将会话转移到其他页面时出现问题

时间:2010-12-29 19:16:02

标签: php session

我可以登录用户,但在处理下一页(memebers区域)时,我无法显示任何用户信息,更不用说打印$_SESSION[email]了。我不确定是什么。以下是登录代码,测试成员是页面。

登录页面:

session_start(); 

//also in a real app you would get the id dynamically
$sql = "select `email`, `password` from `accounts` where `email` = '$_POST[email]'";
$query = mysql_query($sql) or die ("Error: ".mysql_error());

while ($row = mysql_fetch_array($query)){

    $email = $row['email'];
    $secret = $row['password'];

    //we will echo these into the proper fields

}
mysql_free_result($query);

// Process the POST variables
$email = $_POST["email"];

//Variables
$_SESSION["email"] = $_POST["email"];

$secret = $info['password'];

//Checks if there is a login cookie

if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page

{ 
    $email = $_COOKIE['ID_my_site']; 

    $pass = $_COOKIE['Key_my_site'];

    $check = mysql_query("SELECT email, password FROM accounts WHERE email =   '$email'")or die(mysql_error());

    while($info = mysql_fetch_array( $check )) 

    {

        if (@ $info['password'] != $pass) 
        {
        }

        else

        {

            header("Location: home.php");

        }
    }

}

//if the login form is submitted 

if (isset($_POST['submit'])) { // if form has been submitted

    // makes sure they filled it in

    if(!$_POST['email'] | !$_POST['password']) {

        die('You did not fill in a required field.');

    }

    // checks it against the database

    if (!get_magic_quotes_gpc()) {

        $_POST['email'] = addslashes($_POST['email']);

    }

    $check = mysql_query("SELECT email,password FROM accounts WHERE email = '".$_POST['email']."'")or die(mysql_error());

    //Gives error if user dosen't exist

    $check2 = mysql_num_rows($check);

    if ($check2 == 0) {

        die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
    }

    while($info = mysql_fetch_array( $check ))  

        //gives error if the password is wrong

        if (@ $_POST['password'] != $info['password']) {

            die('Incorrect password, please try again');
        }

        else 

        { 

            // if login is ok then we add a cookie 

            $_POST['email'] = stripslashes($_POST['email']); 

            $hour = time() + 3600; 

            setcookie(ID_my_site, $_POST['email'], $hour); 

            setcookie(Key_my_site, $_POST['password'], $hour);   

            //then redirect them to the members area 

            header("Location: home.php"); 

        } 

    } 

} 

else 

{    

    // if they are not logged in 

?> 

<?php 

}  

?> 

home.php

session_start(); 

if(!isset($_SESSION['email'])) {
    header('Location: login_test3.php'); die('<a  href="login_test3.php">Login first!</a>');
}

//Variables
$_SESSION["email"] = $email;

print $_SESSION['name'];

更新

      Just realized the existing code gets in to the home.php file but will not echo anything.  But as soon as you hit refresh the session is gone.  

1 个答案:

答案 0 :(得分:1)

请您重新格式化该代码吗?用缩进和空白来理解它真的很难。一旦它恢复,我会尽力帮助你。

一个提示:输入清洁!

这些功能给我带来了很多麻烦:

function forceInteger($variable) {
    return preg_replace("/[^0-9]/", "", $variable);
}
function forceAlpha($variable) {
    return preg_replace("/[^A-Za-z]/", "", $variable);
}
function forceAlphaNum($variable) {
    return preg_replace("/[^A-Za-z0-9 \-\.]/", "", $variable);
}
function forceAlphaNumNoSpace($variable) {
    return preg_replace("/[^A-Za-z0-9\-\.]/", "", $variable);
}

我发现破折号和句号对于大多数短字符串都是足够的。如果参加textarea,请通过以下方式运行:

function forceNaturalLanguage($variable) {
    return preg_replace("/[^A-Za-z0-9 \-\.\?\!]/", "", $variable);
}

这是我的建议: login.php(处理身份验证的脚本)

session_start();
if ($_POST["submit"]) {
    // query database for email and password, where email is posted email
    $sql = "SELECT * FROM `accounts` WHERE `email` = '{$_POST[email]'}";
    $query = mysql_query($sql) or die ("Error: ".mysql_error());

    if (mysql_num_rows($query) == 1) {
        // there's one result - we got it!
        $result = mysql_fetch_assoc($query);
        if ($_POST["password"] == $result["password"]) {
            // Successful auth.
            // Set session vars and redirect with header()
            $_SESSION["Authenticated"] = true;
            $_SESSION["FirstName"] = $result["FirstName"];
            $_SESSION["Email"] = $result["Email"];
            header("Location: /home.php?event=login");
            // Don't forget to exit(), otherwise some other code may run, causing unintended behaviours
        }
        else {
            // Password didn't match.
            exit("Incorrect password");
        }
    }
}
else {
    // No email match
    exit("Email not found.");
}

几点:
1.在双引号字符串中,要将数组值放入查询中,必须将其括在{花括号}中,如下所示:“嗨,{$ _SESSION [”FirstName“]}”;

2.不要 EVER 直接从用户输入设置会话变量。如果您从数据库中获取它,请从那里存储它。这是最安全的方式。

3.当您使用PHP会话时,设置自己的登录cookie是没有意义的。如果您想更改名称,请尝试以下操作:

ini_set("session.name","coolSession");