php - php mysql + 会话错误

Question

我正在创建一个包含登录页面、个人资料页面和注销页面的网站。我正在使用会话，但我在处理会话时遇到问题，我无法理解错误是什么或在哪里修复它。

我得到的错误是在 profile.php**(("you need to be loged in to view profiles"))line 8** 任何人有想法或解决方案请给我打电话

登录.php

<?php 

 require_once('for members/scripts/global.php'); 

$message = "";
if(isset($_POST['email'])){

  $email = $_POST['email'];
  $pass = $_POST['pass'];


  //error handeling
  if((!$email)||(!$pass)){
  $message = "please insert both fields";

  }else{
   // secure data
   $email = mysql_real_escape_string($email);
   $pass = sha1($pass);
   $query = mysql_query("SELECT * FROM members WHERE email='$email'AND password='$pass'LIMIT 1")or die(mysql_error());
   $count_query = mysql_num_rows($query);
   if($count_query == 0){
   $message = "the information was incorrect!";
   }else{
   //start the sessions
   $_SESSION['pass']=$pass;
   while($row = mysql_fetch_array($query)){
       $username = $row['username'];
       $id = $row['id'];

    }
    $_SESSION['username'] = $username;
    $_SESSION['id'] = $id;

    /* to create a cookie on the HDD OF THE user 
    if($remember == "yes"){
    //create the cookies
    setcookie("id_cookie", $id, time()+60*60*24*100,"/");
    setcookie("pass_cookie", $pass, time()+60*60*24*100,"/");
    }
    */

     header("Location:profile.php");
   }
  }

}





?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link href="style/stylesheet.css"rel="stylesheet" type="text/css"/>
</head>

<body>



<div class="container center"> 

<p><?php print("$message") ?></p>
<form action="login.php" method="post">
<input type="text" name="email" placeholder="Email Adress" /><br />

<input type="password" name="pass" placeholder="Password" /><br />

<input type="submit" name="login" value="Login" />

 <a href="register.php"><strong> Register</strong></a>

</form>
</div>

</body>
</html>

配置文件.php

<?php  
ob_start();
session_start();

require_once('for members/scripts/global.php'); 

if($logged == 0){
 echo("you need to be loged in to view profiles");
 exit();
}
if(isset($_GET['id'])){
 $id=$_GET['id'];
 $id= preg_replace("#[^0-9]#","",$id);

}else{
$id=$_SESSION['id'];
}
//collect member information
$query = mysql_query("SELECT * FROM members WHERE id='$id'LIMIT 1") or die("could not collect user information ");
$count_mem = mysql_num_rows($query);
if($count_mem == 0){
 echo("the user does not exit");
 exit();

}
while($row = mysql_fetch_array($query)){
  $username = $row['username'];
  $fname = $row['firstname'];
  $lname = $row['lastname'];
  $profile_id= $row['id'];

  if($session_id == $profile_id){
  $owner = true;
  }else{
   $owner = false;

  }

}



?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php print("$fname"); ?> <?php print("$lname"); ?>'s profile</title>
<link href="style/stylesheet.css" type="text/css"/>
</head>

<body>
<div class="container center"> 
<h1><?php print("$username"); ?></h1>
<?php
if($owner == true ){
    header("Location: profile.php");
?>
<!--
<a href="#">edit profile</a><br />
<a href="#">account settings</a><br />
-->
<?php
}else{
    header("Location: index.php");
?>
<!--
<a href="#">private message</a><br />
<a href="#">add as friend</a><br />
--> 
<?php
}
?>
</div>
</body>
</html>
<?php flush(); ?>

注销.php

<?php
session_start();

session_destroy();
/*
if(isset($_COOKIE['id_cookie'])){

setcookie("id_cookie", "", time()-50000,"/");

setcookie("pass_cookie", "", time()-50000,"/");

}
*/
if(isset($_SESSION['username'])){ 
echo("we could not log out try again!");
exit();
}else{
 header("Location: home.php");

}

?>

全局.php

<?php
if(!isset($_SESSION))
{
session_start();
} 

require_once('connect.php'); 


//checking if sessions are set

if(isset($_SESSION['username'])){
 $session_username = $_SESSION['username'];
 $session_pass = $_SESSION['pass'];
 $session_id = $_SESSION['id'];

 //check if the member exist
 $query = mysql_query("SELECT * FROM members WHERE id='$session_id' AND password='$session_pass'LIMIT 1")or die("could not ");
$count_count = mysql_num_rows($query);
if($count_count == 0){
//loged in stuff here
$logged = 1;

 while($row = mysql_fetch_array($query)){
     $session_username = $row['username'];
  }
  //create sessions
$_SESSION['username'] = $session_username;
$_SESSION['id'] = $session_id;
$_SESSION['pass'] = $session_pass;


}else{
 header("Location: logout.php");
exit();
}



}
$logged = 0;
/*
elseif(isset($_COOKIE['id_cookie'])){
    $session_id = $_COOKIE['id_cookie'];
    $session_pass = $_COOKIE['pass_cookie'];

 $query = mysql_query("SELECT * FROM members WHERE id='$session_id' AND password='$session_pass'LIMIT 1")or die("could not ");
$count_count = mysql_num_rows($query);
if($count_count > 0){


//loged in stuff here
$logged = 1;
}else{
 header("Location: logout.php");
exit();
 }
 //if user is not log in

}
*/

?>

Answer 1

您所写的内容可能有一些问题。$logged == 0我想是在 global.php 中定义的。它是否也在其中启动会话（即，您session_start()在 global.php 中是否有）？

据我所知，$logged可能是任何东西，因此您会收到错误消息。如果不在 global.php 中，也应该在 logging.php 中启动会话。

好的。从 global.php 中取出所有内容。如果您只想保留 session_start()，但将其从 login.php 和 profile.php 中删除。

然后，您必须将针对数据库检查密码和用户名的 sql 查询移动到 login.php 而不是 global.php 并像这样。

 //check if the member exist
 $query = mysql_query("SELECT * FROM members WHERE id='$session_id' AND   password='$session_pass'LIMIT 1")or die("could not ");
$count_count = mysql_num_rows($query);
if($count_count == 0){
//loged in stuff here
$logged = 1;
header("Location: profile.php");

 while($row = mysql_fetch_array($query)){
     $session_username = $row['username'];
  }
  //create sessions
$_SESSION['username'] = $session_username;
$_SESSION['id'] = $session_id;
$_SESSION['pass'] = $session_pass;


}else{
 $logged = 0;
 header("Location: logout.php");
exit();
}

你在 login.php 中不需要这些（用上面的代码替换它们）

$message = "";
if(isset($_POST['email'])){

  $email = $_POST['email'];
  $pass = $_POST['pass'];


  //error handeling
  if((!$email)||(!$pass)){
  $message = "please insert both fields";

  }else{
   // secure data
   $email = mysql_real_escape_string($email);
   $pass = sha1($pass);
   $query = mysql_query("SELECT * FROM members WHERE email='$email'AND password='$pass'LIMIT 1")or die(mysql_error());
   $count_query = mysql_num_rows($query);
   if($count_query == 0){
   $message = "the information was incorrect!";
   }else{
   //start the sessions
   $_SESSION['pass']=$pass;
   while($row = mysql_fetch_array($query)){
       $username = $row['username'];
       $id = $row['id'];

    }
    $_SESSION['username'] = $username;
    $_SESSION['id'] = $id;

Answer 2

您在使用login.php 页面中$_SESSION没有正确启动会话的情况下使用。session_start()