当用户登录我的网站时,会使用他们的"用户ID"创建会话。当他们想要更改他们的帐户信息时,他们可以点击按钮,他们将被重定向到" developer_infoupdater.php"文件。但每次他们更改信息时,会话结束并退出。我希望他们在更改信息后保持登录状态。我相信问题出现在" developerUpload.php"文件,因为我正在检查他们的信息是否是最新的,如果没有将他们重定向到注销页面。当我将目标从注销更改为另一个文件时,它转到我将其更改为的文件。所以我想要的是让用户在更新帐户信息后保持登录状态。这是我的代码
开发者上传文件
<?php
session_start();
try{
// new php data object
$handler = new PDO('mysql:host=127.0.0.1;dbname=magicsever', 'root', '');
//ATTR_ERRMODE set to exception
$handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}catch(PDOException $e){
die("There was an error connecting to the database");
}
//Check if TOKEN used to log in, is actually there
$token = $_SESSION['token'];
$stmtToken = $handler->prepare("SELECT * FROM token_table WHERE token = :token");
$stmtToken->execute(array(':token'=>$token));
if($rowToken = !$stmtToken->fetch()){
setcookie("id", "", time() - 60*60);
$_COOKIE['id'] = "";
header("Location: developerSignup.php");
exit;
}
//Check if information is still in there has changed
$userid = $_SESSION['id'];
$username = $_SESSION['username'];
$fullname = $_SESSION['fullname'];
$email = $_SESSION['email'];
$password = $_SESSION['password'];
$stmtChecker = $handler->prepare("SELECT * FROM generalusersdata WHERE user_id= :userid AND fullname = :fullname AND username = :username AND email = :email");
$stmtChecker->execute(array(':userid'=>$userid, ':fullname'=>$fullname, ':username'=>$username, ':email'=>$email));
if(!$resultChecker = $stmtChecker->fetch()){
setcookie("id", "", time() - 60*60);
$_COOKIE['id'] = "";
header("Location: developerLogin.php");
exit;
}
if(!password_verify($password, $resultChecker['password'])){
setcookie("id", "", time() - 60*60);
$_COOKIE['id'] = "";
header("Location: developerLogin.php");
exit;
}
if(isset($_COOKIE['id'])){
if(isset($_POST['changeSettings'])){
$_SESSION['token'] = $token;
$_SESSION['id'] = $userid;
$_SESSION['came_from_upload'] = true;
header("Location: developer_infoupdater.php");
exit;
}
}
信息更新文件
<?php
session_start();
if(empty($_FILES) && empty($_POST) && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) == 'post'){ //catch file overload error...
$postMax = ini_get('post_max_size'); //grab the size limits...
echo "<p style=\"color: #F00;\">\nPlease note files larger than {$postMax} will result in this error!</p>"; // echo out error and solutions...
return $postMax;
}
if(isset($_COOKIE['id'])){
if($_SESSION['came_from_upload'] != true){
setcookie("id", "", time() - 60*60);
$_COOKIE['id'] = "";
header("Location: developerLogin.php");
exit;
}
error_reporting(E_ALL & ~E_NOTICE);
if($_SERVER['REQUEST_METHOD'] =="POST"){
$token = $_SESSION['token'];
$userid = $_SESSION['id'];
$fullname = addslashes(trim($_POST['fullname']));
$username = addslashes(trim($_POST['username']));
$email = addslashes(trim($_POST['email']));
$password = addslashes(trim($_POST['password']));
$storePassword = password_hash($password, PASSWORD_BCRYPT, array('cost' => 10));
try{
// new php data object
$handler = new PDO('mysql:host=127.0.0.1;dbname=magicsever', 'root', '');
//ATTR_ERRMODE set to exception
$handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}catch(PDOException $e){
die("There was an error connecting to the database");
}
$stmtChecker = $handler->prepare("SELECT * FROM generalusersdata WHERE user_id = :userid");
$stmtChecker->bindParam(':userid', $userid, PDO::PARAM_INT);
$stmtChecker->execute();
if($result = !$stmtChecker->fetch()){
setcookie("id", "", time() - 60*60);
$_COOKIE['id'] = "";
header("Location: developerLogin.php");
exit;
}
if(!empty($fullname)){
$stmtFullname = $handler->prepare("UPDATE generalusersdata SET fullname = :fullname WHERE user_id = :userid");
$stmtFullname->bindParam(':fullname', $fullname, PDO::PARAM_STR);
$stmtFullname->bindParam(':userid', $userid, PDO::PARAM_INT);
$stmtFullname->execute();
}
if(!empty($username)){
$stmtCheckerUsername = $handler->prepare("SELECT * FROM generalusersdata WHERE username = :username");
$stmtCheckerUsername->bindParam(':username', $username, PDO::PARAM_STR);
$stmtCheckerUsername->execute();
if($resultCheckerUsername = $stmtCheckerUsername->fetch()){
die("Username Already in use! Please try again");
}
$stmtUsername = $handler->prepare("UPDATE generalusersdata SET username = :username WHERE user_id = :userid");
$stmtUsername->bindParam(':username', $username, PDO::PARAM_STR);
$stmtUsername->bindParam(':userid', $userid, PDO::PARAM_INT);
$stmtUsername->execute();
}
if(!empty($email)){
if(filter_var($email, FILTER_VALIDATE_EMAIL) == false){
die ("Email is Not Valid!");
}
$stmtCheckerEmail = $handler->prepare("SELECT * FROM generalusersdata WHERE email = :email");
$stmtCheckerEmail->bindParam(':email', $email, PDO::PARAM_STR);
$stmtCheckerEmail->execute();
if($resultCheckerEmail = $stmtCheckerEmail->fetch()){
die("Email Already in use! Please try again");
}
$stmtEmail = $handler->prepare("UPDATE generalusersdata SET email = :email WHERE user_id = :userid");
$stmtEmail->bindParam(':email', $email, PDO::PARAM_STR);
$stmtEmail->bindParam(':userid', $userid, PDO::PARAM_INT);
$stmtEmail->execute();
}
if(!empty($password)){
if(strlen($password) < 6){
die ("Password has to be GREATER than 6 characters!");
}
//Check if password has atleast ONE Uppercase, One Lowercase and a number
if(!preg_match("(^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).+$)",$password)){
echo 'Password needs to be at least ONE uppercase, ONE lowercase, and a number!';
exit;
}
$stmtPassword = $handler->prepare("UPDATE generalusersdata SET password = :password WHERE user_id = :userid");
$stmtPassword->bindParam(':password', $password, PDO::PARAM_STR);
$stmtPassword->bindParam(':userid', $userid, PDO::PARAM_INT);
$stmtPassword->execute();
}
if($_FILES['file']['error'] == UPLOAD_ERR_OK){
$file_tmp = file_get_contents($_FILES['file']['tmp_name']);
//keep only A-Z and 0-9 and everything else KILL
$file_name = preg_replace("/[^a-z0-9\.]/", "_", strtolower($_FILES['file']['name']));
$file_name = strtotime("now")."_".$file_name;
$mime = mime_content_type($_FILES['file']['tmp_name']);
if(strstr($mime, "video/")){
die("Please note that this file is NOT an image... Please select an image for your Profile Picture");
}else if(strstr($mime, "image/")){
$allowedTypes = array(IMAGETYPE_PNG, IMAGETYPE_JPEG);
$detectedType = exif_imagetype($_FILES['file']['tmp_name']);
if($extensionCheck = !in_array($detectedType, $allowedTypes)){
die("Failed to upload image; the format is not supported");
}
$dir = "devFiles/";
$uploadedFile = $dir . basename($_FILES['file']['name']);
if(is_dir($dir)==false){
mkdir($dir, 0700);
}
if(!move_uploaded_file($_FILES['file']['tmp_name'], $uploadedFile)){
die("There was an error moving the file... Please try again later!");
}
$stmtFile = $handler->prepare("UPDATE generalusersdata SET profile_image = :file_name, file_tmp = :file_tmp WHERE user_id = :userid");
$stmtFile->bindParam(':file_name', $file_name, PDO::PARAM_STR);
$stmtFile->bindParam(':file_tmp', $file_tmp, PDO::PARAM_STR);
$stmtFile->bindParam(':userid', $userid, PDO::PARAM_INT);
$stmtFile->execute();
}
}
$_SESSION['id'] = $userid;
$_SESSION['token'] = $token;
header("Location: developerUpload.php");
exit;
}
}else{
header("Location: developerLogin.php");
exit;
}
?>
答案 0 :(得分:1)
确实,在更改用户信息时,它与先前在会话中缓存的内容不匹配(这是合乎逻辑的)。在我看来,你有两个选择。
进行编辑时更新会话数据(难以维护)
只检查用户的主键(这就是我要做的)
$userid = $_SESSION['id'];
/* Nuke this stuff
$username = $_SESSION['username'];
$fullname = $_SESSION['fullname'];
$email = $_SESSION['email'];
$password = $_SESSION['password']; // I wouldn't persist the password, what do we need it for after login,
*/
//Look up the user by ID only
$stmtChecker = $handler->prepare("SELECT * FROM generalusersdata WHERE user_id= :userid");
$stmtChecker->execute(array(':userid'=>$userid));
if(!$resultChecker = $stmtChecker->fetch()){
setcookie("id", "", time() - 60*60);
$_COOKIE['id'] = "";
header("Location: developerLogin.php");
exit;
}else{
//if a user with this ID exists update session data.
$_SESSION['username'] = $resultChecker['username'];
$_SESSION['fullname'] = $resultChecker['fullname'];
$_SESSION['email'] = $resultChecker['email'];
}