1

我有一个非常基本的 php 站点,使用会话作为登录名/密码。我有一个页面 doLogin.php ,它只是从帖子值中检查用户名/密码组合,如果登录成功,则使用 JavaScript 重定向到另一个页面。

有时由于我无法确定的原因,登录将成功触发 JavaScript 重定向,但在重定向时会话值消失了。connect 函数使用 ADODB 数据库抽象进行连接。

function doLogin()
{

if (array_key_exists('doLogin', $_POST))
    {
        $conn = connect(false);
        $pass = ms($_POST['password']);
        $email = ms($_POST['email']);

        $query = "SELECT * from `users` WHERE `email` = '$email' AND `password` = '$pass';";
        $r = $conn->execute($query);

        if ($r === false)
        {
            error_log('Error ' . $conn->errorNo() . " " . $conn->errorMsg());
            print "Unable to authenticate.";
        }

        if ($r->RecordCount())
        {
                $row = $r->FetchRow();
                $approval = $row['approval'];
                $user_id = $row['user_id'];
                if($approval == 1)
                {
                    $_SESSION['login'] = true;
                    $_SESSION['security'] = $row['security'];
                    $_SESSION['f_name'] = $row['f_name'];
                    $_SESSION['l_name'] = $row['l_name'];
                    $_SESSION['email'] = $row['email'];
                    $_SESSION['approval'] = $row['approval'];
                    $_SESSION['user_id'] = $row['user_id'];
                    session_write_close();
                    echo '<script type="text/javascript">setTimeout(function(){window.location="MYSITE/members"},1000)</script>';                                    
                }
                else
                {
                    $error = "";
                }
        }
        else
        {
            $error = '<div class="warning" style="width: 920px; margin: 0 auto; padding: 25px 50px;">Invalid Username / Password combination.</div>
                        <script type=\"text/javascript\">window.location=\"MY SITE\"</script>';
        }
    }
return "$error";
}//end doLogin

我敢肯定,我犯了一个明显的错误(除了我将密码存储为纯文本这一事实之外)。谁能帮我吗?

编辑:不存储会话的页面代码

<?php

  session_start();
  header("Cache-control: private"); //IE 6 Fix
  require_once '../php-inc/elements.php';
  require_once '../php-inc/database.php';
  $conn = connect(false);

//LOGOUT
    if (array_key_exists('logout', $_GET) && ($_GET['logout'] == 1) && !array_key_exists('doLogin', $_POST))
    {
        session_destroy();
        $_SESSION=array();
        $logout = '<br><br><div class="success" style="width: 920px; margin: 0 auto; text-align: center; padding:25px 50px;"><strong>You have successfully logged out.</strong></div><br><br>';
        echo '<script type="text/javascript">setTimeout(function(){window.location="MYSITE.org"},3000)</script>';
    }


?>

<?php 

if(!empty($_SESSION['user_id']))
{ 
    //SHOW STUFF
}

else
{
    $error = denyPermission();

    echo $error;    
}
?>
4

1 回答 1

0

您必须调用session_start()正在存储和从会话中检索值的页面。

PHP session_start() 文档

于 2020-01-10T15:27:02.557 回答