我已经构建了一个验证用户的php登录,如果成功则重定向到landing.php。否则,将向用户提供登录错误。一旦登陆landing.php,我试图检查$ _SESSION是否存在。如果是的话,那就用一块吧。如果不是,则应将用户重定向到登录页面。但是,如果我直接在浏览器中键入landing.php url以跳过登录,则即使$ _SESSION为空,页面也不会重定向。请告知检查会议的最佳方式。
我的代码:
landing.php :( PHP脚本)
<?php
session_start();
include('inc.php');
if (!(session_id())) {
header("Location: ['url']/index.php"); /*url not displayed for security*/
} else {
$welcome = "Welcome ".$_SESSION['userinfo']['firstname'];
}
?>
login.php :(创建会话的地方)
<?php
session_start();
include("inc.php");
if ((isset($_POST['username'])) and (isset($_POST['password']))) {
$login = $_POST['username'];
$pass = $_POST['password'];
} else {
//echo json_encode("Credentials did not save. Please try again.");
echo "Credentials did not save. Please try again.";
}
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_errno) {
//echo json_encode("There was a problem connecting to MySQL: (" . $conn->connect_errno . ") " . $conn->connect_error);
echo "There was a problem connecting to MySQL: (" . $conn->connect_errno . ") " . $conn->connect_error;
//echo json_encode("There was a problem connecting to MySQL.");
}
$sql = "SELECT * FROM sched_users WHERE login = ? ORDER BY login LIMIT 1";
if (!($sql = $conn->prepare("SELECT * FROM sched_users WHERE login = ? ORDER BY login LIMIT 1"))) {
//echo json_encode("Prepare failed: (" . $conn->errno . ") " . $conn->error);
echo "Prepare failed: (" . $conn->errno . ") " . $conn->error;
//echo json_encode("Prepare failed.");
}
if (!($sql->bind_param("s", $login))) {
//echo json_encode("Binding parameters failed: (" . $sql->errno . ") " . $sql->error);
echo "Binding parameters failed: (" . $sql->errno . ") " . $sql->error;
//echo json_encode("Binding parameters failed.");
}
if (!$sql->execute()) {
//echo json_encode("Execute failed: (" . $sql->errno . ") " . $sql->error);
echo "Execute failed: (" . $sql->errno . ") " . $sql->error;
//echo json_encode("Execute failed.");
}
$res = $sql->get_result();
if ($res->num_rows === 0) {
//echo json_encode("No user record found.");
echo "No user record found.";
} else if (!(($res->num_rows === 1) or ($res->num_rows === 0))) {
//echo json_encode("Too many results returned.");
echo "Too many results returned.";
} else {
$row = $res->fetch_array();
$hash = $row['password'];
if (password_verify($pass, $hash)) {
/*
$session = true;
echo json_encode($session);
*/
$_SESSION['userinfo']['firstname'] = $row['firstname'];
$_SESSION['userinfo']['lastname'] = $row['lastname'];
$_SESSION['userinfo']['email'] = $row['email'];
$_SESSION['userinfo']['phone'] = $row['phone'];
$_SESSION['userinfo']['company'] = $row['company'];
$_SESSION['userinfo']['department'] = $row['department'];
$_SESSION['userinfo']['admin'] = $row['admin'];
$_SESSION['userinfo']['statusflag'] = $row['statusflag'];
$_SESSION['userinfo']['revoked'] = $row['revoked'];
header("location: [url]/landing.php");/*url not displayed for security*/
} else {
//$session = false;
//echo json_encode($session);
//echo json_encode("The username or password does not match. Please try again.");
echo "The username or password does not match. Please try again.";
}
}
$sql->close();
$conn->close();
?>
答案 0 :(得分:1)
这是你的问题:
session_start();
...
if (!(session_id())) {
只要您开始会话,就会有一个会话ID,因此条件!(session_id()将始终为false。
您应该检查会话的内容,例如:
if (!array_key_exists('userinfo', $_SESSION)) {
...