0

我有一个类 Authenticator,它使用 Datatype User 来登录用户。

include('User.datatype.php');

$usher = new Authenticator;
$usher->checkCreds();
$usher->startSession();

Class Authenticator {
    protected $user;
    protected function getCreds() {
        if (!isset($_POST['login']))
                throw new Exception("There was an error processing your request", 1);
        else if ($_POST['username'] == '' || $_POST['password'] == '')
            throw new Exception("You must enter a username and password", 1);
        $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
        $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
        $this->user = new User;
        $this->user->username = $username;
        $this->user->password = $password;
    }

    public function checkCreds() {
        $this->getCreds();
        if (empty($this->user->username) || empty($this->user->password))
            throw new Exception("Error Processing Request", 1);
        include('dbconnect.php');       // Normally I'd store the db connect script outside of webroot
        $pdo = new PDO("mysql:host=$db_host;dbname=$db_name;", $db_user, $db_password);
        $stmt = $pdo->prepare('SELECT username FROM Users WHERE username = :uname AND password = :pword');
        $stmt->bindParam(':uname', $this->user->username);
        $stmt->bindParam(':pword', $this->user->password);
        $stmt->execute();
        $status = $stmt->fetch(PDO::FETCH_NUM);
        $this->user->status = $status;
    }

    protected function createSessionID() {
        $seshID = mt_rand(99999, 1000000000);
        return $seshID;
    }

    public function startSession() {
        if ($this->user->status === false)
            throw new Exception("There was a problem connecting to the database", 1);
        session_start();
        $_SESSION['username'] = $this->user->username;
        $_SESSION['id'] = $this->createSessionID();
        $secret = $_SESSION['id'];
        header('Location:loggedin.php?' . $secret);
        return true;
    }
}

登录有效并且 session_starts() 有效,但是当我尝试 print 'Welcome, ' . $_SESSION['username'];登录.php 时,会话变量为空。

登录的 HTML.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
        <head>
            <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
            <title>Product Cost Calculator</title>
            <link rel="stylesheet" type="text/css" href="style.css" />
        </head>

        <body>
            <div id="container">
                <?php
                    /*require_once ('Authenticator.php');
                    if (!Authenticator::startSession())
                        print 'you are not logged in';*/
                    print 'Welcome, ' . $_SESSION['username'];
                ?>
            </div>
        </body>
    </html>
4

1 回答 1

2

您应该在当前页面中设置一个会话以使用与会话相关的代码

session_start();
include('User.datatype.php');
//rest of code etc etc
于 2013-04-24T20:24:23.760 回答