我为用户设置了基本登录以访问文档请求表。它工作正常,除了我第一次登录。第一次,我被重定向到正确的页面,其中 $_GET 变量清楚地显示登录是成功的,但是会话已经以某种方式被杀死/重新生成,所以它包括登录表单而不是帐户页面。它仅在我打开浏览器后第一次登录时发生。
这几天一直让我头疼。我有 session_start(); 在一切之前,在标题之前没有发送任何内容,所以我不明白。下面是代码。
partner_login.php
<?php session_start();
$_SESSION['logtoken']=sha1(microtime('get_as_float'));
$_SESSION['reqtoken']=sha1(microtime('get_as_float'));
//I set some text vars here
if(isset($_SESSION['loginsuccess'])&&($_SESSION['loginsuccess']=="1")){
include_once('sqlconnect.php');
$thisuser=$_SESSION['username'];
$query="SELECT * FROM userinfo WHERE username='$thisuser'";
$result=$mysqli->query($query);
$row = $result->fetch_assoc();
$firstname=$row['firstname'];
$lastname=$row['lastname'];
}
$thiscontent=(isset($_SESSION['loginsuccess'])&&$_SESSION['loginsuccess']=="1")?include('account.php'):include('loginform.php');
$insideCONTENTHOLDER="
<div id='CONTENT' style='width:741px;min-height:800px;background-color:white;float:right;border-right:4px solid #a0a0a0;border-top:4px solid #a0a0a0;padding:20px;'>
".$txt['TITLE']."<p>".$txt['TEXT']."<p>".$thiscontent."</div><!--END CONTENT DIV-->";
include_once('template.php');
?>
登录门.php
<?php session_start();
if (!isset($_SESSION['logtoken'])||!isset($_POST['token'])||(empty($_SESSION['logtoken']))||(empty($_POST['token']))||($_SESSION['logtoken'] != $_POST['token'])) {
$_SESSION['loginsuccess'] = "0";
header( "Location: partner_login.php?loginfail=1&err=6" );//err 6 == session token!=post token
}
elseif (!isset($_POST['username']) || !isset($_POST['password'])) {
header( "Location: partner_login.php?loginfail=1&err=0" );//err 0 == one of them was not set
}
elseif (empty($_POST['username']) || empty($_POST['password'])) {
header( "Location: partner_login.php?loginfail=1&err=00" );//err 00 == one of them was empty
}
else{
//connect to database $db, char set UTF_8
include_once('sqlconnect.php');
//sql injection protect
function clean($thisvar){
$thisvar=$mysqli->real_escape_string($thisvar);
return $thisvar;
}
//escape all input
$user = $mysqli->real_escape_string($_POST['username']);
$pass = $mysqli->real_escape_string($_POST['password']);
//salt and hash password from table
$query="SELECT * FROM userinfo WHERE username='$user'";
$result1=$mysqli->query($query);
$row = $result1->fetch_assoc();
$passhash = sha1($pass.$row['salt']);
//check that at least one row was returned
$query2="SELECT * FROM userinfo WHERE username='$user' and passwordhash='$passhash'";
$result=$mysqli->query($query2);
$rowCheck = $result->num_rows;
if($rowCheck > 0){
//session variables
$_SESSION['username'] = $user;
$_SESSION['loginsuccess'] = "1";
header( "Location: partner_login.php?lsuccess=1&user=$user" );
}
else {
header( "Location: partner_login.php?loginfail=1&err=9" ); //err 9 == username and password don't match in table
}
}
?>
这是会话的 phpinfo() 部分:
会话支持已启用注册的保存处理程序文件用户 sqlite
注册的序列化程序处理程序 php php_binary wddx 指令本地值主值 session.auto_start 关闭关闭 session.bug_compat_42 On On session.bug_compat_warn On On on session.cache_expire 180 180 session.cache_limiter nocache nocache
session.cookie_domain 无值无值
session.cookie_httponly Off Off session.cookie_lifetime 0 0
session.cookie_path // session.cookie_secure Off Off
session.entropy_file 无值无值 session.entropy_length 0 0
session.gc_divisor 100 100 session.gc_maxlifetime 1440 1440
session.gc_probability 1 1 session .hash_bits_per_character 4 4
session.hash_function 0 0 session.name PHPSESSID PHPSESSID
session.referer_check 无值 无值
session.save_handler 文件文件 session.save_path /tmp /tmp
session.serialize_handler php php session.use_cookies On On
session.use_only_cookies Off Off session.use_trans_sid 0 0
谢谢你的帮助!