0

我有一个login.php文件,在有效登录后它似乎没有开始会话或在会话数组中存储任何信息?任何帮助,将不胜感激。谢谢你。

    <?php 
include_once 'accounts/db.php';
include_once 'accounts/dbfunctions.php';

$err = array();

foreach($_GET as $key => $value) {
    $get[$key] = filter($value); //get variables are filtered.
}

if ($_POST['doLogin']=='Login')
{

foreach($_POST as $key => $value) {
    $data[$key] = filter($value); // post variables are filtered
}


$user_email = $data['usr_email'];
$pass = $data['pwd'];


if (strpos($user_email,'@') === false) {
    $user_cond = "user_name='$user_email'";
} else {
      $user_cond = "user_email='$user_email'";

}


$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users WHERE 
           $user_cond
            AND `banned` = '0'
            ") or die (mysql_error()); 
$num = mysql_num_rows($result);

  // Match row found with more than 1 results  - the user is authenticated. 
    if ( $num > 0 ) { 

    list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result);

    if(!$approved) {
    //$msg = urlencode("Account not activated. Please check your email for activation code");
    $err[] = "Account not activated. Please check your email for activation code";

    //header("Location: login.php?msg=$msg");
     //exit();
     }

        //check against salt
    if ($pwd === PwdHash($pass,substr($pwd,0,9))) { 
    if(empty($err)){            

     // this sets session and logs user in  
       session_start();
       session_regenerate_id(true); //prevent against session fixation attacks.

       // this sets variables in the session 
        $_SESSION['user_id']= $id;  
        $_SESSION['user_name'] = $full_name;
        $_SESSION['user_level'] = $user_level;
        $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);

        //update the timestamp and key for cookie
        $stamp = time();
        $ckey = GenKey();
        mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());

        //set a cookie 

       if(isset($_POST['remember'])){
                  setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                  setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
                  setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                   }
          header( 'Location: http://www.example.com' ) ;
         }
        }
        else
        {
        //$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
        //$err[] = "Invalid Login. Please try again with correct user email and password.";
        header("Location: index.html?p=problem1");
        }
    } else {
        header("Location: index.html?p=problem2");
        //$err[] = "Error - Invalid login. No such user exists";
      }     
}



?>
<script type="text/javascript" src="jquery/jquery.validate.js"></script>
<script type="text/javascript">
  $(document).ready(function(){
    $("#logForm").validate();
  });
  </script>
<?php
      /******************** ERROR MESSAGES*************************************************
      This code is to show error messages 
      **************************************************************************/
      if(!empty($err))  {
       echo "<div class=\"msg\">";
      foreach ($err as $e) {
        echo "$e <br>";
        }
      echo "</div>";    
       }
      /******************************* END ********************************/      
      ?>
<div>
<?php
echo "session user id " . $_SESSION['user_id'];
echo "session id" . $sess_user_id;
echo "cookie id" . $cook_user_id;
echo "Session A " . $test1;
Print_r ($_SESSION);
$sid = session_id();
if($sid) {
    echo "Session exists!" . session_id();
} else {
    echo "NOTHING!";
}
echo $_SESSION['user_name'];
echo $_COOKIE['user_id'];
echo $_COOKIE['user_key'];
?>
<a id="11" href="#colorbox" class="Link">Login</a>
</div>
<div style='display:none'>
<div id="colorbox">
  <div id="LoginBox">
    <form action="login.php" method="post" name="logForm" id="logForm">
      <div class="Fields">
      <div id="userName">UserName:</div>
        <input name="usr_email" type="text" class="required" size="25">
      </div>
      <div class="Fields" style="padding-top:5px;">
      <div id="passWord">Password:</div>
        <input name="pwd" type="password" class="required password" size="25">
      </div>
      <div class="Fields" style="padding-top:5px;">
        <input name="remember" type="checkbox" id="remember" value="1">
        Remember me</div>
      <div class="Fields" style="padding-top:5px;text-align:center;">
        <input name="doLogin" type="submit" id="doLogin3" class="button" value="Login">
      </div>
    </form>
    <div id="forgotPasswordLink">
    <a class="sitelink" id="colorboxForgot" href="forgot.php">Forgot Password</a></div>
  </div>
</div>
</div>

现在登录后我看到 url index.html?p=problem 而不是http://www.example.com

以下回声是空的,所以我相信这意味着没有信息进入会话数组

<?php
echo "session user id " . $_SESSION['user_id'];
echo "session id" . $sess_user_id;
echo "cookie id" . $cook_user_id;
echo "Session A " . $test1;
Print_r ($_SESSION);
$sid = session_id();
if($sid) {
    echo "Session exists!" . session_id();
} else {
    echo "NOTHING!";
}
echo $_SESSION['user_name'];
echo $_COOKIE['user_id'];
echo $_COOKIE['user_key'];
?>
4

1 回答 1

0

请记住,您应该在页面的最顶部开始会话,即在任何开始之前。否则您将获得会话变量的空值。如果你想使用会话变量。移动 session_start();

到拳头线。

确定这会解决你的问题

于 2013-04-04T03:42:31.867 回答