0
爲什麼我$_SESSION["products"]已經摧毀登錄後,如何保持我$_SESSION["products"]我登錄後?
產品添加到購物車登陸前。
記錄在我的車後是空的。
CODE
的login.php
<?php
ob_start();
session_start();
include 'init.php';
require_once 'config.php';
//initalize user class
$user_obj = new Cl_User();
if(!empty($_POST)){
try {
$user_obj = new Cl_User();
$data = $user_obj->login($_POST);
if(isset($_SESSION['logged_in']) && $_SESSION['logged_in']){
header('Location: home.php');
}
} catch (Exception $e) {
$error = $e->getMessage();
}
}
if(isset($_SESSION['logged_in']) && $_SESSION['logged_in']){
header('Location: home.php');
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Smart Login Page</title>
<link href='http://fonts.googleapis.com/css?family=Pacifico' rel='stylesheet' type='text/css'>
<!-- Bootstrap -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="css/font-awesome.min.css" rel="stylesheet">
<link href="css/login.css" rel="stylesheet">
<script src="js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<?php require_once 'templates/ads.php';?>
<div class="login-form">
<?php require_once 'templates/message.php';?>
<h1 class="text-center">Login</h1>
<div class="form-header">
<i class="fa fa-user"></i>
</div>
<form id="login-form" method="post" class="form-signin" role="form" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input name="email" id="email" type="email" class="form-control" placeholder="Email" autofocus>
<input name="password" id="password" type="password" class="form-control" placeholder="Password">
<button class="btn btn-block bt-login" type="submit" id="submit_btn" data-loading-text="loging in....">Login</button>
<br>
</form>
<div class="form-footer">
<div class="row">
<div class="col-xs-6 col-sm-6 col-md-6">
<i class="fa fa-lock"></i>
<a href="forget_password.php"> Forgot Password? </a>
</div>
<div class="col-xs-6 col-sm-6 col-md-6">
<i class="fa fa-check"></i>
<a href="register.php"> Sign up </a>
</div>
</div>
</div>
</div>
</div>
<!-- /container -->
<script src="js/jquery.validate.min.js"></script>
<script src="js/login.js"></script>
</body>
</html>
<?php ob_end_flush(); ?>
登錄在user.php的功能
public function login(array $data)
{
$_SESSION['logged_in'] = false;
if(!empty($data)){
// Trim all the incoming data:
$trimmed_data = array_map('trim', $data);
// escape variables for security
$email = mysqli_real_escape_string($this->_con, $trimmed_data['email']);
$password = mysqli_real_escape_string($this->_con, $trimmed_data['password']);
if((!$email) || (!$password)) {
throw new Exception(LOGIN_FIELDS_MISSING);
}
$password = md5($password);
$query = "SELECT member_id, member_display_name, member_email, member_status, roles_id FROM fm_member where member_email = '$email' and member_pwd = '$password' ";
//$query = "SELECT user_id, name, email, created, roles_id, id FROM users where email = '$email' and password = '$password'"
$result = mysqli_query($this->_con, $query);
$data = mysqli_fetch_assoc($result);
$count = mysqli_num_rows($result);
mysqli_close($this->_con);
if($count == 1){
$_SESSION = $data;
if($_SESSION['member_status'] == 'Activated') {
$_SESSION['logged_in'] = true;
return true;
} else {
throw new Exception('Your account is Deactiavted! <br> Please contact to Adminnistrator for more information.');
$_SESSION['logged_in'] = false;
}
}else{
throw new Exception(LOGIN_FAIL);
}
} else{
throw new Exception(LOGIN_FIELDS_MISSING);
}
}
cart_process.php
session_start(); //start session
include_once("config.inc.php"); //include config file
setlocale(LC_MONETARY,"en_US"); // US national format (see : http://php.net/money_format)
############# add products to session #########################
if(isset($_POST["product_code"]))
{
foreach($_POST as $key => $value){
$new_product[$key] = filter_var($value, FILTER_SANITIZE_STRING); //create a new product array
}
//we need to get product name and price from database.
$statement = $mysqli_conn->prepare("SELECT fm_product.p_name, fm_product.p_price, fm_product.p_member_id, fm_product.p_discount, fm_member.member_display_name, fm_member.member_payment, fm_product_image.img_1, shipping_cost.shipping_register,
shipping_cost.shipping_normal, shipping_cost.shipping_ems FROM fm_product LEFT JOIN fm_member ON fm_member.member_id = fm_product.p_member_id LEFT JOIN fm_product_image ON fm_product_image.p_id_img = fm_product.p_id LEFT JOIN shipping_cost ON shipping_cost.shipping_vendor = fm_member.member_id WHERE p_id=?");
$statement->bind_param('s', $new_product['product_code']);
$statement->execute();
$statement->bind_result($product_name, $product_price, $p_member_id, $p_discount, $member_display_name, $member_payment, $img_1, $shipping_register, $shipping_normal,$shipping_ems);
while($statement->fetch()){
$new_product["p_name"] = $product_name; //fetch product name from database
$new_product["p_price"] = $product_price;
$new_product["p_member_id"] = $p_member_id;
$new_product["p_discount"] = $p_discount;
$new_product["member_display_name"] = $member_display_name;
$new_product["member_payment"] = $member_payment;
$new_product["img_1"] = $img_1;
$new_product["shipping_register"] = $shipping_register;
$new_product["shipping_normal"] = $shipping_normal;
$new_product["shipping_ems"] = $shipping_ems;
//fetch product price from database
if(isset($_SESSION["products"])){ //if session var already exist
if(isset($_SESSION["products"][$new_product['product_code']])) //check item exist in products array
{
unset($_SESSION["products"][$new_product['product_code']]); //unset old item
}
}
$_SESSION["products"][$new_product['product_code']] = $new_product; //update products with new item array
}
$total_items = count($_SESSION["products"]); //count total items
die(json_encode(array('items'=>$total_items))); //output json
}
################## list products in cart ###################
if(isset($_POST["load_cart"]) && $_POST["load_cart"]==1)
{
if(isset($_SESSION["products"]) && count($_SESSION["products"])>0){ //if we have session variable
$cart_box = '<ul class="cart-products-loaded">';
$total = 0;
foreach($_SESSION["products"] as $product){ //loop though items and prepare html content
//set variables to use them in HTML content below
$product_name = $product["p_name"];
if(!empty($product["p_discount"]))
{
$product_price = $product["p_discount"];
} else if(empty($product["p_discount"])) {
$product_price = $product["p_price"];
}
$product_code = $product["product_code"];
$p_member_id = $product["p_member_id"];
$member_display_name = $product["member_display_name"];
$member_payment = $product["member_payment"];
$product["product_qty"] = 1;
$product_qty = $product["product_qty"];
$cart_box .= "<li>$product_name — Price ".$product_price." x ".$product_qty." = ".sprintf($product_qty * $product_price)."<a href=\"javascript:void(0);\" class=\"remove-item\" data-code=\"$product_code\">×</a></li>";
$subtotal = ($product_price * $product_qty);
$total = ($total + $subtotal);
}
$cart_box .= "</ul>";
$cart_box .= '<div class="cart-products-total" style="border-top: 1px solid #C0C0C0;">'.$quantity.'Total : '.sprintf($total).'<a href="check_out.php" title="Review Cart and Check-Out" style="margin-left: 10px;"><u>Check Out</u></a></div>';
die($cart_box); //exit and output content
}else{
die("Empty Cart!"); //we have empty cart
}
}
編輯
home.php添加
<?php
session_start();
include('connect.php');
$ID = $_SESSION['member_id'];
if(!isset($_SESSION['logged_in'])){
header('Location: index.php');
}
?>
<?php require_once 'templates/header.php';?>
<?php if($_SESSION['roles_id']=='1') { ?>
<div class="content">
<div class="container">
<div class="col-md-8 col-sm-8 col-xs-12">
<br>
<h1 class="text-center"> Admin Page </h1>
<br>
</div>
<?php require_once 'templates/sidebar.php';?>
</div>
</div> <!-- /container -->
<?php } else if($_SESSION['roles_id']=='2') { ?>
<div class="content">
<div class="container">
<div class="col-md-8 col-sm-8 col-xs-12">
<br>
<h1 class="text-center"> User Page </h1>
<br>
</div>
<?php require_once 'templates/sidebar.php';?>
</div>
</div> <!-- /container -->
<?php } ?>
儘管您應該使用Prepared Statements進行considder而不是'mysqli_real_escape_string()',但我沒有看到任何原因導致該代碼會破壞會話。儘管如此,代碼重定向到'home.php',問題可能出在那個之上。你能用它更新你的問題嗎? – icecub
@icecub'home.php'添加 –
另外:使用MD5上的在線商店散列密碼加密是一個非常糟糕的主意。您正在處理敏感的私人客戶數據,例如他們的付款細節。如果你在某個時候遭到黑客入侵,並且將會發生md5,那麼當你的腳本不安全時,沒有任何保險可以爲你掩護。但是,這只是一個尖 – icecub