0

我不确定我对我的代码做了什么,但出于某种原因,我到 updatestore.php 的链接将我带到了 admin/index.php。下面的两个文件都位于 localhost/portal/admin 中,但我无法理解导致不良行为的原因。我的 session_start() 变量位于 ../login.php 中。我测试了从该文件中取出 session_start 并且我的所有其他链接都开始以相同的方式运行 - 他们只会将我带到 admin/index.php 而不是他们应该去的地方。我对该怎么做感到沮丧。

这是 updatestore.php

<?php
    require ("../login.php");

    if ($_SESSION['admin'] != 1)
        header('Location: ../index.php');

    if (isset($_POST['submit'])) {
        $_SESSION['store'] = $_POST['store'];
        header('Location:updatestore2.php');
    }

    include ("header.php");
    include ("adminnav.php");

?>

    <h2>Update Store</h2>

    <?php
        $stmt = $db->prepare("SELECT short_name FROM store ORDER BY short_name");
        $stmt->execute();
        $rows = $stmt->fetchAll();
        $num_rows = count($rows);
        if ($num_rows == 0)
            echo '<p>There are no store\'s currently in the system.';
        else { ?>
            <form action="" method="post">
                <ul>
                    <li>
                        <b>Select Store To Edit:</b><br>
                        <select name="store">
                        <?php
                        foreach($rows as $row) {
                            echo '<option value ="'. $row['short_name'] . '">' . $row['short_name'] . '</option>';  
                        }   ?>
                        </select>
                    </li>
                    <li>
                        <br><input type="submit" value="Select Store" name ="submit" id="submit">
                    </li>
                </ul>
            </form>
<?php    } ?>


<?php   
    include ("footer.php");
?>

这是另一个正常工作的页面,addshortages.php

<?php
    require ("../login.php");

    if ($_SESSION['admin'] != 1)
        header('Location: ../index.php');

    $success = false;

    if (isset($_POST['submit'])) {
        $_SESSION['store'] = $_POST['store'];
        header('Location: addshortages2.php');
    }

    include ("header.php");
    include ("adminnav.php");

?>

    <h2>Update Shortages List</h2>

    <?php
        if (!empty($errors))
            foreach($errors as $error)
                echo $error;

        if ($success == true)
            echo '<p>The FAQ has succesfully been submitted!</p>';
    ?>

    <?php

        $stmt = $db->prepare("SELECT * FROM store ORDER by short_name");
        $stmt->execute();
        $rows = $stmt->fetchAll();
        $num_rows = count($rows);

    ?>
    <?php if ($success == false) { ?>
            <form action="" method="post">
                <ul>
                    <li>
                        <b>Select Store To Modify Shortages:</b><br>
                        <select name="store">
                        <?php
                        foreach($rows as $row) {
                            echo '<option value ="'. $row['short_name'] . '">' . ($row['short_name']) . '</option>';  
                        }   ?>
                        </select>
                    </li>
                    <li>
                        <br><input type="submit" value="Select Store" name ="submit" id="submit">
                    </li>
                </ul>
            </form>
<?php       } ?>

<?php   
    include ("footer.php");
?>

我也有尝试注销页面的问题,但他们也只是将我带到 admin/index.php。注销将 ?logout=1 附加到 GET 变量,但它没有做它应该做的事情。

索引.php

<?php
    require ("login.php");
    require_once ('Bcrypt.php');

    if ((isset($_GET['logout'])) == 1) {
        session_destroy();
        header('Location: ../index.php');
    }

    if (isset($_SESSION['user'])) {
        if ($_SESSION['admin'] == 1)
            header('Location: admin/index.php');
        else
            header('Location: customer/index.php');
    }

    if (isset($_POST['submit'])) {
        if ((empty($_POST['email'])) || (empty($_POST['password']))) 
            $errors[] = 'Please fill out all fields of the registration process.<br>';
        else {
            $email = trim($_POST['email']);
            $password = trim($_POST['password']);

            $stmt = $db->prepare("SELECT * FROM users WHERE email=:email");
            $stmt->bindValue(':email', $email, PDO::PARAM_STR);
            $stmt->execute();
            $rows = $stmt->fetchAll();
            $num_rows = count($rows);
            if ($num_rows) {
                foreach($rows as $row) {
                    $result = Bcrypt::checkPassword($password,$row['password']);
                    if ($result) {
                        $_SESSION['user'] = $row['id'];
                        $_SESSION['admin'] = $row['admin'];
                        $_SESSION['name'] = $row['name'];
                        $_SESSION['email'] = $row['email'];
                        if ($_SESSION['admin'] == 1)
                            header('Location: admin/index.php');
                        else
                            header('Location: customer/index.php');
                    }
                    else
                        $errors[] = 'Your password is incorrect. Please try again.';
                }
            }
            else
                $errors[] = 'We do not have a record of your credentials in our system. To register go <a href="register.php">here</a>. ';
        }

    }

    include ("header.php");
    include ("subnav.php");
?>

    <h2>System Log-In</h2>

    <?php
        if (!empty($errors))
            foreach($errors as $error)
                echo $error;
    ?>

    <form action="" method="post">
        <ul>
            <li>
                <b>E-Mail:*</b> <br>
                <input type="text" name="email"></li>
            <li>
                <b>Password:*</b> <br>
                <input type="password" name="password">
            </li>
            <li>
                <br><input type="submit" value="Log-In" name ="submit" id="submit">
            </li>
            <li>
                <br><a href="register.php">Activate Account Here.</a>
            </li>
            <li>
                If you are having problems with the log-in process, please send us an <a href="mailto:jayl@jays.us">e-mail</a>.
            </li>
        </ul>
    </form>


<?php   
    include ("footer.php");
?>

我已经在 IE、Firefox 和 Chrome 上测试过这种情况。updatestore.php 文件仅不适用于 Firefox。我不知道为什么会这样。此外,对于 IE 和 Chrome,我必须在页面注销并转到相应位置之前两次单击注销链接。我在这里拉头发。

4

3 回答 3

0

更改:
header('Location:updatestore2.php');
至:
header('Location:http://google.com');
并查看它是否正确重定向。
如果是这样,那么您的问题在于updatestore2.php.

于 2013-04-19T01:29:54.893 回答
0

这行代码在两个页面中,但看起来它只是将您重定向到 index.php。

if ($_SESSION['admin'] != 1)
        header('Location: ../index.php');

但是,我不知道这是否是问题所在。

功能页面有以下内容:

$success = false;

这可能会导致问题 #2:

if ((isset($_GET['logout'])) == 1) {
        session_destroy();
        header('Location: ../index.php');
于 2013-04-19T01:18:22.473 回答
0

正确的格式是使用绝对 URL,例如:

 header('Location: http://www.site.com/index.php'); 
 header('Location: http://www.site.com/admin/updatestore2.php');

/但是如果你不在你的 url 中放一个它会起作用,浏览器将重定向到当前文件夹的文件。

为了从管理员内部定位索引,

 header('Location: /index.php');

从 admin 内部定位到 admin/updatestore2.php:

 header('Location: updatestore2.php');

这些应该工作

于 2013-04-19T01:15:04.993 回答