2

请帮忙!这是我试图设置必填字段的代码。如果该字段为空,它应该在完成后显示错误,它应该重定向到 myaccount.php。使用下面的代码,它只是一直将我重定向到 myaccount.php。有问题的字段是一个很大的文本区域。PHP:

session_start();
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection.");
$err = array();
if (isset($_POST['doThesis']) && $_POST['doThesis'] == 'Save')
{
if ( ! isset($_SESSION['user_id']))
{
    exit(header("Location:login.php\r\n"));
}

{
$result = mysql_query("SELECT `id` FROM users WHERE `banned` = '0'") or 
die (mysql_error());



list($id) = mysql_fetch_row($result);

$_SESSION['user_id']= $id;
foreach($_POST as $key => $value)

if(empty($abstract))
{
$err[] = "ERROR - Enter Native Language";
//    header("Location: language.php?msg=$err[0]");
}

/// Automatically collects the hostname or domain  like example.com)
$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$path   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');

if(empty($err)) {
    $thesis_Name = mysql_real_escape_string($_POST['thesis_Name']);
    $abstract = mysql_real_escape_string($_POST['abstract']);

$sql_insert = "INSERT into `thesis`
    (`user_id`,`thesis_Name`,`abstract` )
VALUES
    ('$id','$thesis_Name','$abstract') ";

mysql_query($sql_insert,$link) or die("Insertion Failed:" . mysql_error());
}
header("Location: myaccount.php?id=' . $_SESSION[user_id] .'");
exit();

}
}

登录表格:

$err = array();

foreach($_GET as $key => $value) {
$get[$key] = filter($value); //get variables are filtered.
}

if (@$_POST['doLogin']=='Login')
{

foreach($_POST as $key => $value) {
$data[$key] = filter($value); // post variables are filtered
}


$user_email = $data['usr_email'];
$pass = $data['pwd'];


if (strpos($user_email,'@') === false) {
$user_cond = "user_name='$user_email'";
} else {
$user_cond = "user_email='$user_email'";

}


$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users
  WHERE 
       $user_cond
        AND `banned` = '0'
        ") or die (mysql_error()); 
$num = mysql_num_rows($result);

// Match row found with more than 1 results  - the user is authenticated. 
if ( $num > 0 ) { 

list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result);


//header("Location: login.php?msg=$msg");
 //exit();
 }

if(empty($err)){            

 // this sets session and logs user in  
    session_start();
   session_regenerate_id (true); //prevent against session fixation attacks.

   // this sets variables in the session 
    $_SESSION['user_id']= $id;  
    $_SESSION['user_name'] = $full_name;
    $_SESSION['user_level'] = $user_level;
    $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);

    //update the timestamp and key for cookie
    $stamp = time();
    $ckey = GenKey();
    mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' 
where id='$id'") or die(mysql_error());

    //set a cookie 


    header("Location: myaccount.php?id=' . $_SESSION[user_id] .'");
    exit();
     }
    }
    else
    {
    //$msg = urlencode("Invalid Login. Please try again with correct 
user email and password. ");
    $err[] = "Invalid Login. Please try again with correct user email
and password.";
    //header("Location: login.php?msg=$msg");
    }
} else {
    $err[] = "Error - Invalid login. No such user exists";
  }     

}

4

2 回答 2

5

我可以看到的第一个问题是您在调用 session_start(); 之前检查会话值;

移动 session_start(); 到页面顶部,看看是否有帮助

<?php
    session_start();
    .....

这看起来是错误的,有两个原因我可以看到

if (empty($_SESSION['$user_id'])) { }

首先,里面有一个$,是不是应该在那里?

其次,它将所有其余代码包装在您的页面中,实际上并没有做我认为您希望它做的事情。

试试这个

if (isset($_POST['doThesis']) && $_POST['doThesis'] == 'Save')
{
    if ( ! isset($_SESSION['user_id']))
    {
        exit(header("Location: someotherpage.php\r\n"));
    }
    // the rest of your code
}

我又看了一遍你的代码,我建议你自己再看一遍。

似乎您正在检查是否设置了 $_SESSION['user_id'] 并且您正在从一个非常“松散”的 sql“SELECT id FROM users WHERE ban = 0”中重新为其分配一个新值,你怎么知道哪个 id 去要从这里返回?

于 2012-04-14T12:32:36.997 回答
1
  • 不是testest,但应该是这样的:
<?php
$err = array();

// if not logged in no reason to go further
if (empty($_SESSION['user_id'])) {
    header('Location: signup.php');
    // or login.php
}

// otherwise
if (isset($_POST['doThesis'])) {
    $link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection.");
    $user_id = intval($_SESSION['user_id']);
    // check if current user is banned
    $the_query = sprintf("SELECT COUNT(*) FROM users WHERE `banned` = '0' AND `id` = '%d'", $user_id);
    $result = mysql_query($the_query, $link);
    if ($result) {
        $user_check = mysql_num_rows($result);
        // user is ok
        if ($user_check > 0) {

            // required field name goes here...
            $required_fields = array('thesis_Name');
            // check for empty fields
            foreach ($required_fields as $field_name) {
                $value = trim($_POST[$field_name]);
                if (empty($value)) {
                    $err[] = "ERROR - $field_name is left blank!";
                }
            }
            // no errors
            if (empty($err)) {

                $thesis_Name = mysql_real_escape_string($_POST['thesis_Name']);
                $abstract = mysql_real_escape_string($_POST['abstract']);

                // insert into the database
                $the_query = sprintf("INSERT INTO `thesis` (`user_id`,`thesis_Name`,`abstract`) VALUES ('%d','%s','%s')", $user_id, $thesis_Name, $abstract);

                // query is ok?
                if (mysql_query($the_query, $link)) {

                    // redirect to user profile
                    header('Location: myaccount.php?id=' . $user_id);
                } else {
                    echo mysql_error();
                }
            }
        }
    } else {
        echo mysql_error();
    }
}
?>
于 2012-04-14T12:44:44.977 回答