我的会话有问题,我的应用程序中有一项功能,需要两种不同类型的用户登录,一种是Admin,这意味着他可以在应用程序中尽一切可能,其他是编辑,他只能做一些事情。
我的问题是会话似乎互相重叠,我在管理员中登录,会话信息是编辑中的一个。
以下是管理员的登录信息:
<!---Login PHP--->
<?php
if( isset($_POST['btn-login']) ) {
$email = $_POST['email'];
$senha = $_POST['senha'];
$Error = false;
if (empty($email)) {
$Error= true;
$error = "Preencha o email.";
}
if (empty($senha)) {
$Error = true;
$error2 = "Preencha a senha.";
}
if($email) {
$sql = "SELECT email FROM admin WHERE email = '$email'";
$stmt = $conn->prepare($sql);
$stmt->execute();
$cout = $stmt->rowCount();
//echo "Email - ".$cout;
}
if($senha) {
$sql = "SELECT senha FROM admin WHERE email = '$email'";
$stmt = $conn->prepare($sql);
$stmt->execute();
$cout = $stmt->rowCount();
if($cout == 1) {
//echo "<br>Password - ".$cout;
$hashed = $stmt->fetch(PDO::FETCH_ASSOC);
//echo "<br>Password HASHED - ".$hashed['senha'];
$hashed_pass = $hashed['senha'];
}
}
if (!empty($email) && !empty($senha) && filter_var($email,FILTER_VALIDATE_EMAIL) && password_verify($senha,$hashed_pass) && !$Error) {
$sql = "SELECT email, senha FROM admin WHERE email ='$email' AND senha = '$hashed_pass'";
$query = $conn->prepare($sql);
$query->execute();
$count = $query->rowCount();
if($count == 1){
session_start();
$_SESSION['email'] = $email;
$_SESSION['senha'] = $crypt;
header("Location: home.php");
exit;
}
else {
$error = "Erro: password ou email errados";
}
}
}
?>
继承我的编辑登录:
<?php
/*EDITOR*/
if( isset($_POST['btn-login2']) ) {
$email = $_POST['email'];
$senha = $_POST['senha'];
if (empty($email)) {
echo "Preencha o email";
}
if (empty($senha)) {
echo "Preencha a senha";
}
if($email) {
$sql = "SELECT email FROM editor WHERE email = '$email'";
$stmt = $conn->prepare($sql);
$stmt->execute();
$cout = $stmt->rowCount();
//echo "Email - ".$cout;
}
if($senha) {
$sql = "SELECT senha FROM editor WHERE email = '$email'";
$stmt = $conn->prepare($sql);
$stmt->execute();
$cout = $stmt->rowCount();
if($cout == 1) {
//echo "<br>Password - ".$cout;
$hashed = $stmt->fetch(PDO::FETCH_ASSOC);
//echo "<br>Password HASHED - ".$hashed['senha'];
$hashed_pass = $hashed['senha'];
}
}
if (!empty($email) && !empty($senha) && filter_var($email,FILTER_VALIDATE_EMAIL) && password_verify($senha,$hashed_pass)) {
$sql = "SELECT email, senha FROM editor WHERE email ='$email' AND senha = '$hashed_pass'";
$query = $conn->prepare($sql);
$query->execute();
$count = $query->rowCount();
if($count == 1){
session_start();
// criar sessão com o email recebido por post e mandar o utilizador para a página home
$_SESSION['email_e'] = $email;
$_SESSION['senha_e'] = $senha;
header("Location: home.php");
exit;
}
else {
echo "Erro: password ou email errados";
}
}
}
?>
以下是Sessions文件:
<?php
ob_start();
session_start();
// if session is not set this will redirect to login page
if( !isset($_SESSION['email']) && !isset($_SESSION['senha'])) {
header("Location: admin.php");
exit;
}
// ADMIN SESSIONS
if(isset($_SESSION['email'])){
//echo "entrei";
// select loggedin users detail
$res = "SELECT * FROM admin WHERE email='".$_SESSION['email']."'";
$stmt = $conn->prepare($res);
//echo "<br>SQL - > ".$res;
$stmt ->execute();
$count = $stmt ->rowCount();
if ( $count == 1 ) {
$userRow = $stmt->fetch(PDO::FETCH_ASSOC);
}
}
//EDITOR SESSIONS
if(isset($_SESSION['email_e'])) {
//echo "<br>Entrei2";
$sql = "SELECT * FROM editor WHERE email = '".$_SESSION['email_e']."'";
//echo "<br>SQL - > ".$sql;
$stmt = $conn->prepare($sql);
$stmt->execute();
$count = $stmt->rowCount();
if($count == 1) {
$userRow = $stmt->fetch(PDO::FETCH_ASSOC);
}
//echo "<br>Contagem - ".$count;
} else {
echo "<br>Sem Sucesso";
}
?>
当我试图解决这个问题时,我可能因为我没有破坏会话,但仍然没有解决这个问题,我可能在这里做错了我相信。
退出文件:
<?php
session_start();
ob_start();
if (!isset($_SESSION['email']) || !isset($_SESSION['email_e'])) {
header("Location: index.php");
exit();
} else if(isset($_SESSION['email'])!="") {
header("Location: index.php");
exit();
}
//ADMIN LOGOUT
if (isset($_GET['logout'])) {
unset($_SESSION['email']);
unset($_SESSION['email_e']);
session_unset();
session_destroy();
header("Location: error.php");
exit;
}
ob_end_flush();
?>
提前感谢任何人。
答案 0 :(得分:1)
通过创建2个不同的会话变量,您正在处理这两类用户似乎很奇怪。我认为发生的事情是某种变量不会被取消,从而导致你的问题。
使用相同的变量($ _SESSION [&#39; email&#39;])然后根据用户类型显示您想要的任何内容会更加简单和优雅。
认为您希望在某个时候添加新的用户类型:您必须编辑处理登录和注销的所有代码,这是不正常的。
尝试仅为管理员和编辑者创建一个登录页面,并根据他们的电子邮件从数据库中获取用户类型。