-1

所以我的 php 登录脚本有一个愚蠢的问题。我注意到,当我尝试使用它并登录时,它在 login.php 上设置了会话变量,但是当我尝试移动页面时,它会破坏它。因此,在 login.php 上,我检查用户名和密码是否与数据库行匹配,如果匹配,则设置一个变量,告诉站点用户已登录。然后我检查站点内的变量,如果设置好了,我让他们查看网站的内部,如果没有设置,我会踢他们。

所以这是我的 login.php

      <?php
  include 'functions/functions.php';
$db = mysqlconnect();?>
  <?php
error_reporting(0); 
session_start();
?><?php 
           if (isset($_POST["Submit"])) {



    $password = mysql_real_escape_string($_POST['password']);
    $password2 = strip_tags($password);
    $md5password = md5($password2);


    $statement = $db->prepare("SELECT * FROM users WHERE username = ? AND password = ? ");
    $statement->execute(array($_POST['username'],$md5password));
    $count = $statement->rowCount();

    /// If usernam and password match we carry on
    if ($count == "1")
      {

    $username23 = mysql_real_escape_string($_POST['username']);
    $thereusername = strip_tags($username23);



         $_SESSION['username'] = $thereusername ; 




         echo "You are now being logged in";



    //Test if it is a shared client
    if (!empty($_SERVER['HTTP_CLIENT_IP'])){
      $ip=$_SERVER['HTTP_CLIENT_IP'];
    //Is it a proxy address
    }elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    }else{
      $ip=$_SERVER['REMOTE_ADDR'];
    }



    $result5534453465 = mysql_query("UPDATE users SET lastip='".$ip."' WHERE username='".$_SESSION['username']."'") 
    or die(mysql_error());  

    mysql_query("INSERT INTO user_log (username, ip)
    VALUES ('".$_SESSION['username']."', '".$ip."')");






      echo '<META HTTP-EQUIV="Refresh" Content="0; URL=home.php">';    
        exit;




      }else{
        echo "Password or username is wrong";  

      }
    }
           ?>
    <form name="input" action="" method="post">
      <p>Username:</p>
      <p>
      <input type="text" name="username" id ="username">
      </p>
      <p>Password:  </p>
      <p>
        <input type="password" name="password" id = "password">
      </p>
      <p>
        <input type="submit" value="Submit" name = "Submit">
      </p>
    </form>

我已经尝试回显 $_SESSION['username'] 是因为用户被重定向到该站点并且它回显正确,因此它被设置正确....

所以然后在网站的内部我检查它是否正在设置 $_SESSION['username']

ini_set('session.cookie_httponly',true);
    session_start();

    if(isset($_SESSION['last_ip']) == false){
    $_SESSION['last_ip'] = $_SERVER['REMOTE_ADDR'];
    }

    if ($_SESSION['last_ip'] !== $_SERVER['REMOTE_ADDR']){

    session_unset();
    session_destroy();

    }

    if(empty($_SESSION['username'])){


    echo '<META HTTP-EQUIV="Refresh" Content="0; URL=login.php">';    
    exit;


}

出于某种原因,页面说用户名是空的......有趣的是,如果我注销破坏整个会话然后尝试登录它会起作用......

编辑:我刚刚编辑了这段代码

//Test if it is a shared client
    if (!empty($_SERVER['HTTP_CLIENT_IP'])){
      $ip=$_SERVER['HTTP_CLIENT_IP'];
    //Is it a proxy address
    }elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    }else{
      $ip=$_SERVER['REMOTE_ADDR'];
    }


//Test if it is a shared client
if (!empty($_SERVER['HTTP_CLIENT_IP'])){
  $_SESSION['last_ip']=$_SERVER['HTTP_CLIENT_IP'];
//Is it a proxy address
}elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
  $_SESSION['last_ip']=$_SERVER['HTTP_X_FORWARDED_FOR'];
}else{
 $_SESSION['last_ip']=$_SERVER['REMOTE_ADDR'];
}

现在一切似乎都奏效了......我猜

 if(isset($_SESSION['last_ip']) == false){
$_SESSION['last_ip'] = $_SERVER['REMOTE_ADDR'];
}

if ($_SESSION['last_ip'] !== $_SERVER['REMOTE_ADDR']){

session_unset();
session_destroy();

}

正在杀死会话?

另一个编辑:我刚刚注意到,在我检查了上面的编码之后,登录现在适用于 firefox,但不适用于 chrome,在登录后移动到不同的页面后,会话变量没有在 chrome 中设置。我想可能是主机问题?我正在使用 php 版本 5.2 我已经升级到 5.3 但仍然有问题...

php.in 中的会话设置

ssion
Session Support     enabled
Registered save handlers    files user sqlite
Registered serializer handlers  php php_binary wddx

Directive   Local Value Master Value
session.auto_start  Off Off
session.bug_compat_42   Off Off
session.bug_compat_warn On  On
session.cache_expire    180 180
session.cache_limiter   nocache nocache
session.cookie_domain   no value    no value
session.cookie_httponly On  Off
session.cookie_lifetime 0   0
session.cookie_path /   /
session.cookie_secure   Off Off
session.entropy_file    no value    no value
session.entropy_length  0   0
session.gc_divisor  100 100
session.gc_maxlifetime  1440    1440
session.gc_probability  1   1
session.hash_bits_per_character 5   5
session.hash_function   0   0
session.name    PHPSESSID   PHPSESSID
session.referer_check   no value    no value
session.save_handler    files   files
session.save_path   no value    no value
session.serialize_handler   php php
session.use_cookies On  On
session.use_only_cookies    Off Off
session.use_trans_sid   0   0
4

2 回答 2

0

在初始化会话之前,您的脚本不应打印任何内容,甚至不能打印一个空格或换行符。

      <?php  // whitespaces at the beginning
  include 'functions/functions.php';
$db = mysqlconnect();?> // linebreak + spaces between the closing tag and the following opening tag
  <?php
error_reporting(0); 
session_start();


还要检查你的functions.php文件。Per php.net:“如果文件是纯 PHP 代码,最好在文件末尾省略 PHP 结束标记。这样可以防止在 PHP 结束标记后意外添加空格或新行,这可能会导致不必要的影响因为当程序员无意在脚本中的那个点发送任何输出时,PHP 将开始输出缓冲。”

于 2013-07-26T18:58:27.203 回答
-1

在 ini_set 函数的开头,您需要将 $_SESSION 声明为 GLOBAL 变量。

例如:

function ini_set() {
    GLOBAL $_SESSION ;
...
于 2013-07-26T17:26:26.563 回答