更改页面后,php保持用户使用会话登录

时间:2018-08-14 15:01:28

标签: php session login

我正在开发带有会话的登录表单。当我登录并尝试更改同一域中的页面并返回登录页面时,我已注销并且需要凭据。贝娄是代码。

mysky.php(登录页面) 

<?php   
    session_start();
    $pageTitle = 'MySky Login';
    include 'header.php';
?>


<div id="cloud_box">
    <div id="cloud_title">My<span>Sky</span> Login</div>

    <form action="myskyweb.php" name="form" method="POST" 
     onsubmit="return IsEmpty();">

        <div id="msg"><?php if(isset($msg)) { echo $msg; }?></div>

        <div id="u">
            <div id="user1">U</div>
            <input type="text" id="user" name="user"/>
            <div id="error_u"></div>
        </div>

        <div id="p">
            <div id="pass1">P</div>
            <input type="password" id="pass" name="pass"/>
            <div id="error_p"></div>
        </div>

        <button id="btn" type="submit">Login</button>

    </form>

</div>



<?php include 'footer.php';?>

myskyweb.php(成功登录后) 

<?php 
    session_start();
    if(!isset($_SESSION['id']))
    {
        header("Location: mysky.php");
    }
    $pageTitle = sprintf('MySky - %s', $_POST['user']);
    include 'header.php';
    include 'login.php';
?>

<?php

print_r($_SESSION);

?>

<div id="logout"><a href="logout.php">Logout</a></div>

<?php include 'footer.php';?>

page1.php(我网域的一页) 

<?php 
    session_start();
    $pageTitle = 'page1';
    include 'header.php';
?>

<?php

print_r($_SESSION);

?>

<div id="structure">

<?php include 'footer.php';?>

page2.php(另一页) 

<?php 
    session_start();
    $pageTitle = 'page2';
    include 'header.php';
?>

<?php

print_r($_SESSION);

?>

<div class="slides">

<?php include 'footer.php';?>

login.php(检查凭据是否正确并为会话赋值) 

<?php

    include 'db_info.php';      
    $username = $password = $encrypted = $msg = '';

    //connect to db
    $conn = new mysqli($dbServer, $dbUser, $dbPass, $dbName) 
    or die($conn);

    //get values
    $username = $_POST['user'];
    $password = $_POST['pass'];

    //prevent mysql injection
    $username = stripcslashes($username);
    $password = stripcslashes($password);
    $username = mysqli_real_escape_string($conn, $username);
    $password = mysqli_real_escape_string($conn, $password);

    //encrypt pass
    $encrypted = md5($password);

    //search
    $sql = "SELECT * FROM users WHERE username = '$username' AND password = '$encrypted'";
    $result = mysqli_query($conn, $sql) or die("Failed to query database ".mysqli_error($conn));

    //compare
    $row = mysqli_fetch_array($result);
    if (($row['username'] == $username) && ($row['password'] == $encrypted)){
        $_SESSION['id'] = $row['id'];
        $_SESSION['user'] = $row['username'];
        $_SESSION['logged_in'] = time();
    } else {
        $msg = 'Credentials mismatch';
        header("Location: /mysky.php");
        die();
    }
    mysqli_close($conn);


?>

我在所有页面上都使用了功能 print_r()来了解问题是否出在会话上。会话不是问题,因为登录后每个页面都会显示会话var。因此,会话在更改页面后保留值。我无法理解为什么我再次在登录页面中看到登录表单,而不是看到成功的登录页面。

感谢您的帮助!

3 个答案:

答案 0 :(得分:0)

登录时,您需要分配一个$ _SESSION变量。请看下面的示例

Login.php 

//login code

.....

//
//if successful
            $_SESSION['user_id'] = $user['username'];
        $_SESSION['logged_in'] = time();

        header( "Location: /protected.php" );
        die();

例如,然后在后续页面的顶部。

home.php 

<?php 
session_start();
if(isset($_SESSION['user_id']) || isset($_SESSION['logged in'])){ 
echo 'blah'
?>
  

如果您要删除登录按钮,或者如果他们尝试重定向则重定向   访问登录页面,您需要进行一些处理才能实现   这个。

更改登录按钮->退出按钮 

<?php if(isset($_SESSION['user_id']) || isset($_SESSION['logged in'])){ 
?>
            <li> <a href="logout.php"> Logout | <?php echo 
$_SESSION['user_id'] ?> </a></li>
            <?php }else{ ?>
            <li> <a href="loginpage.php" >login</a></li>
                <?php } ?>

Protected.php 

<?php


session_start();
if(!isset($_SESSION['user_id']) || !isset($_SESSION['logged_in'])){

echo "Oops, you're not supposed to be here\n";
echo 'You\'ll be redirected in  5 seconds. If not, click <a 
href="index.php">here</a>.';
header( "refresh:5;url=index.php" );
exit;
}


echo 'Congratulations! You are logged in!';
echo 'You\'ll be redirected in  5 seconds. If not, click <a 
href="index.php">here</a>.';
header( "refresh:5;url=index.php" );
die();


?>

我相信这就是您想要实现的一切,只需根据需要更改变量

答案 1 :(得分:0)

编辑1

  

我可以成功登录,但是如果然后单击菜单page1.php,然后   单击mysky.php,我再次看到登录表单,而不是   myskyweb.php(授权页面)

好-这很重要。所以您的问题没有登录,对吗?但是,在身份验证之后,如果您返回登录页面,则会看到登录表单,并且不会被重定向。如果您已通过身份验证,则要自动重定向到登录页面。是吗?

如果是这样,那么我的问题是,您在 mysky.php(登录页面)中检查用户是否已登录?我什么地方都看不到支票。

您需要:

<?php

session_start();

// If the user is already logged in, redirect them to the landing page. 
if (isset($_SESSION['id'])) {
    header("Location: myskyweb.php");
}

您仅在检查是否设置了会话变量login.php后才调用id。这就是为什么它会将您重定向回登录页面。将包含在内的内容直接移到session_start()下。有时它起作用的唯一原因是存在一个会话-请参阅我的下一点。

myskyweb.php(成功登录后) 

<?php 
session_start();

// Move this include up here before the check.
include 'login.php';

if(!isset($_SESSION['id']))
{
    header("Location: mysky.php");
}
$pageTitle = sprintf('MySky - %s', $_POST['user']);
include 'header.php';
...
?>

此外,出于调试目的,每次单击登录屏幕时都清除会话。这样一来,您就不会对过时的会话数据感到困惑,让您保持登录状态

mysky.php(登录页面) 

<?php

// Always clear the session when hitting the log in page. 
session_destroy();
$_SESSION = [];
...

您很容易受到SQL Injection攻击-查找参数化查询。

发出die;呼叫后,您需要致电header-https://stackoverflow.com/a/768472/296555

答案 2 :(得分:0)

@waterloomatt和@Isaac感谢您的时间和回复!几个小时后,终于我找到了有效的代码。如果您发现任何错误,我将很高兴知道! 我会遇到SQL注入攻击的问题吗?

login.php 

<?php
    session_start();

    include 'db_info.php';  

    //connect to db
    $conn = new mysqli($dbServer, $dbUser, $dbPass, $dbName) 
    or die($conn);

    //get values
    if ((isset($_POST['user'])) && (isset($_POST['user']))){
        $username = $_POST['user'];
        $password = $_POST['pass'];
    } else {
        $username = null;
        $password = null;
    }   

    //prevent mysql injection
    $username = stripcslashes($username);
    $password = stripcslashes($password);
    $username = mysqli_real_escape_string($conn, $username);
    $password = mysqli_real_escape_string($conn, $password);

    //encrypt pass
    $encrypted = hash('sha256', $password);

    //search
    $sql = "SELECT * FROM users WHERE username = '$username' AND password = '$encrypted'";
    $result = mysqli_query($conn, $sql) or die("Failed to query database ".mysqli_error($conn));

    //compare
    $row = mysqli_fetch_array($result);
    if (($row['username'] != $username) || ($row['password'] != $encrypted)){
        if ((isset($_POST['user'])) && (isset($_POST['pass']))){
        $_SESSION['msg'] = 'Credentials mismatch';}
    } else {
        $_SESSION['id'] = $row['id'];
        $_SESSION['user'] = $row['username'];
    }
    mysqli_close($conn);


?>

mysky.php 

<?php 
    include 'login.php';

    if ((isset($_SESSION['id'])) && (isset($_SESSION['user'])))
    {
        include 'sky_auth.php';
    } 
    else
    {
        include 'sky_login.php';
    }

    include 'footer.php';
?>

sky_login.php 

<?php 
    $pageTitle = 'MySky Login';
    include 'header.php';
?>


<div id="cloud_box">
    <div id="cloud_title">My<span>Sky</span> Login</div>

    <form action="" name="form" method="POST" onsubmit="return IsEmpty();">

        <div id="msg"><?php if (isset($_SESSION['msg'])){
                                echo $_SESSION['msg']; 
                                unset($_SESSION); 
                                session_destroy();} ?>
        </div>

        <div id="u">
            <div id="user1">U</div>
            <input type="text" id="user" name="user"/>
            <div id="error_u"></div>
        </div>

        <div id="p">
            <div id="pass1">P</div>
            <input type="password" id="pass" name="pass"/>
            <div id="error_p"></div>
        </div>

        <button id="btn" type="submit">Login</button>

    </form>

</div>

sky_auth.php 

<?php
    if(!isset($_SESSION['id']))
    {
        header("Location: mysky.php");
        die();
    }
    $pageTitle = sprintf('MySky - %s', $_SESSION['user']);
    include 'header.php';
?>

<div id="sky_contain">

        <div id="logout"><a href="logout.php">Logout</a></div>

    </div>

</div>
相关问题
最新问题