-1

我正在尝试在我的登录脚本中使用 PHP 设置会话,尽管它似乎没有设置任何会话。我将所有会话设置为写入路径“/”。我正在使用 AJAX 登录。

Start_secure_session 函数:

function start_secure_session() {
    $session_name = "CodeCluster";
    $http_only = true;
    $https = false;
    ini_set("session.use_only_cookies", 1);
    $cookie_parameters = session_get_cookie_params();
    session_set_cookie_params($cookie_parameters['lifetime'], "/", $cookie_parameters['domain'], $https, $http_only);
    session_name($session_name);
    session_start();
    session_regenerate_id(true);
}

登录功能:

function login($email, $password, $database) {

try {

    $query = $database -> prepare("SELECT id, email, password, salt, activated FROM members WHERE email = :email LIMIT 1");

    $query -> execute(

        array(
            "email" => $email
        )

    );

    $info = $query -> fetch();

    if(strlen($info[0]) > 0) {

        if(account_is_locked($info['id'], $database)) {

            echo "<response>Your account is locked, please try again in two hours!</response>";

            exit();

        } else {

            if($info['activated'] == 1) {

                $password = hash('sha512', $password.$info['salt']);

                if($password === $info['password']) {

                    $_SESSION['cc_id'] = $info['id'];

                    $_SESSION['cc_email'] = $info['email'];

                    $_SESSION['cc_login_string'] = hash('sha512', $password.$_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);

                    $last_login = time();

                    $query = $database -> prepare("UPDATE members SET last_login = :last_login WHERE id = :id LIMIT 1");

                    $query -> execute(

                        array(
                            "last_login" => $last_login,
                            "id"              => $info['id']
                        )

                    );

                    return true;

                    exit();

                } else {

                    $query = $database -> prepare("INSERT INTO login_attempts(user_id, ip_address, attempt_time) VALUES (:id, :ip, :time)");

                    $query -> execute(

                        array(

                            "id" => $info['id'],
                            "ip" => $_SERVER['REMOTE_ADDR'],
                            "time" => time()

                        )

                    );

                    echo "<response>Email or password is incorrect! Please check your credentials!</response>";

                    exit();

                }

            } else {

                echo "<response>Please activate your account! You should have received an email with an activation link!</response>";

                exit();

            }

        }


    } else {

        echo "<response>Account with those details does not exist!</response>";

        exit();

    }

} catch(PDOException $e) {

    echo "<response>We could not log you in; A report of the error has been sent to tech support!</response>";

    mail("codecluster.official@gmail.com", "CodeCluster Login Error", "Login Error; Timestamp @ " . time() . " ; IP Address : " . $_SERVER['REMOTE_ADDR'] . " ;\r\n" . $e);

    exit();

}

}

is_user_logged_in 函数:

function is_user_logged_in($database) {

if(isset($_SESSION['cc_id'], $_SESSION['cc_email'], $_SESSION['cc_login_string'])) {

    try {

        foreach ($_SESSION as $session) {
            strip_tags($session);
        }

        $query = $database -> prepare("SELECT password FROM members WHERE id = :id AND email = :email LIMIT 1");

        $query -> execute(

            array(

                "id" => $_SESSION['cc_id'],
                "email" => $_SESSION['cc_email']

            )

        );

        if(strlen($query -> fetch()) > 0) {

            $password = $query -> fetch();

            $password = hash("sha512", $password.$_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']);

            if($password == $_SESSION['cc_login_string']) {

                return true;

            } else {

                return false;

            }


        } else {

            return false;

        }

    } catch(PDOException $e) {

        mail("codecluster.official@gmail.com", "Code-Cluster Error", "Error occured whilst checking users logged in status; Timestamp @ ". time() . " ; \r\n" . $e);

        return false;

        exit();

    }

} else {
    return false;

}

 }

当我这样做if(is_user_logged_in($database)) {header("Location: home.php"); exit();}时,它不会重定向我。我已经测试过了,似乎脚本找不到让我相信它们为空的会话。

这样做有什么原因吗?

编辑:我刚刚在 index.php 上的 $_SESSION 上做了一个 var_dump 并打印出来:array(3) { ["cc_id"]=> string(1) "6" ["cc_email"]=> string(24) "toxiclogic@hotmail.co.uk" ["cc_login_string"]=> string(128) "因为它是一个散列密码所以被编辑" }

编辑:“正在发送的标题”问题没有解决这个问题。

4

2 回答 2

1

header()在使用and之前不要输出任何东西session_start()

还要检查空格。

将您的文件编码为UTF-8 without BOM.

于 2013-02-20T15:52:39.477 回答
0

调用session_start(). _ 将其移到每页顶部的函数之外。

此外,请确保您对文件进行编码UTF-8而不使用BOM. 有关什么是 a 的更多信息BOM请参见此处

于 2013-02-20T16:23:19.473 回答