1. 首页
  2. 问答
  3. 与登录脚本中的会话相关的问题

与登录脚本中的会话相关的问题

2012-10-24 64 views
0

从本网站获得帮助后,我现在已经获得了我的日志脚本,但很有用,但是当我尝试检查受限制页面上的会话时,出现以下问题。与登录脚本中的会话相关的问题

日志脚本本身

<?php 

function validateUser() 
{ 

    session_regenerate_id(); //this is a security measure 
    $_SESSION['valid'] = 1; 
    $_SESSION['userid'] = $userid; 
} 


?> 

<?php 

ob_start(); // Start output buffering 

error_reporting(E_ALL & ~E_NOTICE); 
ini_set('display_errors', TRUE); 
ini_set('display_startup_errors', TRUE); 

session_start(); //must call session_start before using any $_SESSION variables 
$username = $_POST['username']; 
$password = $_POST['password']; 
//connect to the database here 

$hostname_PropSuite = "localhost"; 
$database_PropSuite = "propsuite"; 
$username_PropSuite = "root"; 
$password_PropSuite = "root"; 
$PropSuite = mysql_pconnect($hostname_PropSuite, $username_PropSuite, $password_PropSuite) or trigger_error(mysql_error(),E_USER_ERROR); 
mysql_select_db($database_PropSuite, $PropSuite); 

$username = mysql_real_escape_string($username); 

$query = "SELECT password, salt FROM admin_users WHERE username = '$username';"; 

$result = mysql_query($query) or die(mysql_error()); 

if(mysql_num_rows($result) < 1) //no such user exists 
{ 
    header('Location: http://localhost/PropSuite/index.php?login=fail'); 

    die(); 
} 
$userData = mysql_fetch_array($result, MYSQL_ASSOC); 
$hash = hash('sha256', $userData['salt'] . hash('sha256', $password)); 
if($hash != $userData['password']) //incorrect password 
{ 
    header('Location: http://localhost/PropSuite/index.php?login=fail'); 

    die(); 
} 
else 
{ 
    validateUser(); //sets the session data for this user 
} 
//redirect to another page or display "login success" message 
header('Location: http://localhost/PropSuite/main'); 
die() 




//redirect to another page or display "login success" message 


?>

我想限制的页面。

<?php 

error_reporting(E_ALL & ~E_NOTICE); 
ini_set('display_errors', TRUE); 
ini_set('display_startup_errors', TRUE); 



function isLoggedIn() 
{ 
    if(isset($_SESSION['valid']) && $_SESSION['valid']) 
     return true; 
    return false; 
} 

//if the user has not logged in 
if(!isLoggedIn()) 
{ 
    header('Location: http://localhost/PropSuite/index.php'); 
    die(); 
} 
//page content follows 
?>

当我按下登录会发生什么事是,它带我回到登录页面看起来是这样的经历在日志中的脚本,然后当它击中那个扔我返回到登录主页在页面中。我confused.com :-(

预先感谢您的帮助

来源

2012-10-24 AppleTattooGuy

回答

1

在页面你试图限制我看不出有任何的session_start

<?php 
    session_start(); 
    error_reporting(E_ALL & ~E_NOTICE); 
    ini_set('display_errors', TRUE); 
    ini_set('display_startup_errors', TRUE); 
    ..... 
?>

顺便说在你的其他脚本,你应该写这个

<?php 
    ..... 
    $username = isset($_POST['username'])?$_POST['username']:''; 
    $password = isset($_POST['password'])?$_POST['password']:''; 
    ... 
    ?>

来源

2012-10-24 13:44:36 donald123

相关问题

 相关问题