这是我的登录表单,我想登录我的项目,但是在输入用户ID和密码会话后,未创建并且项目未运行,并且在网络`{“ id”中收到响应:“ 1”,“用户名” :“ admin”,“ login_type”:“ LOGIN_TRACKING”},我将在此处共享session.php文件,其中编写了有关登录会话的代码
include ('../init.php');
include ('fn_common.php');
include ('../tools/email.php');
loadLanguage($gsValues['LANGUAGE']);
header('Content-Type: application/json');
if(@$_POST['cmd'] == 'session_check')
{
checkUserSession();
if (checkUserSession2() == true)
{
echo 'true';
}
else
{
echo 'false';
}
die;
}
if(@$_POST['cmd'] == 'login')
{
$username = strtolower($_POST["username"]);
$password = $_POST["password"];
$remember_me = $_POST["remember_me"];
$mobile = $_POST["mobile"];
// check failed logins limit
$q = "SELECT * FROM `gs_user_failed_logins` WHERE `ip`='".$_SERVER['REMOTE_ADDR']."' AND dt_login > DATE_SUB(UTC_TIMESTAMP(), INTERVAL 10 MINUTE)";
$r = mysqli_query($ms, $q);
$count = mysqli_num_rows($r);
if ($count >= 10)
{
echo 'ERROR_MANY_FAILED_LOGIN_ATTEMPTS';
//write log
writeLog('user_access', 'User login: too many failed login attempts. Username: "'.$username.'"');
}
else
{
$q = "SELECT * FROM `gs_users` WHERE `username`='".$username."' AND `password`='".md5($password)."' LIMIT 1";
$r = mysqli_query($ms, $q);
if ($row = mysqli_fetch_array($r))
{
if ($row['active'] == 'true')
{
if ($remember_me == 'true')
{
setUserSessionHash($row['id']);
}
// reset session array
$_SESSION = array();
setUserSession($row['id']);
setUserSessionSettings($row['id']);
setUserSessionCPanel($row['id']);
if (($gsValues['PAGE_AFTER_LOGIN'] == 'cpanel') && ($_SESSION["cpanel_privileges"] != false))
{
echo 'LOGIN_CPANEL';
}
else
{
echo json_encode(array('id' => $row['id'],'username' => $row['username'],'login_type' => 'LOGIN_TRACKING')); die;
}
//write log
writeLog('user_access', 'User login: successful');
//update user usage
updateUserUsage($row['id'], 1, false, false, false);
}
else
{
echo 'ERROR_ACCOUNT_LOCKED';
//write log
writeLog('user_access', 'User login: account locked. Username: "'.$username.'"');
}
}
else
{
// insert failed login
$q = "INSERT INTO `gs_user_failed_logins` (`ip`, `dt_login`) VALUES ('".$_SERVER['REMOTE_ADDR']."','".gmdate("Y-m-d H:i:s")."')";
$r = mysqli_query($ms, $q);
echo 'ERROR_USERNAME_PASSWORD_INCORRECT';
//write log
writeLog('user_access', 'User login: unsuccessful. Username: "'.$username.'"');
}
}
die;
}