我的会话被删除时,我要去我的网站上的一个新页面,或者这是我认为是错误的,但我不确定这一点。
我在PHP和mysql的登录系统中使用这个。
我将把代码贴在这里,如果有人想看的话,他们可以看看,也许可以看到错误在哪里。
这是index.php位于根目录(/)
<?php session_start(); ?>
<?php
include_once "Includes/Database/check_login.php";
if (login_check() == TRUE) : ?>
this is an protected page!
<?php else : ?>
<!DOCTYPE html>
<html>
<head>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"> </script>
</head>
<body>
<script>location.href='loginpage.php';</script>
</body>
<?php endif; ?>
这是位于根文件夹(/)
中的loginpage.php。<?php session_start(); // session starts with the help of this function
include_once "Includes/Database/check_login.php";
?>
<!DOCTYPE html>
<html>
<head>
<title>Hardcorefight.dk</title>
<link rel="stylesheet" href="Includes/Layout/Index/loginlayout.css" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"> </script>
</head>
<body>
<div class="fixedwebsitesize" id="fixedwebsitesize">
<div class="outerlogin" id="outerlogin">
<div class="login" id="login">
<form action="Includes/Database/login.inc.php" method="post" name="login_form"> <!-- This is the login form, that sends to login.inc.php.-->
<div class="username" id="username">
<input type="text"
name="user"
placeholder="user"
class="user_login"
/>
</div>
<div class="password" id="password">
<input type="password"
name="pass"
class="pass_login"
placeholder="Password"
/>
</div>
<div class="loginbutton" id="loginbutton" >
<input type="submit"
value="Login"
class="login_input"
/>
</div>
</form>
</div>
</div>
<div class="logoutbox"> <!-- This is an button that changes to register or log out depending if the user is logged in or not -->
<input type="button"
<?php if (login_check() == TRUE) : ?>
onclick="location.href='destroysession.php';"
value="Log Out"
<?php else : ?>
onclick="location.href='register.php';"
Value="register"
<?php endif; ?>"
class="logout_button"
/>
</div>
</div>
</body>
</html>
这是位于数据库文件夹(/Includes/Database/)中的login.inc.php它检查输入信息是否正确,并使会话。
<?php
session_start(); // session starts with the help of this function
include_once "db_connect.php"; // include the connect file to the db.
$user_input = $_POST['user']; //Get's the post['user'] from loginpage.php
$pass_input = $_POST['pass']; //Get's the post['pass'] from loginpage.php
if($result = $db_new->query("SELECT * FROM members WHERE username='$user_input'")){ // chooses the row from the DB that matches the username that the user wrote
if($result->num_rows == 1){ //verify if there only is one user with that username
$row = $result->fetch_assoc();
if(password_verify($pass_input, $row["password"])){ //verify the password if it is the right password
echo "password match";
$_SESSION['username']=$row["username"]; //makes the session with the username
$_SESSION['email']=$row["email"]; //makes the session with the email
$_SESSION['id']=$row["id"]; //makes the session with the id
$_SESSION['password']=$row["password"]; //makes the session with the password
header("Location: /index.php"); // go to index
}
else { //if password is incorrect it will echo this.
echo "password incorrect";
}
}
else{ // if user doesn't exist it will echo this
echo "user doesn't exist";
}
}
else {
die($db_new->error);
}
这是位于数据库文件夹(/Includes/Database/)中的check_login.php这将读取会话并检查信息是否与DB匹配,如果匹配则= TRUE,否则= FALSE。
<?php
function login_check(){
session_start(); // session starts with the help of this function
include_once "db_connect.php";
$id = $_SESSION['id'];
$password = $_SESSION['password'];
$username = $_SESSION['username'];
$email = $_SESSION['email'];
if(isset($id, //checks if all the sesions exist.
$password,
$username,
$email)){
if($result = $db_new->query("SELECT * FROM members WHERE username='$username'")){ //select the row that's equal the username from the session.
if ($result->num_rows == 1) { //checks if there only is 1 row with the username
$row = $result->fetch_assoc();
$db_password = $row["password"];
$db_id = $row["id"];
$db_email = $row["email"];
if ($password == $db_password) { // checks if the session password equal the DB password
if ($id == $db_id) { // checks if the session ID equal the DB ID
if ($email == $db_email) { // checks if the session email equal the DB email
//logged in
return TRUE;
} else {
//not logged in (error in email verify)
return FALSE;
}
} else {
//not logged in (error in id verify)
return FALSE;
}
} else {
//not logged in (error in password_verify)
return FALSE;
}
} else {
//not logged in (error in num_rows)
return FALSE;
}
} else {
//not logged in (error in query)
return FALSE;
}
} else {
//not logged in (error in isset)
return FALSE;
}
}
在会话中设置值后,需要在重定向用户之前调用session_write_close
。在您的login.inc.php中设置$_SESSION
数组的值后:
...
$_SESSION['id']=$row["id"]; //makes the session with the id
$_SESSION['password']=$row["password"]; //makes the session with the password
session_write_close();
header("Location: /index.php"); // go to index
...
对于会话不工作的所有麻烦表示抱歉。
我已经解决了这个问题,问题不在于编程,而在于我的PHP。
我的服务器上的主驱动器耗尽了空间,所以它无法保存任何东西,因此它无法保存会话。
感谢所有其他的反馈,它将帮助我很多,使我的代码更安全。