1

我有一个用于用户登录的登录脚本。用户信息存储在 MYSQL 数据库中。当我第一次登录时,它将信息存储在会话中并显示欢迎消息。但是当我注销并再次尝试登录时,会话数组显示为空,尽管它已登录。

这是我的代码:

预订.php

<?php
session_start(); 
require_once("./includes/config_db.php");
$error1=array();
if(isset($_POST['submit'])){

    if (preg_match ('%^[A-Za-z0-9]{4,8}$%', stripslashes(trim($_POST['user_id'])))) {
        $e = escape_data($_POST['user_id']);
    } else {
        $e = FALSE;
        $error1['user_id']="UserID Required!";
    }

    if (preg_match ('%^[A-Za-z0-9]{8,}$%', stripslashes(trim($_POST['password'])))) {
        $p = escape_data($_POST['password']);
    } else {
        $p = FALSE;
        $error1['password']="Password Required!";
    }


    if($e && $p){
        $query="SELECT * FROM users WHERE(user_id='$e' AND password=SHA('$p')) AND active='NULL'";
        $results=mysql_query($query);
        if(mysql_affected_rows() == 1){
            $row=mysql_fetch_array($results, MYSQL_NUM);
            mysql_free_result($results);
            $_SESSION['name']=$row[0];
            $_SESSION['department']=$row[1];
            $_SESSION['email']=$row[2];
            $_SESSION['user_id']=$row[4];
            $_SESSION['phone']=$row[5];
            $_SESSION['pre']=$row[8];

            //create second token
            $tokenid=rand(10000,9999999);
            $query2="UPDATE r_users SET token='$tokenid' WHERE user_id='$_SESSION[user_id]'";
            $result2=mysql_query($query2);
            $_SESSION['tokenid']=$tokenid;
            session_regenerate_id();
            mysql_close();
            header("Location:local.php");
            exit();

        }else
        {
            $error1['active']="Either your Account is inactive or Email/Password is incorrect";
             mysql_close();
        }
    }
 }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Reservation System</title>
<!--Link to external files-->
<link rel="stylesheet" type="text/css" href="css/reservation.css"></link>

</head>

<body class="body">
    <div id="mainHeader">
        <?php include('includes/ers_header.php'); ?>
    </div>
    <div id="content">  
    </div>
    <div id="navigation">
    <?php include('includes/ers_nav.php');?>
    <h3>Member Login</h3>
<form id="login" action="reservation.php" method="post">
<?php if(!empty($error1['active'])) echo '<p><font color="red">'.$error1['active'].'</font></p>'; ?>
<label for="userid">User ID:</label>
<input type="text" name="user_id" <?php  if (!empty($error1['user_id'])){ echo 'value="'.htmlentities($_POST['user_id']).'"';} ?>  autofocus />
<?php  if (!empty($error1['user_id'])){ echo '<p><font color="red">'.$error1['user_id'].'</font></p>';} ?>
<label for="password">Password:</label>
<input type="password" name="password" />
<?php  if (!empty($error1['password'])){ echo '<p><font color="red">'.$error1['password'].'</font></p>';} ?>
<button class="submit" name="submit" type="submit">Login</button>
</form
    </div>
</body>
</html>

ers_header.php:

<h1>XXXXXXXXXX</h1>
<h2>YYYYYYYYYYY</h2>
<h2>ZZZZZZZZZZZZ</h2>
<?php
    require_once("./includes/config_db.php");
    if(isset($_SESSION['name'])){
        $sql="SELECT token FROM users WHERE(user_id='$_SESSION[user_id]')";
        $result=mysql_query($sql);

        if (mysql_affected_rows() == 1) { // A match was made.
            $row = mysql_fetch_array ($result, MYSQL_NUM);
            mysql_free_result($result);
            mysql_close(); // Close the database connection.

            if($_SESSION['tokenid'] == $row[0]){
                echo '<p>Welcome';
                echo "&nbsp;{$_SESSION['name']}";
                $loggedin=1;
            }else{
                $loggedin=0;
            }
        }
    }

      if(isset($_SESSION['user_id']) AND (substr($_SERVER['PHP_SELF'] AND $loggedin,-10)!='logout.php')){
      echo'&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="logout.php">Logout</a>';
      echo'</p>';
      }
?>

注销.php

<?php
   session_start();
   require_once("./includes/config_db.php");

   if ( !isset( $_SESSION['name'] ) ) {
       header("Location: reservation.php");
       exit(); 
   } else { 
       $_SESSION = array(); // Destroy the variables.
       session_destroy(); // Destroy the session itself.
       setcookie( session_name(), ", time()-300, '/', ", 0 ); // Destroy the cookie.
       header("Location:reservation.php");
   }

我不知道是什么问题。我已经尝试了很多,但找不到它。请任何人都可以找出我的错误。

4

1 回答 1

0

您真的应该只需要取消设置 $_SESSION 数组,而不是破坏会话和 cookie 数据,尝试删除这些行,而且:

mysql_affected_rows 应该是 mysql_num_rows

这行代码也不正确:

$query2="UPDATE r_users SET token='$tokenid' WHERE user_id='$_SESSION[user_id]'";

$_SESSION[user_id]应该是$_SESSION["user_id"]并且您应该将其包装在 {} 中。PHP 可能会对此给出警告。

这行代码很奇怪:

if(isset($_SESSION['user_id']) AND (substr($_SERVER['PHP_SELF'] AND $loggedin,-10)!='logout.php')

真的$loggedin,-10应该在substr中吗?

于 2013-09-18T07:32:02.410 回答