2
Oksy所以我一直在尋找所以我的問題的答案,但沒有找到有用的答案。登錄用戶切換到PHP會話中的另一個用戶
我的問題是,當我以用戶1身份登錄時,我可以看到用戶1信息約1-2頁,但當我去另一個頁面或刷新頁面時,我以另一個用戶(用戶2)登錄。但是,如果我以用戶2身份登錄,一切都可以。有人能幫我解決這個問題嗎?
這是我的登錄腳本。
<?php
// This is the login page for the site.
require_once ('../includes/config.inc.php');
// Set the page title and include the HTML header.
$page_title = 'Page Title';
include ('../includes/header.php');
$mysqli = mysqli_connect("localhost", "some", "some", "some");
if(isset($_SESSION['user_id'])) {
$url = BASE_URL . 'index.php'; // Define the URL.
header("Location: $url");
exit(); // Quit the script.
}
//HTML Purifier
require '../htmlpurifier/library/HTMLPurifier.auto.php';
//End HTML Purifier
if (isset($_POST['submitted'])) { // start of submit conditional.
require_once (MYSQL);
// Validate the username or email address:
if (!empty($_POST['login']) && strlen($_POST['login']) <= 255) {
$e = mysqli_real_escape_string($dbc, $purifier->purify(strip_tags($_POST['login'])));
} else if(!empty($_POST['login']) && strlen($_POST['login']) >= 256) {
$e = FALSE;
echo 'Error';
} else {
$e = FALSE;
echo 'Error';
}
// Validate the password:
if (!empty($_POST['pass']) && strlen($_POST['pass']) <= 255) {
$p = mysqli_real_escape_string($dbc, $_POST['pass']);
} else if(!empty($_POST['pass']) && strlen($_POST['pass']) >= 256) {
$p = FALSE;
echo 'Error';
} else {
$p = FALSE;
echo 'Error';
}
if(($e != FALSE) && ($p != FALSE)) { // check pass
$pass_salt = "SELECT users.password, users.salt FROM users JOIN contact_info ON contact_info.user_id = users.user_id WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.active IS NULL";
$ph = mysqli_query($dbc, $pass_salt) or trigger_error("Query: $pass_salt\n<br />MySQL Error: " . mysqli_error($dbc));
while($row = mysqli_fetch_array($ph)){
$password = $row['password'];
$salt = $row['salt'];
}
if(!empty($salt)) {
$sha512 = hash('sha512', $p . $salt);
}
if(!empty($password) == !empty($sha512)){
$user_pass = TRUE;
} else {
$user_pass = FALSE;
}
}
if(isset($user_pass) && ($user_pass == TRUE) && !empty($salt)) { // If everything's OK.
$q = "SELECT users.user_id, users.first_name, users.user_level FROM users JOIN contact_info ON contact_info.user_id = users.user_id WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.password = '" . $sha512 . "' AND users.active IS NULL";
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
if (@mysqli_num_rows($r) == 1) {
// Register the values & redirect:
$_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC);
// check if user is logged in then update the old login date
$u = "UPDATE users JOIN contact_info ON contact_info.user_id = users.user_id SET users.last_login = NOW(), users.deletion = 0, users.deletion_date = NULL WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.password = '" . $sha512 . "' AND users.active IS NULL";
// save the info to the database
$r = mysqli_query ($dbc, $u);
mysqli_free_result($r);
mysqli_close($dbc);
$url = BASE_URL . 'home/'; // Define the URL:
header("Location: $url");
exit(); // Quit the script.
} else { // No match was made.
echo 'Error';
}
} else { // If everything wasn't OK.
echo 'Error';
}
mysqli_close($dbc);
}
?>
這是我的註銷腳本。
<?php
ob_start(); // Start output buffering. // This is the logout page for the site.
session_start(); // Initialize a session.
require_once ('../includes/config.inc.php');
$page_title = 'Title';
// If no user_id session variable exists, redirect the user:
if (!isset($_SESSION['user_id'])) {
$url = BASE_URL . 'index.php'; // Define the URL.
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
} else { // Log out the user.
$_SESSION = array(); // Destroy the variables.
session_destroy(); // Destroy the session itself.
setcookie(session_name(), '', time() - 2592000, '/'); // Destroy the cookie.
}
$url = BASE_URL;
ob_end_clean();
header("Refresh: 3; $url");
include ('../includes/header.php');
$mysqli = mysqli_connect("localhost", "some", "some", "some");
include ('../includes/footer.php');
exit(); // Quit the script.
?>
這裏是我在標題中的內容。
ob_start();// Start output buffering.
session_start();// Initialize a session.
這是主頁的最頂端部分。
// Set the page title and include the HTML header.
$page_title = 'Title';
include ('../includes/header.php');
// Include the configuration file for error management and such.
require_once ('../includes/config.inc.php');
require_once ('../mysqli_connect.php'); // Connect to the db.
$mysqli = mysqli_connect("localhost", "some", "some", "some");
// If no user_id session variable exists, redirect the user:
if (!isset($_SESSION['user_id'])) {
$url = BASE_URL . 'index.php'; // Define the URL.
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
}
有多少用戶? – Shoe 2011-04-08 14:37:16
約3個活躍用戶和50個非活躍用戶。 – HELP 2011-04-08 14:38:48
@標籤,用戶1和用戶2以某種方式相關?他們都是管理員嗎?用戶2是否具有用戶ID =用戶1 - 用戶ID 1? – Shoe 2011-04-08 14:40:16