我有两个PHP页面:
我的登录页面传递了"提交"按钮并在我正确输入登录时重定向到index.php。如果输入错误的登录信息,验证工作正常。
但是,user_id似乎没有转入index.php。我无法在调试中将其打印出来,因为它说user_id无效。
我知道正在读取数据库,因为它正在页面上显示数据。
两个页面都有session_start();在顶部。
关于如何让user_id从登录转移到索引的任何想法?
以下是我的login.php:
<?php
session_start();
require_once "pdo.php";
// Redirect to index.php if use clicks cancel button
if ( isset($_POST['cancel'] ) ) {
header("Location: index.php");
return;
}
$salt = 'XyZzy12*_';
// If we have POST data, process it
if ( isset($_POST['email']) && isset($_POST['pass']) ) {
// Check for email and password
if ( strlen($_POST['email']) < 1 || strlen($_POST['pass']) < 1 ) {
$_SESSION['error'] = "Email and password are required";
header("Location: login.php");
return;
// Check for at-sign in email
} elseif (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$_SESSION['error'] = "Email must have an at-sign (@)";
header("Location: login.php");
return;
} else {
$check = hash('md5', $salt.$_POST['pass']);
$stmt = $pdo->prepare('SELECT * FROM users WHERE email = :em AND password = :pw');
$stmt->execute(array( ':em' => $_POST['email'], ':pw' => $check));
$check = $stmt->fetch(PDO::FETCH_ASSOC);
if ($check === false) {
// Else redirect to the login page
$_SESSION['error'] = "Incorrect Password";
error_log("Login fail ".$_POST['email']." $check");
header("Location: login.php");
return;
} else {
$_SESSION['name'] = $_POST['email'];
error_log("Login success ".$_POST['email']);
header("Location: index.php");
return;
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
</head>
<body>
<div class="container">
<?php
// Message View of Errors
if ( isset($_SESSION['error']) ) {
echo('<p style="color: red;">'.htmlentities($_SESSION['error'])."</p>\n");
unset($_SESSION['error']);
}
?>
<h1>Please Log In</h1>
<form method="POST">
<label for="name">Email</label>
<input type="text" name="email" id="name"><br/>
<label for="id_1723">Password</label>
<input type="text" name="pass" id="id_1723"><br/>
<input type="submit" value="Log In" onclick="return doValidate();">
<input type="submit" name="cancel" value="Cancel">
</form>
</div>
<script>
function doValidate() {
console.log('Validating...');
try {
pw = document.getElementById('id_1723').value;
console.log("Validating pw="+pw);
if (pw == null || pw == "") {
alert("Both fields must be filled out");
return false;
}
return true;
} catch(e) {
return false;
}
return false;
}
</script>
</body>
</html>
下面是我的index.php:
<?php
session_start();
require_once "pdo.php";
require_once "util.php";
// Fetch Profiles
$stmt = $pdo->query("SELECT * FROM profile");
$profiles = array();
while ( $row = $stmt->fetch(PDO::FETCH_ASSOC) ){
$profiles[] = $row;
}
?>
<!doctype html>
<html>
<head>
<title>Index</title>
</head>
<body>
<div class="container">
<br /><br />
<h1>Resume Entry</h1>
<?php
flashMessages();
// Login our Logout
if ( isset($_SESSION['user_id']) ){
echo('<p><a href="logout.php">Logout</a></p>'."\n");
} else {
echo('<p><a href="login.php">Please log in</a></p>'."\n");
}
// Show the table
if ( count($profiles) > 0 ) {
echo ( '<table border="1">'."\n");
echo ( '<tr><th>Name</th><th>Headline</th>');
if ( isset($_SESSION['user_id']) ) {
echo ( '<th>Action</th>' );
}
echo ("<tr>\n");
foreach ( $profiles as $profile ) {
echo ( "<tr><td>\n" );
echo ( '<a href="view.php?profile_id='.$profile['profile_id'].'">' );
echo ( htmlentities($profile['first_name']) );
echo ( ' ' );
echo ( htmlentities($profile['last_name']) );
echo ( '</a>' );
echo ( "</td><td>\n" );
echo ( htmlentities($profile['headline']) );
echo ( "</td>" );
if ( isset($_SESSION['user_id']) ) {
echo ( "<td>\n" );
if ( $_SESSION['user_id'] == $profile['user_id'] ) {
echo ( '<a href="edit.php?profile_id='.$profile['profile_id'].'">Edit</a>' );
echo ( ' ' );
echo ( '<a href="delete.php?profile_id='.$profile['profile_id'].'">Delete</a>' );
}
echo ( "</td>" );
}
echo ( "</tr>\n" );
}
echo ( "</table>\n" );
}
if ( isset($_SESSION['user_id']) ) {
echo ( '<p><a href="add.php">Add New Entry</a></p>'."\n" );
}
?>
</div>
</body>
</html>
答案 0 :(得分:1)
在login.php的成功屏幕中,您没有在任何地方设置$_SESSION['user_id']
。