1. 首頁
  2. 問答
  3. 會話不會保存任何變量

會話不會保存任何變量

2017-08-09 140 views
-2

我有一個登錄問題,它檢查html表單,它的信息是正確的,它會登錄到登錄頁面。我在登錄頁面上設置用戶名和用戶ID信息被檢查後,但服務器似乎不會保存信息。奇怪的是,如果我註銷,然後使用該網站的運作登錄上註冊,登錄我檢查信息然後設置用戶名到一個變量然後做會話不會保存任何變量

if(empty($_SESSION['username'])) 
{ 
    echo "Somthing went wrong"; 
    echo '<META HTTP-EQUIV="Refresh" Content="0; URL=logout.php">'; 
}

的用戶名等,但一旦我去這個不會再次觸發該網站第一次在一段時間內我需要查看註銷頁面之前,我可以註銷即使我沒有登錄,當然註銷只會破壞會話。

if (isset($_POST["Username"]) && !empty($_POST["Username"])) {      

    $salt= ""; 

    $username23 = mysql_real_escape_string($_POST['Username']); 
    $thereusername = strip_tags($username23); 

    $password2= sha1 ($salt.$_POST["password"]); 

    $statement = $db->prepare("SELECT * FROM users WHERE username = ? AND password = ? "); 
    $statement->execute(array($thereusername,$password2)); 
    $count = $statement->rowCount(); 

    /// If usernam and password match we carry on 
    if ($count == "1"){ 

     $username23 = mysql_real_escape_string($_POST['Username']); 
     $thereusername = strip_tags($username23); 

     $statement8 = $db->prepare("SELECT * FROM users WHERE username = ? "); 
     $statement8->execute(array($thereusername)); 
     $count8 = $statement8->fetch(); 

     $username233 = mysql_real_escape_string($count8['id']); 
     $_SESSION['userid'] = strip_tags($username233); 



     $_SESSION['username'] = $thereusername ; 



     if(empty($_SESSION['username'])){ 

      echo "Somthing went wrong"; 
      echo '<META HTTP-EQUIV="Refresh" Content="0; URL=logout.php">'; 
     } 

     if(empty($_SESSION['userid'])) 
     { 
      echo "Somthing went wrong"; 
      echo '<META HTTP-EQUIV="Refresh" Content="0; URL=logout.php">'; 
     } 

     echo "You are now being logged in"; 

     echo '<META HTTP-EQUIV="Refresh" Content="0; URL=dashboard.php">';  
     exit; 

     echo "works"; 

    } 
}; 
?> 


<form action="login.php" method="post"> 
    <div class="row"> 
     <div class="form-group col-sm-6"> 
      <label for="exampleInputEmail1">Username</label> 
      <input class="form-control" type="text" value="Artisanal kale" name= "Username" id="Username"> 
     </div> 

     <div class="form-group col-sm-6"> 
      <label for="exampleInputPassword1">Password</label> 
      <input type="password" class="form-control" name= "password" id="password"placeholder="Password"> 
     </div> 
    </div> 
    <div class="row"> 
     <div class="col-sm-4"> 
      <p>  <input type="submit" value="Submit" class="btn theme-btn"> </p> 
     </div> 
    </div> 
</form>

我當然是在頁面的頂部使用會話開始後,我登錄它帶我到登錄頁面,但不會顯示用戶名或任何信息香港專業教育學院做了print_r的會議,並得到陣列()我然後去logout.php和登錄和所有作品完美的服務器錯誤或PHP錯誤?

來源

2017-08-09 shadow

+3

1.不要混合'mysql'和PDO。 2.不要編寫自己的密碼哈希邏輯,而應使用'password_hash()'。 3.用'session_start()'開始你的腳本。 – jeroen

+0

session_start()位於頁面頂部:)總是被告知要在所有內容之前將其添加到頂端 – shadow

+0

我覺得奇怪的是我註銷/破壞了會話並且所有工作都正常 – shadow

回答

0

首先,不要做你自己的密碼salt/encrypt,你需要使用password_hash()來保存密碼哈希和password_verify()(或者等價的bcrypt)來檢查哈希密碼vs提交的密碼。其次,如上所述,您需要專門使用PDO。最後,您需要製作一些課程,以使您的腳本更易於管理並且更容易排除故障。這更復雜,因爲有很多部分需要實現,但這是一個基本的例子,您應該在哪裏進行登錄等。我會建議,如果你不瞭解大部分內容,你可能應該下載一個框架,因爲這種類型的事情很複雜,無法做到這一點。框架有這一切都建立在,你只需要編寫腳本的最高層,大部分...

/core/classes/App.php

class App 
    { 
     # Storage of global arrays 
     protected static $GlobalArray = array(); 
     # Returns post trimmed POST array 
     public function getPost($key=false) 
      { 
       if(!isset(self::$GlobalArray['_POST'])) 
        self::$GlobalArray['_POST'] = $this->sanitizeArray($_POST); 

       if(!empty($key)) 
        return (isset(self::$GlobalArray['_POST'][$key]))? self::$GlobalArray['_POST'][$key] : false; 

       return self::$GlobalArray['_POST']; 
      } 
     # Trims the values 
     public function sanitizeArray($array) 
      { 
       if(!is_array($array)) 
        return trim($array); 

       foreach($array as $key => $value) { 
        $array[$key] = $this->sanitizeArray($value); 
       } 

       return $array; 
      } 
    }

/芯/類/ user.php的

class User extends App 
    { 
     private $con; 
     public function __construct(\PDO $con) 
      { 
       $this->con = $con; 
      } 

     public function savePassword($username,$password) 
      { 
       # Create the password hash 
       $hash = password_hash($password); 
       # Prepare the query and store password hash 
       $query = $this->con->prepare("UPDATE users SET `password` = ? WHERE `username` = ?"); 
       $query->execute(array($username,$password)); 

       return $this; 
      } 

     public function validateUser($username,$password) 
      { 
       # Prepare the query to get the user 
       $query = $this->con->prepare("SELECT * FROM users WHERE `username` = ? LIMIT 1"); 
       $query->execute(array($username)); 
       # Assign password 
       $user = $query->fetch(\PDO::FETCH_ASSOC); 
       if(empty($user['password'])) 
        return false; 
       # Match hash to password 
       if(!password_verify($password,$user['password'])) 
        return false; 
       # Return the user data 
       return $user; 
      } 
    }

/core/classes/Session.php

class Session extends App 
    { 
     public function toSession($array) 
      { 
       foreach($array as $key => $value) { 
        $_SESSION[$key] = $value; 
       } 
      } 
     # Save to errors array 
     public function toError($array) 
      { 
       foreach($array as $key => $value) { 
        $_SESSION['errors'][$key] = $value; 
       } 
      } 
     # Get error 
     public function getError($key=false) 
      { 
       if(!empty($key)) 
        return (isset($_SESSION['errors'][$key]))? $_SESSION['errors'][$key] : false; 

       return (isset($_SESSION['error']))? $_SESSION['error'] : false; 
      } 
     # Get value 
     public function get($key=false) 
      { 
       if(!empty($key)) 
        return (isset($_SESSION[$key]))? $_SESSION[$key] : false; 

       return (isset($_SESSION))? $_SESSION : false; 
      } 

     public function start() 
      { 
       session_start(); 
      } 

     public function destroy($key=false) 
      { 
       if(!empty($key)) { 
        if(isset($_SESSION[$key])) { 
         $_SESSION[$key] = null; 
         unset($_SESSION[$key]); 
        } 
       } 
       else { 
        session_destroy(); 
       } 
      } 
    }

/config.php

# Create important defines 
define('DS',DIRECTORY_SEPARATOR); 
define('ROOT_DIR',__DIR__); 
define('CORE',ROOT_DIR.DS.'core'); 
define('CLASSES',CORE.DS.'classes'); 
define('FUNCTIONS',ROOT_DIR.DS.'functions'); 
# A class autoloader is a must... 
spl_autoload_register(function($class){ 
    $path = str_replace(DS.DS,DS,CLASSES.DS.str_replace('\\',DS,$class).'.php'); 
    if(is_file($path)) 
     include_once($path); 
}); 
# Include connection 
include(FUNCTIONS.DS.'functions.php'); 
# Create connection 
$db = mysqlconnect(); 
# Start the session 
$Session = new Session(); 
$Session->start();

/login.php

# Add our config file 
require_once(__DIR__.DIRECTORY_SEPARATOR.'config.php'); 
# Create application 
$App = new User($db); 
# Check if submission login 
if(!empty($App->getPost("Username"))) { 
    # Get the user array (returns on validated) 
    $User = $App->validateUser($App->getPost("Username"),$App->getPost("password")); 
    # If user is valid 
    if($User){ 
     $Session->toSession(array(
      'userid'=>$User['id'], 
      'username'=>$User['username'] 
     )); 
     # Redirect & stop 
     header('Location: dashboard.php'); 
     exit; 
    } 
    else { 
     # Store the error 
     $Session->toError(array("invalid_login"=>"Invalid username or password")); 
     # Redirect to error or whatever... 
    } 
}

我還沒有真正確認這一點,但我注意到,讓你知道什麼做什麼(或者應該這樣做)。您希望始終在每個頂級頁面的頂部包含config.php以保持一致性。使用print_r($Session->get());查看會話數組。另外請注意,如果您沒有正確保存密碼散列,密碼檢查將不起作用。

來源

2017-08-09 05:03:06 Rasclatt

相關問題

 相關問題