我知道那里有很多问题,但他们没有提供太多信息或使用其他方法进行身份验证。让我们开始:
我有一个登录页面和主页。我在 $_SESSION 中登录保存会话在每个页面中,我都会创建 session_start(),然后检查用户是否登录到 $_SESSION。
当我登录时,它会将我重定向到主页。当我尝试 login.php 时,它会正确检测到即时消息并重定向到 main.php。当我刷新 main.php 时,它会正确检测到我的会话。
然后,我想在数据库中进行更改,所以我使用 jquery 函数 $.post 将帖子数据发送到 action.php 并做一些工作人员。Action.php 回显“true”,因此 $.post 处理程序可以检测到更改是否正确并重定向。Action.php 回显“false”,因此 $.post 处理程序警告出现错误。
当我对数据库进行更改时,它会完成并回显真实,因此 main.php 刷新自身显示更改但不是刷新,而是返回到 LOGIN.PHP 丢失所有会话数据。
这里有一些代码:
开始会话
function sec_session_start() {
$session_name = 'sec_session_id'; // Set a custom session name
$secure = false; // Set to true if using https.
$httponly = true; // This stops javascript being able to access the session id.
ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies.
$cookieParams = session_get_cookie_params(); // Gets current cookies params.
//session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_set_cookie_params(7200, "/", $cookieParams["domain"], $secure, $httponly);
session_name($session_name); // Sets the session name to the one set above.
session_start(); // Start the php session
session_regenerate_id(true); // regenerated the session, delete the old one.
}
main.php 和 login.php 和 action.php 的顶部
include('../db_connect.php');
include('../functions.php');
sec_session_start(); // Our custom secure way of starting a php session.
if(!login_check($mysqli)){
header('Location: ../');
}
将数据发布到 action.php 的 Javascript 函数
function createTeam(){
var serializedData = $('#new_team_form').serialize();
$.post('action.php', serializedData , function (resp) {
if(resp == "false"){
$('#exists').html("El grupo que intentas crear ya existe o ha habido un error en la petición.");
}else{
window.location ="./";
}
});
return false; //Needs to return false cause its the submit button of form
}
action.php - 回显的是 $.post() 的返回
<?php
include '../db_connect.php';
include '../functions.php';
sec_session_start(); // Our custom secure way of starting a php session.
$team = $_POST['team'];
$_SESSION['user_id'] = $user_id;
if ($stmt = $mysqli->prepare("SELECT name FROM teams WHERE name = ? LIMIT 1")) {
$stmt->bind_param('s', $team); // Bind "$user_id" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
if($stmt->num_rows == 1) {
echo "false1".$team;
} else {
//Creamos el grupo en la base de datos y ponemos al usuario en dicho grupo
if ($stmt = $mysqli->prepare("INSERT INTO teams (id, name) VALUES (DEFAULT, '$team')")) {
$stmt->execute(); // Execute the prepared query.
if($stmt = $mysqli->prepare("UPDATE members SET team = '".$team."' WHERE members.id ='".$user_id."' LIMIT 1 ")) {
$stmt->execute(); // Execute the prepared query.
echo "true";
}else{
echo "false2";
}
}else{
echo "false3";
}
}
} else {
echo "false4";
}
?>