2

我在这里的第一篇文章。提前感谢您的任何答案:)

无论如何,我有一个登录脚本(login.php),在提交凭据时具有以下代码:

if(isset($_POST['submit'])) {

$password=$_POST['password'];
$email = (string)$_POST['email'];

try {
$db = new PDO('mysql:dbname=dbname;host=localhost', 'username', 'password'); // MY REAL DETAILS ARE USED HERE, JUST DON'T NEED THEM ON THE INTERNET
} catch (PDOException $e) {
    echo 'Connection failed: ' . $e->getMessage();
}
$sth = $db->prepare('SELECT * FROM members WHERE email = :email LIMIT 1');
$sth->bindParam(':email', $email);
$sth->execute();
$user = $sth->fetch(PDO::FETCH_OBJ);

// Hashing the password with its hash as the salt returns the same hash
if (crypt($password, $user->password) == $user->password) {
    if($user->id > 0) {
        if($user->status == 'Y' && date('Ymd', time($_SESSION['expiration'])) == date('Ymd')) {
            $data = array('status' => 'D');
            $update = mysql_update('members', $data, '`id`='.$_SESSION['memberID']);
        } 

        $status = mysql_select('SELECT status FROM members WHERE id='.$user->id);
        $_SESSION['memberID'] = $user->id;
        $_SESSION['expiration'] = $user->expiration_date;
        $_SESSION['timeout'] = time();

        if(isset($_REQUEST['url'])) header('Location: '.$_REQUEST['url']);
        else header('Location: account.php');
    } else {
        $error = "Whoops! That wasn't supposed to happen, please contact the webmaster.";
    }
} else {
    $error = "Sorry, something didn't quite match up. Please try again.";
    // print $user->password;
    // print "<br />";
    // print crypt($password, $user->password);
}
}

问题是,当$_REQUEST['url']设置时,重定向发生但被发送回我的登录脚本。

示例:我的网址是mysite.com/login.php?url=account.php,我在登录时单击提交。它通过上面的代码运行,并直接将我发送回就login.php好像没有设置会话一样。告诉account.php返回登录的代码是这样的:

if(!isset($_SESSION['memberID'])) header('Location: login.php?url=account.php');

我不明白为什么,但是当我进行硬刷新时CTRL + F5,会话已设置,它带我回到index.php因为login.php

if(isset($_SESSION['memberID'])) header('Location: index.php');

我正在拔头发,因为这让我很困扰。任何帮助表示赞赏。

如果你们好奇,我正在使用 PHP 5.3.26 版。我知道我的会话何时设置,因为我有一个页面(php.php)可以打印出我的会话var_dump($_SESSION);

谢谢!

编辑:我的问题不是重定向。从逻辑上讲,这是应该发生的,按顺序:

  1. 用户输入登录数据并点击提交
  2. 然后登录页面检查他们的数据
  3. 设置会话变量
  4. 转到account.php

Account.php 应该查看我的会话是否已设置if(!isset($_SESSION['memberID'])) header('Location: login.php?url=account.php'); ,因此这一行是未读取我的会话的部分。

回到 login.php 会话设置为:

$_SESSION['memberID'] = $user->id;
$_SESSION['expiration'] = $user->expiration_date;
$_SESSION['timeout'] = time();

if(isset($_REQUEST['url'])) header('Location: '.$_REQUEST['url']);
else header('Location: account.php');

这部分必须工作,因为正在设置会话并转到 account.php,但是 account.php 在设置时没有读取会话。为什么?

这也不是缓存问题,因为我已经清除了缓存并试图限制我的页面的缓存。

4

2 回答 2

0

你的事件顺序有点不对...

<?php
// you need session_start() at the top of each script in which you want to use sessions
session_start();

// check if the url parameter is passed *outside* of the isset($_POST['submit']) block
if(isset($_GET['url'])) {
    $url = strip_tags($_GET['url']);
    header('Location: '.$url);
} else {
    header('Location: account.php');
}

if(isset($_POST['submit'])) {
    // the rest of your stuff here...

这应该给你一个事件链的概述......

login_form.php 

if($_SERVER['REQUEST_TYPE'] == 'POST') {

    $password = strip_tags(trim($_POST['password']));
    $email = (string) strip_tags(trim($_POST['email']));

    // perform database validation here...

    // check if validation successful
    if($validated == true) {

        // set your sessions and other stuff here...

        // redirect to the account page
        header('location: account.php');
    } else {
        $error = 'Your email and password do not match';
        // page will display the form again and echo the error message
    }
}
?>

<?php
    if(isset($error)) {
        echo $error;
    }
?>
<form action="login_form.php" method="post">
    <input type="text" name="email">
    <input type="password" name="password">
    <input type="submit" name="submit">
</form>

帐户.php

<?php
session_start();

// put this at the top of EVERY page in which a user needs to be logged in

// see if user is logged in, if not, redirect to login form
if(!isset($_SESSION['memberID'])) {
    header('location: login_form.php');
}

编辑:在 hr 下添加了新的代码块

于 2013-09-06T16:35:35.520 回答
0

首先确保你在你的应用程序的入口点上有这个:

if (!session_id()) session_start();

此外,在您进行重定向时,请执行以下操作(也总是根 URL 很好):

header('Location: account.php');
die();
于 2013-09-04T23:15:41.667 回答