$ _SESSION变量有时不适用于登录系统

时间:2016-06-30 08:02:45

标签: php session login

首先,我有点智慧结束。我一直在网上寻找解决方案,除了似乎没有帮助的死路之外什么也找不到。我是一个业余开发人员,在一个大型的网站上工作。

以下代码段显示了我们的登录系统。

HTML登录              

    <form action="/script.php" method="post" id="loginvbform">
    <div>
        <input type="hidden" name="function" value="Login" />
        <input type="submit" id="logins" value="<?php echo $t['loginbox_login']?>" />
        <input type="text" class="logininput" name="name" placeholder="<?php echo $t['general_username']?>" required="required" /><br />
        <input type="password" class="logininput" name="pass" placeholder="<?php echo $t['general_password'];?>" required="required" /><br />
    </div>
    </form>

    <p><a href="/forgotpass.php"><?php echo $t['loginbox_forgot_password'];?></a> | <a href="/register.php"><?php echo $t['loginbox_register'];?></a></p>
</div>

脚本文件(相关功能) 

// Remove spaces from the entered username, so that the few péople with former spaces can login without problems
$p_name = str_replace(' ', '', $p_name);
echo $p_name;
$user_info = db_get_result(db_query("SELECT user_id, username, pword, auth_verified, user_status, pword_new FROM users WHERE username = '$p_name'"));
$user_found = false;


if($user_info == null)                                                    $cs->WriteNote(false, $t['login_error'], $t['login_error_faulty_username']);
else if(isset($user_info['pword_new'])) if(password_verify("$pass", $user_info['pword_new']))                $cs->WriteNote(false, $t['login_error'], str_replace(array('[link_resetpassword]', '[/link]'), array('<a href="/forgotpass.php">', '</a>'), $t['login_error_wrong_password']));
else if($user_info['pword'] != md5($pass))                                $cs->WriteNote(false, $t['login_error'], str_replace(array('[link_resetpassword]', '[/link]'), array('<a href="/forgotpass.php">', '</a>'), $t['login_error_wrong_password']));
else if($user_info['user_status'] == 0)                                   $cs->WriteNote(false, $t['login_error'], str_replace(array('[link_contact]', '[/link]'), array('<a href="/support.php">', '</a>'), $t['login_error_user_suspended']));

// Everything is fine, we can log this user in
else
{
    // in January 2016, we upgraded password security. In order to do this, we needed to force all users to log-in again so that we could hash their passwords from the raw password. This code does the hashing if they have no updated password hash.
    if(empty($user_info['pword_new']))
    {

        $pword_new = password_hash("$pass", PASSWORD_DEFAULT)."\n";
        db_query("UPDATE users SET pword_new = '$pword_new' WHERE username = '$p_name'");
     }  

    $_SESSION['user_id'] = $user_info['user_id'];
    $cs->WriteNote(true, $t['login_success']);
    $user_found = true;
    $redirect = "/user/" . $_SESSION['user_id'];
}

if(!$user_found)    { sleep(4);}

检查登录信息(此文件已加载到每个页面上) 

session_start(); 

...


 if(isset($_SESSION['user_id']))
{


    if(is_numeric($_SESSION['user_id']))
    {

    $uid = $_SESSION['user_id'];

        $login_data = db_get_result(db_query("SELECT * FROM users JOIN skins USING(skin_id) 
                                            WHERE users.user_id = $uid AND users.user_status > 0"));
        if($login_data)
        {
            $logged_in      = true;
            $user_id        = $uid;

*****Then there's some personal user data related stuff that you don't need to see*****

        }
    }
}

现在问题。

有时,这个系统不起作用。在这种情况下,$cs->WriteNote函数的几个实例用于向用户写入错误消息和登录通知,但是当登录系统失败时,不会显示这些实例。这个系统在85%的情况下都能完美运行。

浏览器似乎没有发挥作用,因为人们在Chrome,Firefox,Edge(关于Opera的idk)上报告了这个错误。允许使用Cookie的浏览器仍会遇到此错误。

即使登录失败,$redirect = "/user/" . $_SESSION['user_id'];实际上设置正确并重定向到正确的页面,但会话不会通过重定向保留。

我锁定了网站,以便每个页面都必须使用www。域,因为我认为这可能是问题。它似乎没有帮助。

以下是关于会话的php配置:

指令|本地价值|主值 

session.auto_start  Off Off

session.cache_expire    180 180

session.cache_limiter   nocache nocache

session.cookie_domain   no value    no value

session.cookie_httponly Off Off

session.cookie_lifetime 0   0

session.cookie_path /   /

session.cookie_secure   Off Off

session.entropy_file    /dev/urandom    /dev/urandom

session.entropy_length  32  32

session.gc_divisor  1000    1000

session.gc_maxlifetime  1440    1440

session.gc_probability  1   1

session.hash_bits_per_character 5   5

session.hash_function   0   0

session.name    PHPSESSID   PHPSESSID

session.referer_check   no value    no value

session.save_handler    files   files

session.save_path   no value    no value

session.serialize_handler   php php

session.upload_progress.cleanup On  On

session.upload_progress.enabled On  On

session.upload_progress.freq    1%  1%

session.upload_progress.min_freq    1   1

session.upload_progress.name    PHP_SESSION_UPLOAD_PROGRESS PHP_SESSION_UPLOAD_PROGRESS

session.upload_progress.prefix  upload_progress_    upload_progress_

session.use_cookies On  On

session.use_only_cookies    On  On

session.use_strict_mode Off Off

session.use_trans_sid   0   0

如果您需要更多信息,请随时提出,我会尽力透露。

有没有人知道我们的登录系统没有工作的原因?

1 个答案:

答案 0 :(得分:0)

您需要在每个页面的开头加入session_start

  

session_start()根据通过GET或POST请求传递的会话标识符创建会话或恢复当前会话,或通过cookie传递。

相关问题
最新问题