-1

我创建了一个主页,如果用户没有登录,用户必须登录。

这是我的index.php

<?php
error_reporting(-1);
session_start();
echo $_SESSION['PHPSESSID'];
echo $_COOKIE['PHPSESSID'];
require_once('config.php');
require_once('core/login.php');

$config = new Notesconfig();
$baseURL = $config -> baseURL;
$login = new Login();
$connect = $login -> connectDB($config -> host, $config -> user, $config -> password, $config -> db);

if(isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password'])) {
    $login -> processLogin($connect, $_POST['username'], md5($_POST['password']), $baseURL);
}
if(isset($_GET['logout'])) {
    $login -> processLogout($connect, $baseURL);
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html lang='en' xml:lang='en' xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="stylesheet" href="<?php echo $baseURL; ?>/css/main.css">
</head>
<body class="mainBody">
    <div id="container">
        <div id="header">
        </div>
        <div id="content">
        <?php
        if(!isset($_SESSION['PHPSESSID']) || empty($_SESSION['PHPSESSID']) || !isset($_COOKIE['PHPSESSID']) || empty($_COOKIE['PHPSESSID']) || ($_SESSION['PHPSESSID']) != ($_COOKIE['PHPSESSID'])) {
        ?>
            <div id="main-content" style="width: 960px;">
            <?php
                $login -> viewLoginForm();
            ?>
            </div>
        <?php
            }
            else {
        ?>
            <div id="main-content" style="width: 710px;">
            </div>
            <div id="right-column" style="width: 250px;">
                <a href="./?logout=true" class="logout" target="_self" >Logout</a>
            </div>
        <?php
            }
        ?>
        </div>
        <div id="footer">
        </div>
    </div>
</body>
</html>

这是我的core/login.php

<?php

class Login {

    //Connect Database
    public function connectDB($host, $user, $password, $db) {
        $connect = mysqli_connect($host, $user, $password, $db);        //mysqli_connect(host,username,password,dbname,port,socket);
        if($connect) {
            echo "Database Connection Established.";
            return $connect;
        }
        else {
            echo "Database Connection Failed.";
        }       
    }

    //Login User
    public function processLogin($connection, $username, $password, $baseURL) {
        $username = mysqli_real_escape_string($connection, stripslashes($username));
        $password = mysqli_real_escape_string($connection, stripslashes($password));
        $db = "SELECT `username`, `password`, `phpsessid` FROM `login` WHERE `username` = '$username' AND `password` = '$password' LIMIT 1";

        $db_query = mysqli_query($connection, $db);
        if(mysqli_num_rows($db_query)) {
            echo "Query Success.";
            $row = mysqli_fetch_array($db_query);
            $_SESSION['PHPSESSID'] = $row['phpsessid'];
            setcookie("PHPSESSID", $row['phpsessid'], 0);
        }
        else {
            echo "Query Failed. Reason:".$connection->error;
            return false;
        }
        mysqli_close($connection);
        header('Location: '.$baseURL);
        die;
    }

    //Logout User
    public function processLogout($connection, $phpsessid, $baseURL) {
        unset($_SESSION['PHPSESSID']);
        //unset($_COOKIE['PHPSESSID']);
        setcookie("PHPSESSID", $phpsessid, time()-360000);
        mysqli_close($connection);
        header('Location: '.$baseURL);
    }

    //Display Login Form
    public function viewLoginForm() {   

        echo '<form action=" " id="loginForm" method="POST" >';
        echo '<table class="loginForm">';
        echo '<tr>';
        echo '<td>Matric No.</td><td><input type=\"text\" name="username" /></td>';
        echo '</tr>';
        echo '<tr>';
        echo '<td>Password</td><td><input type="password" name="password" /></td>';
        echo '</tr>';
        echo '<tr>';
        echo '<td>&nbsp;</td><td><input type="submit" name="login" value="Login" /></td>';
        echo '</tr>';
        echo '</table>';
        echo '</form>';

    }

}

?>

config.php只是包含一些我想使用的数据:

<?php

class Notesconfig {

    public $baseURL = 'http://localhost/notes';
    public $siteName = 'Notes';
    public $host = 'localhost';
    public $user = 'root';
    public $password = '';
    public $db = 'notes';

}

?>

但是,我需要登录两次然后成功设置sessionand cookies,而我不需要注销两次。

当我第一次单击登录时,我得到了Query Success,但没有登录。

然后我再次点击登录,这次我将成功登录。

登录后,我单击注销,然后返回登录页面。我再次需要登录两次才能成功登录。

我该如何解决这个错误?

编辑

全部更改PHPSESSID并解决问题。

4

1 回答 1

4

设置后,您将在同一请求中获得价值,$_COOKIE这是不可能的。该值可以从下一个请求中访问,因此登录后您必须重定向用户(并且在POST请求后重定向很好)。

于 2013-10-17T15:25:04.853 回答