0

以下代码应检查是否存在有效会话或有效 cookie,include_once file A.php如果不存在则检查include_once login.php

到目前为止,login.phpandlogout.php正在正确执行(会话/cookie)正在创建和销毁,但以下代码仍然没有显示正确的内容。

正如这段代码所代表的那样,我看到了login.php不管是有效的会话还是 cookie。

任何帮助都会很棒。谢谢你。

<?php
include_once '../accounts/dbc.php'; 

if (isset($_SESSION['user_id']) && isset($_SESSION['user_name']) ) 
{
    include_once 'A.php';
}
else if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])){
    /* we double check cookie expiry time against stored in database */

    $cookie_user_id  = filter($_COOKIE['user_id']);
    $rs_ctime = mysql_query("select `ckey`,`ctime` from `users` where `id` ='$cookie_user_id'") or die(mysql_error());
    list($ckey,$ctime) = mysql_fetch_row($rs_ctime);
    // coookie expiry
    if( (time() - $ctime) > 60*60*24*COOKIE_TIME_OUT) {

        include_once '../login.php';
        }
/* Security check with untrusted cookies - dont trust value stored in cookie.       
/* We also do authentication check of the `ckey` stored in cookie matches that stored in database during login*/

     if( !empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey)  ) {
          session_regenerate_id(); //against session fixation attacks.

          $_SESSION['user_id'] = $_COOKIE['user_id'];
          $_SESSION['user_name'] = $_COOKIE['user_name'];
        /* query user level from database instead of storing in cookies */  
          list($user_level) = mysql_fetch_row(mysql_query("select user_level from users where id='$_SESSION[user_id]'"));

          $_SESSION['user_level'] = $user_level;
          $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);

          include_once 'A.php';
       } 
       else {
          include_once '../login.php';
       }

  } else {
  include_once '../login.php';
}
?>
4

1 回答 1

0

花了两天 13 小时并得到了一些帮助,但在第三次重写之后,事情似乎只处理了一个小的服务器因果错误,我只能忍受。这个问题可以关闭。谢谢你。

于 2015-07-08T23:07:29.763 回答