我正在创建一个需要登录才能做任何事情的网站,流程如下:
- 用户输入用户名和密码,点击"登录"
- 用户名和密码发送到JavaScript页面jQuery ajax到另一个php页面处理
- PHP脚本处理请求并设置会话变量(' user_logged_in ')为"1"或"0"
- 根据返回的内容,页面将重新定位到索引页或显示消息
我的问题是,我使用配置文件来确定用户是否使用此会话变量登录,但由于某种原因(尽管变量设置为1),页面仍然说它不是,代码如下:
主登录页面:
<?php
require_once 'login_config.php';
$alert = false;
if (isset($_GET['alert']) && $_GET['alert'] == "1")
{
$alert=true;
}
//$_SESSION['user_logged_in'] = false;
//if ($_SESSION['user_logged_in'] == true)
//{
// header("Location: /");
//}
?>
<!DOCTYPE html>
<html>
<head>
<title>GWSAM » Login</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
<link rel="stylesheet" href="styles/login_style.css" />
<script src="scripts/login/jquery.login.ajax.js"></script>
</head>
<body class="container-fluid">
<div class="row">
<div class="col-sm-3"></div>
<div class="col-sm-6">
<h1>GWSAM » Login</h1>
<?php if ($alert) { ?><p style="text-align: center;" class="alert alert-danger">You must login to access this.</p><?php } ?>
<table class="table table-condensed table-bordered table-striped">
<tr>
<td>
<label for="username">Username</label>
</td>
<td>
<input type="text" name="username" placeholder="Username" class="form-control" id="username" />
</td>
</tr>
<tr>
<td>
<label for="password">Password</label>
</td>
<td>
<input type="password" name="password" placeholder="Password" class="form-control" id="password" />
</td>
</tr>
<tr>
<td colspan="2">
<input type="hidden" id="http-host" value="<?=$_SERVER['HTTP_HOST']; ?>" />
<button id="login" class="form-control btn btn-primary">Login</button>
</td>
</tr>
</table>
<div class="row">
<div class="col-sm-12"id="loading"></div>
</div>
</div>
<div class="col-sm-3"></div>
</div>
</body>
</html>
<?=var_dump($_SESSION);?>
JavaScript jQuery ajax页面:
$( document ).ready( function ()
{
$( "#login" ).on( "click", function ()
{
$.ajax( {
url: "/scripts/login/files/login.php?username=" + $( "#username" ).val() + "&password=" + $( "#password" ).val(),
type: "GET",
success: function ( R )
{
if ( R == "true" )
{
document.write( '<meta http-equiv="refresh" content="0;URL='''+$("#http-host").val()+'''" />' );
window.location.href = $( "#http-host" ).val();
return false;
//$( "#loading" ).html( '<meta http-equiv="refresh" content="0; URL=index.php" />' );
//window.location.href = "index.php";
//return;
}
$( "#loading" ).html( R );
},
beforeSend: function ()
{
$( "#loading" ).html( '<p class="alert alert-info" style="text-align: center;">Logging in, please wait.<br /><img src="http://www.iggadget.com/assets/images/loader-1.gif" alt="spinner.gif" height="30" width="30" /></p>' );
}
} )
} );
} );
Ajax页面:<?php
require_once '../../../login_config.php';
function Login($username, $password)
{
global $link;
while ($result = mysqli_fetch_assoc($link->query("SELECT `username`, `password`, `active` FROM `users` WHERE `username`='{$username}';")))
{
if ($result['active'] == "NO")
{
print '<p class="alert alert-danger" style="text-align: center;">User''s account has been deactived, please contact your network admin</p>';
$_SESSION['user_logged_in'] = "0";
return false;
}
if ($password == $result['password'])
{
$_SESSION['user_logged_in'] = "1";
return true;
}
}
$_SESSION['user_logged_in'] = "0";
return false;
}
print Login($_REQUEST['username'], $_REQUEST['password']) ? 'true' : '<p class="alert alert-warning" style="text-align: center;">Cannot login, please try again.</p>';
?>
index.php文件的配置页:
<?php
require_once 'functions/functions.php';
require_once 'functions/database.php';
if (!isset($_SESSION))
session_start();
$logged_in = isset($_SESSION['user_logged_in']) ? ($_SESSION['user_logged_in'] == "1" ? true : false ) : false;
if (!$logged_in)
{
header("Location: login.php");
}
else
{
//Null action
}
?>
索引页在所有操作完成后显示,但它一直将其发送回登录页…
首先将session_start();
写在页面顶部,并尝试如下:
if(isset($_SESSION['user_logged_in'])&&($_SESSION['user_logged_in']==='1'))
{
//if logged in already
}else{
header("Location: login.php");
}
首先将session_start()
移动到所有页面的顶部,或者至少是所有使用$_SESSION变量的页面的顶部。最好的办法是将其添加到include
中,并将其包含在所有页面中。
在这个脚本中还有一行设置$_SESSION['user_logged_in'] = false;
,就在您测试它是否有一个值之前,我假设它在测试中被添加并且没有被删除。
<?php
session_start();
require_once 'functions/functions.php';
require_once 'functions/database.php';
// this line makes NO SENSE so remove it
//$_SESSION['user_logged_in'] = false;
if ( ! isset($_SESSION['user_logged_in']) || $_SESSION['user_logged_in'] == 0) {
header("Location: login.php");
}
else
{
//Null action
}
?>
试试这个代码
<?php
session_start();
require_once 'functions/functions.php';
require_once 'functions/database.php';
$_SESSION['user_logged_in'] = false;
$logged_in = isset($_SESSION['user_logged_in']) ? ($_SESSION['user_logged_in'] == "1" ? true : false ) : false;
if (!$logged_in)
{
header("Location: login.php");
exit;
}
else
{
//Null action
}
?>