夹链接&#39;在第3行
没有尝试的东西,任何帮助都会很棒。
答案 0 :(得分:0)
在“session_set_cookie_params”中将secure设置为false似乎解决了这个问题。
function sec_session_start() {
$session_name = 'sec_session_id';
$secure = FALSE;
$httponly = true;
if (ini_set('session.use_only_cookies', 1) === FALSE) {
header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
exit();
}
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"],
$cookieParams["path"],
$cookieParams["domain"],
$secure,
$httponly);
session_name($session_name);
session_start();
session_regenerate_id(true);
}