1. 首頁
  2. 問答
  3. 登錄用戶切換到PHP會話中的另一個用戶

登錄用戶切換到PHP會話中的另一個用戶

2011-04-08 111 views
2

Oksy所以我一直在尋找所以我的問題的答案,但沒有找到有用的答案。登錄用戶切換到PHP會話中的另一個用戶

我的問題是,當我以用戶1身份登錄時,我可以看到用戶1信息約1-2頁,但當我去另一個頁面或刷新頁面時,我以另一個用戶(用戶2)登錄。但是,如果我以用戶2身份登錄,一切都可以。有人能幫我解決這個問題嗎?

這是我的登錄腳本。

<?php 
// This is the login page for the site. 
require_once ('../includes/config.inc.php'); 
// Set the page title and include the HTML header. 
$page_title = 'Page Title'; 
include ('../includes/header.php'); 

$mysqli = mysqli_connect("localhost", "some", "some", "some"); 

if(isset($_SESSION['user_id'])) { 

    $url = BASE_URL . 'index.php'; // Define the URL. 
    header("Location: $url"); 
    exit(); // Quit the script. 
} 

//HTML Purifier 
require '../htmlpurifier/library/HTMLPurifier.auto.php'; 
//End HTML Purifier 

if (isset($_POST['submitted'])) { // start of submit conditional. 
    require_once (MYSQL); 

    // Validate the username or email address: 
    if (!empty($_POST['login']) && strlen($_POST['login']) <= 255) { 
     $e = mysqli_real_escape_string($dbc, $purifier->purify(strip_tags($_POST['login']))); 
    } else if(!empty($_POST['login']) && strlen($_POST['login']) >= 256) { 
     $e = FALSE; 
     echo 'Error'; 
    } else {  
     $e = FALSE; 
     echo 'Error'; 
    } 

    // Validate the password: 
    if (!empty($_POST['pass']) && strlen($_POST['pass']) <= 255) { 
     $p = mysqli_real_escape_string($dbc, $_POST['pass']); 
    } else if(!empty($_POST['pass']) && strlen($_POST['pass']) >= 256) { 
     $p = FALSE; 
     echo 'Error'; 
    } else { 
     $p = FALSE; 
     echo 'Error'; 
    } 

    if(($e != FALSE) && ($p != FALSE)) { // check pass 
     $pass_salt = "SELECT users.password, users.salt FROM users JOIN contact_info ON contact_info.user_id = users.user_id WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.active IS NULL"; 
     $ph = mysqli_query($dbc, $pass_salt) or trigger_error("Query: $pass_salt\n<br />MySQL Error: " . mysqli_error($dbc)); 

     while($row = mysqli_fetch_array($ph)){ 
      $password = $row['password']; 
      $salt = $row['salt']; 
     } 

     if(!empty($salt)) { 
      $sha512 = hash('sha512', $p . $salt); 
     } 

     if(!empty($password) == !empty($sha512)){ 
      $user_pass = TRUE; 
     } else { 
      $user_pass = FALSE; 
     } 
    } 

    if(isset($user_pass) && ($user_pass == TRUE) && !empty($salt)) { // If everything's OK. 
     $q = "SELECT users.user_id, users.first_name, users.user_level FROM users JOIN contact_info ON contact_info.user_id = users.user_id WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.password = '" . $sha512 . "' AND users.active IS NULL";   
     $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); 

     if (@mysqli_num_rows($r) == 1) { 

      // Register the values & redirect: 
      $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); 
      // check if user is logged in then update the old login date 
      $u = "UPDATE users JOIN contact_info ON contact_info.user_id = users.user_id SET users.last_login = NOW(), users.deletion = 0, users.deletion_date = NULL WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.password = '" . $sha512 . "' AND users.active IS NULL"; 
      // save the info to the database 
      $r = mysqli_query ($dbc, $u); 
      mysqli_free_result($r); 
      mysqli_close($dbc); 

      $url = BASE_URL . 'home/'; // Define the URL: 
      header("Location: $url"); 
      exit(); // Quit the script. 

     } else { // No match was made. 
      echo 'Error'; 
     } 

    } else { // If everything wasn't OK. 
     echo 'Error'; 
    } 
    mysqli_close($dbc); 
} 
?>

這是我的註銷腳本。

<?php 
ob_start(); // Start output buffering. // This is the logout page for the site. 
session_start(); // Initialize a session. 

require_once ('../includes/config.inc.php'); 
$page_title = 'Title'; 

// If no user_id session variable exists, redirect the user: 
if (!isset($_SESSION['user_id'])) { 

    $url = BASE_URL . 'index.php'; // Define the URL. 
    ob_end_clean(); // Delete the buffer. 
    header("Location: $url"); 
    exit(); // Quit the script. 

} else { // Log out the user. 

    $_SESSION = array(); // Destroy the variables. 
    session_destroy(); // Destroy the session itself. 
    setcookie(session_name(), '', time() - 2592000, '/'); // Destroy the cookie. 

} 

$url = BASE_URL; 
ob_end_clean(); 
header("Refresh: 3; $url"); 
include ('../includes/header.php'); 

$mysqli = mysqli_connect("localhost", "some", "some", "some"); 

include ('../includes/footer.php'); 
exit(); // Quit the script. 
?>

這裏是我在標題中的內容。

ob_start();// Start output buffering. 
session_start();// Initialize a session.

這是主頁的最頂端部分。

// Set the page title and include the HTML header. 
$page_title = 'Title'; 
include ('../includes/header.php'); 

// Include the configuration file for error management and such. 
require_once ('../includes/config.inc.php'); 
require_once ('../mysqli_connect.php'); // Connect to the db. 

$mysqli = mysqli_connect("localhost", "some", "some", "some"); 

// If no user_id session variable exists, redirect the user: 
if (!isset($_SESSION['user_id'])) { 

    $url = BASE_URL . 'index.php'; // Define the URL. 
    ob_end_clean(); // Delete the buffer. 
    header("Location: $url"); 
    exit(); // Quit the script. 
}

來源

2011-04-08 HELP

+0

有多少用戶? – Shoe 2011-04-08 14:37:16

+0

約3個活躍用戶和50個非活躍用戶。 – HELP 2011-04-08 14:38:48

+0

@標籤,用戶1和用戶2以某種方式相關?他們都是管理員嗎?用戶2是否具有用戶ID =用戶1 - 用戶ID 1? – Shoe 2011-04-08 14:40:16

回答

1

的一個問題,我想我看到的是,如果user1和user2兩個具有相同的電子郵件地址和密碼相同,你會發現在登錄他們倆。

...WHERE 
    (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') 
AND 
    users.password = '" . $sha512 . "' 
AND 
    users.active IS NULL"

這可能不是你的問題儘管如此,應該立即顯示,而不是在刷新頁面後顯示,但您可能需要考慮。

來源

2011-04-08 16:09:45 eykanal

相關問題

 相關問題