我为用户设置了一个访问文档请求表单的基本登录。它工作得很好,除了我第一次登录。第一次,我被重定向到正确的页面,其中$_GET变量清楚地显示登录成功,但会话已被杀死/重新生成,因此它包含登录表单而不是帐户页面。它只在我打开浏览器后第一次登录时发生。
这已经让我头疼好几天了。我有session_start();在所有内容之前,在header之前没有发送任何内容,所以我不明白。代码如下:
partner_login.php
<?php session_start();
$_SESSION['logtoken']=sha1(microtime('get_as_float'));
$_SESSION['reqtoken']=sha1(microtime('get_as_float'));
//I set some text vars here
if(isset($_SESSION['loginsuccess'])&&($_SESSION['loginsuccess']=="1")){
include_once('sqlconnect.php');
$thisuser=$_SESSION['username'];
$query="SELECT * FROM userinfo WHERE username='$thisuser'";
$result=$mysqli->query($query);
$row = $result->fetch_assoc();
$firstname=$row['firstname'];
$lastname=$row['lastname'];
}
$thiscontent=(isset($_SESSION['loginsuccess'])&&$_SESSION['loginsuccess']=="1")?include('account.php'):include('loginform.php');
$insideCONTENTHOLDER="
<div id='CONTENT' style='width:741px;min-height:800px;background-color:white;float:right;border-right:4px solid #a0a0a0;border-top:4px solid #a0a0a0;padding:20px;'>
".$txt['TITLE']."<p>".$txt['TEXT']."<p>".$thiscontent."</div><!--END CONTENT DIV-->";
include_once('template.php');
?>
logingate.php
<?php session_start();
if (!isset($_SESSION['logtoken'])||!isset($_POST['token'])||(empty($_SESSION['logtoken']))||(empty($_POST['token']))||($_SESSION['logtoken'] != $_POST['token'])) {
$_SESSION['loginsuccess'] = "0";
header( "Location: partner_login.php?loginfail=1&err=6" );//err 6 == session token!=post token
}
elseif (!isset($_POST['username']) || !isset($_POST['password'])) {
header( "Location: partner_login.php?loginfail=1&err=0" );//err 0 == one of them was not set
}
elseif (empty($_POST['username']) || empty($_POST['password'])) {
header( "Location: partner_login.php?loginfail=1&err=00" );//err 00 == one of them was empty
}
else{
//connect to database $db, char set UTF_8
include_once('sqlconnect.php');
//sql injection protect
function clean($thisvar){
$thisvar=$mysqli->real_escape_string($thisvar);
return $thisvar;
}
//escape all input
$user = $mysqli->real_escape_string($_POST['username']);
$pass = $mysqli->real_escape_string($_POST['password']);
//salt and hash password from table
$query="SELECT * FROM userinfo WHERE username='$user'";
$result1=$mysqli->query($query);
$row = $result1->fetch_assoc();
$passhash = sha1($pass.$row['salt']);
//check that at least one row was returned
$query2="SELECT * FROM userinfo WHERE username='$user' and passwordhash='$passhash'";
$result=$mysqli->query($query2);
$rowCheck = $result->num_rows;
if($rowCheck > 0){
//session variables
$_SESSION['username'] = $user;
$_SESSION['loginsuccess'] = "1";
header( "Location: partner_login.php?lsuccess=1&user=$user" );
}
else {
header( "Location: partner_login.php?loginfail=1&err=9" ); //err 9 == username and password don't match in table
}
}
?>
下面是phpinfo()关于session的部分:
会话支持启用已注册的保存处理程序文件用户sqlite
注册序列化程序处理程序php php_binary wddx指令本地值主值会话。auto_start Off关闭会话。bug_compat_42 On开启会话。bug_compat_warn On开启会话。Cache_expire 180 180会话。cache_limitter nocache
会话。Cookie_domain无值无值
会话。cookie_httponly Off关闭会话。Cookie_lifetime 0 0
会话。Cookie_path//session。cookie_secure关闭关闭
会话。Entropy_file无值会话。Entropy_length 0 0
会话。Gc_divisor 100 100会话。Gc_maxlifetime 1440 1440
会话。Gc_probability 1会话。Hash_bits_per_character 4 4
会话。hash_function 0 0 session.name PHPSESSID PHPSESSID
会话。Referer_check no value no value
会话。Save_handler files文件会话。Save_path/tmp/tmp
会话。Serialize_handler PHP PHP会话。use_cookies On On
会话。use_only_cookies Off关闭会话。Use_trans_sid 0 0
谢谢你的帮助!
我曾经有过一个类似的问题,它下来,会话不从"www"传递到没有"www"。因此,为了解决这个问题,用www将所有用户重定向到您的网站。或者在加载页面的其余部分之前没有WWW。
希望对大家有所帮助
使用下面的代码到您的第一个出现的页面,如第一行index.php
session_start();