登录表单在实时服务器上第一次尝试时失败，但在第二次或第三次尝试时有效 - login form fails on 1st attempt on live server but works on second or third

我的登录表单在Internet Explorer中运行良好，但在Chrome和Firefox中，它几乎总是在第一次尝试时失败。在阅读了Stack Overflow上的几乎每一篇文章都没有找到答案后，我决定发布这篇文章。第一次尝试总是无法登录，需要2次或3次尝试。我包含了两部分代码，第一部分是我的login.php，第二部分是header.html，如果用户登录，所有链接都会出现在这里。

我尝试了很多事情，比如刷新dns，清除缓存，卸载Chrome并重新安装，我在3台不同的计算机上尝试了我的页面，结果都是一样的。

我在phpmyadmin中以SQL形式测试了该查询，当我在login.php文件中执行Select查询时，它总是返回UserID。

MYSQL是一个常量，它指向我的mysqli_connect文件。

我希望这篇文章能帮助其他可能有这个问题的人。

这里是login.php

<?php
include ('includes/header.html');
include ('includes/config.inc.php');
$page_title = 'Login';
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
require (MYSQL);
$trimmed = array_map('trim', $_POST);
    if (!empty($trimmed['Email']) && filter_var($trimmed['Email'], FILTER_VALIDATE_EMAIL, FILTER_SANITIZE_EMAIL)){
        $e = mysqli_real_escape_string($dbc, $_POST['Email']);
    } else {
        $e = FALSE;
        echo '<p class="error">You forgot to enter your email address, or the email you entered is invalid.</p>';
    }
    if (!empty($trimmed['Pass']) && (preg_match ('/^'w{4,20}$/', $trimmed['Pass']))){
        $p = mysqli_real_escape_string($dbc, $_POST['Pass']);
    } else {
        $p = FALSE;
        echo '<p class="error">You forgot to enter your password, or the password you entered is invalid.</p>';
    }
    if ($e && $p){
                $q = "SELECT UserID, Fname FROM users WHERE (Email='$e' AND Pass=SHA1('$p')) AND Active IS NULL";
                $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q'n<br />MySQL Error: " . mysqli_error($dbc));
                if (@mysqli_num_rows($r) == 1){
                    $_SESSION = mysqli_fetch_array($r, MYSQLI_ASSOC);
                    mysqli_free_result($r);
                    mysqli_close($dbc);
                    $url =  BASE_URL . 'index.php';
                    ob_end_clean();
                    header("Location: $url");
                    exit();
                } else {
                    echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>';
                }
            } else {
                echo '<p class="error">Please try again.</p>';
            }
mysqli_close($dbc);
} //end of submit conditional

?>
<div class="text">
<h1>Login</h1>
<p>Your browser must allow cookies in order to log in.</p>
<form action="login.php" method="post">
<fieldset>
<p><b>Email: <input type="text" name="Email" /></b></p>
<p><b>Password: <input type="password" name="Pass" /></b></p>
<input type="submit" name="submit" value="Login!" />
</fieldset>
</form>
</div>
<? include ('includes/footer.html'); ?>

这是header.html

<?php
ob_start();
session_start();
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
<link rel="stylesheet" type="text/css" href="css/styles.css" />
<title><?php if (isset($page_title)){ echo $page_title; }?></title>
<meta name="description" content="<?php if (isset($description)){ echo $description; }?>">
<meta name="keywords" content="<?php if (isset($keywords)){echo $keywords; }?>">
<script type="text/javascript">
$(document).ready(function(){
    $("#menu li").hover(function(){
        $(this).children(":hidden").slideDown();
    },function(){
        $(this).parent().find("ul").slideUp();
    });
});
</script>
</head>
<body>
<div id="container">
<div id="logo">
<img src="images/links.jpg" border="0" alt="Links">
</div>
<div id="menu">
<ul>
    <li><a href="http://www.example.com">Home</a></li>
    <li><a href="#">About</a>
    <ul>
                <li class="sub"><a href="how_it_works.php">How It Works</a></li>
                <li class="sub"><a href="link_placement.php">Link Placement</a></li>
                <li class="sub"><a href="verifying_your_links.php">Verifying Links</a></li>
                <li class="sub"><a href="link_partners.php">Link Partners</a></li>
                <li class="sub"><a href="terms.php">Terms and Conditions</a></li>
            </ul>
            </li>
    <li><a href="#">Account Management</a>
            <ul>
                <?php
                    if (isset($_SESSION['UserID'])){
                        echo '<li class="sub"><a href="logout.php">Logout</a></li>';
                        echo '<li class="sub"><a href="add_url.php?id=' . $_SESSION['UserID'] . '">Add Your Url</a></li>';
                        echo '<li class="sub"><a href="directory.php">Directory of Sites</a></li>';
                        echo '<li class="sub"><a href="view_sites.php?id=' . $_SESSION['UserID'] . '">View/Edit Urls</a></li>';
                        echo '<li class="sub"><a href="edit_account.php?id=' . $_SESSION['UserID'] . '">Edit Account</a></li>';
                        echo '<li class="sub"><a href="change_password.php">Change Password</a></li>';
                    } else {
                        echo '<li class="sub"><a href="login.php">Login</a></li>';
                        echo '<li class="sub"><a href="register.php">Register</a></li>';
                    } 
                    ?>
                <li class="sub"><a href="forgot_password.php">Forgot Password</a></li>
            </ul>
            </li>
    <li><a href="register.php">Register</a></li>
    <li><a href="contact.php">Contact Us</a></li>

</ul>
<div align="center" id="sidebar">
<?php include('includes/ads.php'); ?>
</div>
</div>

我敢打赌，在页面刷新后的第一次登录尝试（使用正确的凭据）后，您的header.html将显示正确的链接，而无需再次进行授权。

是这样吗？

好吧，如果是的话，您必须设法在$_SESSION初始化（SESSION_start（）函数）、输出缓存机制（ob_start（函数）和标头重定向（标头（"Location"）函数）之间达成一个小循环

你的搜索查询应该是"为什么header（）重定向不起作用"，你会立即找到答案——因为在头之前有一些输出到浏览器。

最有可能发生的情况是，您的授权有效，您设置了$_SESSION变量，但没有得到重定向。当你再次尝试查看该页面后——令人惊讶的是，你已经获得了授权。也不需要任何其他登录尝试。

更好的方法是清理代码，看看会发生什么
将检查用户登录详细信息的代码放在页面顶部，若发生错误，将其保存在变量中，然后显示，否则重定向用户。

注：未测试代码

<?php
  include( "includes/config.inc.php" );
  if ( strtolower( $_SERVER['REQUEST_METHOD'] ) === "post" && ( isset( $_POST["Email"], $_POST["Pass"] ) ) ) {
    session_start();
    $email  = filter_var( trim( $_POST["Email"] ), FILTER_VALIDATE_EMAIL );
    $pass   = preg_match( '/^'w{4,20}$/', trim( $_POST["Pass"] ) ) ? trim( $_POST["Pass"] ) : false;
    if ( $email ) {
      if ( $pass ) {
        $email  = mysqli_real_escape_string( $dbc, $email );
        $pass   = mysqli_real_escape_string( $dbc, $pass );
        $query  = "SELECT UserID, Fname FROM users WHERE ( Email = '$e' AND Pass = SHA1('$p') ) AND Active IS NULL";
        $result = mysqli_query( $dbc, $query );
        if ( $result ) {
          if ( (int)mysqli_num_rows( $result ) === 1 ) {
            $_SESSION = mysqli_fetch_array( $result, MYSQLI_ASSOC );
            mysqli_free_result( $result );
            mysqli_close( $dbc );
            header( "Location: ".BASE_URL."index.php" );
            exit();
          }
          else {
            $error  = 'Either the email address and password entered do not match those on file or you have not yet activated your account.';
          }
        }
        else {
          $error  = 'Query: $q'n<br />MySQL Error: '. mysqli_error( $dbc );
        }
      }
      else {
        $error  = 'You forgot to enter your password, or the password you entered is invalid.';
      }
    }
    else {
      $error  = 'You forgot to enter your email address, or the email you entered is invalid.';
    }
  }
  mysqli_close( $dbc );
  $page_title = "Login"; // put this, just before including "header.html", so you can use it in your header file
  include( "includes/header.html" );
  // A
?>
<div class="text">
  <h1>Login</h1>
  <p>Your browser must allow cookies in order to log in.</p>
  <?php
    if ( isset( $error ) ) {
      echo '<p class="error">'.$error.'</p>';
    }
  ?>
  <form action="login.php" method="post">
    <fieldset>
      <p><b>Email: <input type="text" name="Email" /></b></p>
      <p><b>Password: <input type="password" name="Pass" /></b></p>
      <input type="submit" name="submit" value="Login!" />
    </fieldset>
  </form>
</div>
<?php
  include( "includes/footer.html" );
?>