Oksy所以我一直在寻找我的问题的答案,但没有找到有用的答案。
我的问题是,当我以用户1身份登录时,我可以看到大约1-2页的用户1信息,但当我转到另一个页面或刷新页面时,我以另一个用户(用户2)登录。但如果我以用户2身份登录,一切都还可以。有人可以帮我解决这个问题吗?
这是我的登录脚本。
<?php
// This is the login page for the site.
require_once ('../includes/config.inc.php');
// Set the page title and include the HTML header.
$page_title = 'Page Title';
include ('../includes/header.php');
$mysqli = mysqli_connect("localhost", "some", "some", "some");
if(isset($_SESSION['user_id'])) {
$url = BASE_URL . 'index.php'; // Define the URL.
header("Location: $url");
exit(); // Quit the script.
}
//HTML Purifier
require '../htmlpurifier/library/HTMLPurifier.auto.php';
//End HTML Purifier
if (isset($_POST['submitted'])) { // start of submit conditional.
require_once (MYSQL);
// Validate the username or email address:
if (!empty($_POST['login']) && strlen($_POST['login']) <= 255) {
$e = mysqli_real_escape_string($dbc, $purifier->purify(strip_tags($_POST['login'])));
} else if(!empty($_POST['login']) && strlen($_POST['login']) >= 256) {
$e = FALSE;
echo 'Error';
} else {
$e = FALSE;
echo 'Error';
}
// Validate the password:
if (!empty($_POST['pass']) && strlen($_POST['pass']) <= 255) {
$p = mysqli_real_escape_string($dbc, $_POST['pass']);
} else if(!empty($_POST['pass']) && strlen($_POST['pass']) >= 256) {
$p = FALSE;
echo 'Error';
} else {
$p = FALSE;
echo 'Error';
}
if(($e != FALSE) && ($p != FALSE)) { // check pass
$pass_salt = "SELECT users.password, users.salt FROM users JOIN contact_info ON contact_info.user_id = users.user_id WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.active IS NULL";
$ph = mysqli_query($dbc, $pass_salt) or trigger_error("Query: $pass_salt\n<br />MySQL Error: " . mysqli_error($dbc));
while($row = mysqli_fetch_array($ph)){
$password = $row['password'];
$salt = $row['salt'];
}
if(!empty($salt)) {
$sha512 = hash('sha512', $p . $salt);
}
if(!empty($password) == !empty($sha512)){
$user_pass = TRUE;
} else {
$user_pass = FALSE;
}
}
if(isset($user_pass) && ($user_pass == TRUE) && !empty($salt)) { // If everything's OK.
$q = "SELECT users.user_id, users.first_name, users.user_level FROM users JOIN contact_info ON contact_info.user_id = users.user_id WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.password = '" . $sha512 . "' AND users.active IS NULL";
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
if (@mysqli_num_rows($r) == 1) {
// Register the values & redirect:
$_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC);
// check if user is logged in then update the old login date
$u = "UPDATE users JOIN contact_info ON contact_info.user_id = users.user_id SET users.last_login = NOW(), users.deletion = 0, users.deletion_date = NULL WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.password = '" . $sha512 . "' AND users.active IS NULL";
// save the info to the database
$r = mysqli_query ($dbc, $u);
mysqli_free_result($r);
mysqli_close($dbc);
$url = BASE_URL . 'home/'; // Define the URL:
header("Location: $url");
exit(); // Quit the script.
} else { // No match was made.
echo 'Error';
}
} else { // If everything wasn't OK.
echo 'Error';
}
mysqli_close($dbc);
}
?>
这是我的退出脚本。
<?php
ob_start(); // Start output buffering. // This is the logout page for the site.
session_start(); // Initialize a session.
require_once ('../includes/config.inc.php');
$page_title = 'Title';
// If no user_id session variable exists, redirect the user:
if (!isset($_SESSION['user_id'])) {
$url = BASE_URL . 'index.php'; // Define the URL.
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
} else { // Log out the user.
$_SESSION = array(); // Destroy the variables.
session_destroy(); // Destroy the session itself.
setcookie(session_name(), '', time() - 2592000, '/'); // Destroy the cookie.
}
$url = BASE_URL;
ob_end_clean();
header("Refresh: 3; $url");
include ('../includes/header.php');
$mysqli = mysqli_connect("localhost", "some", "some", "some");
include ('../includes/footer.php');
exit(); // Quit the script.
?>
这就是我在标题中所拥有的。
ob_start();// Start output buffering.
session_start();// Initialize a session.
这是主页的最上部。
// Set the page title and include the HTML header.
$page_title = 'Title';
include ('../includes/header.php');
// Include the configuration file for error management and such.
require_once ('../includes/config.inc.php');
require_once ('../mysqli_connect.php'); // Connect to the db.
$mysqli = mysqli_connect("localhost", "some", "some", "some");
// If no user_id session variable exists, redirect the user:
if (!isset($_SESSION['user_id'])) {
$url = BASE_URL . 'index.php'; // Define the URL.
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
}
答案 0 :(得分:1)
我认为我看到的一个问题是,如果user1和user2都有相同的电子邮件地址和相同的密码,您将同时登录。
...WHERE
(contact_info.email = '" . $e . "' OR users.username = '" . $e . "')
AND
users.password = '" . $sha512 . "'
AND
users.active IS NULL"
这可能不是你的问题,因为它应该立即显示,而不是在刷新页面后显示,但你可能想要考虑它。