我在这段代码中有一个循环(用户会返回登录页面)。问题部分是这个
else if (!$session_id){
//if user is not logged in, send to the login page
header("Location:" . $Config_live_site . "/user_events/login.php");
exit;
}
我有一种感觉,这与所有嵌套的if语句有关。如果删除上面的"else-If",则用户可以登录,并且所有会话功能都可以正常工作。这是代码:
//check if the user has clicked on a submit button in a login form in login.php
if (isset( $_POST['submit'] )) {
$username = $_POST['username'];
$pass = $_POST['password'];
if (!$username) {
echo "<script>alert('Please enter username'); document.location.href='index.php?option=login$string_2';</script>'n";
}
if (!$pass) {
echo "<script>alert('Please enter a password'); document.location.href='index.php?option=login$string_2';</script>'n";
}
else {
$pass = md5( $pass );
}
//set up user object and start a new session
$user = new user();
$database->get_user(&$user, $username, '1');
if (!strcmp( $user->user_pass, $pass)) {
session_name( 'login' );
session_start();
$logintime = time();
$session_id = md5( "$user->username$user->user_type$logintime" );
$database->set_session($user, $session_id, $logintime);
$_SESSION['session_id'] = $session_id;
$_SESSION['session_username'] = $user->username;
$_SESSION['session_usertype'] = $user->user_type;
$_SESSION['session_logintime'] = $logintime;
session_write_close();
// cannot using mosredirect as this stuffs up the cookie in IIS
if ($suboption) {
echo "<script>document.location.href='index.php?$string';</script>'n";
} else {
echo "<script>document.location.href='index.php?option=subscriber_home';</script>'n";
}
exit();
} else {
echo "<script>alert('Incorrect Username and Password, please try again'); document.location.href='index.php?option=subscribe$string_2';</script>'n";
exit();
}
}
else if (!$session_id){
//if user is not logged in, send to the login page
header("Location:" . $Config_live_site . "/user_events/login.php");
exit;
}
//session starts
session_name( 'login' );
session_start();
if ($option == 'logout') {
require 'logout.php';
exit();
}
$user = new user();
$user->username = $_SESSION['session_username'];
$user->user_type = $_SESSION['session_usertype'];
$session_id = $_SESSION['session_id'];
$logintime = $_SESSION['session_logintime'];
这段代码非常混乱,如果不知道数据库对象是什么以及它是如何运行的,我无法完全帮助您,但请这样做。它将简化您的代码堆。
session_start();
try{
if(!isset($_POST['submit']))
throw new exception('No Post Data Found.');
if(!isset($_POST['username']))
throw new exception('Please enter a username.');
if(!isset($_POST['password']))
throw new exception('Please enter a password.');
$username = $_POST['username'];
$password = $_POST['password'];
$password = md5($password);
//CHECK IF USER CREDENTIALS ARE CORRECT HERE
#$result = database results as object.
$valid_credentials = true;
if(!$valid_credentials)
throw new exception('Your credentials were incorrect.');
$_SESSION['username'] = $username;
$_SESSION['user_type'] = $result->user_type;
$_SESSION['logintime'] = time();
echo '<script>document.location.href="success.php";</script>'
catch (Exception $E){
echo "<script>alert('$E->getMessage()'); document.location.href='login.php'; </script>";
}
其中一些做法我不推荐,但我尽可能地将其与您的代码相结合。您可能需要将数据库对象添加到代码中。
我也更喜欢用户标题("位置:");比javascript脚本,但我使用了您现有的工具。
祝你好运!