1. 首页
  2. 问答
  3. 带有ajax的PHP登录脚本,但会话变量不存在

带有ajax的PHP登录脚本,但会话变量不存在

2014-09-03 26 views
0

在我的网站上,我只使用ajax-calls来保存和获取数据。带有ajax的PHP登录脚本,但会话变量不存在

我也使用ajax与我的登录。所以这是我做的:

文件 - > ajaxLogin.js

if (check === true) { 
    $.ajax({ 
     type: 'POST',   
     url: 'PHPCalls.php?CallID=Login', 
     data: $("#formLogin").serialize(), 
     success: function(data) {      
      var result = $.trim(data); 
      if(result !== 'false') { 
       $("#spinner").hide(); 
       window.location.replace(result); 
      } 
      else if(result === 'false') { 
       $("#spinner").hide(); 
       alert('No match'); 
      } 
     } 
    }); 
}

文件 - > PHPCalls.php

if(isset($_GET['CallID'])) 
{ 
    //LOGIN 
    if ($_GET['CallID'] == 'Login') { 
     loginFromForm(); 
    } 
}

文件 - >的functions.php - > loginFromForm()

function loginFromForm() { 
    if($_SERVER['REQUEST_METHOD'] == 'POST') { 
     if(isset($_POST['riziv']) && isset($_POST['password'])) { 
      $riziv = htmlentities($_POST['riziv']); 
      $password = htmlentities($_POST['password']); 

      if (loginMember($riziv, $password) == true) { 
       //Login success 
       if(isset($_SESSION['oldURL'])) { 
        echo $_SESSION['oldURL']; 
       } else { 
        echo 'adminpanel.php'; 
       } 
      } else { 
       echo 'false'; 
      } 
     } else { 
      // The correct POST variables were not sent to this page. 
      echo 'false'; 
     } 
    } 
}

FILE - > functions.php - > loginMember($ riziv,$ password)

function loginMember($riziv, $password) { 
    // Using prepared statements means that SQL injection is not possible. 
    $db = MysqliDb::giveNewDbConnection(); 
    $data = array('ID', 'Firstname', 'Admin', 'Salt', 'Password'); 
    $db->where('RIZIV', $riziv); 
    if ($result = $db->getOne('tblMember')) { 
     $memberID = $result['ID']; 
     $firstname = $result['Firstname']; 
     $admin = $result['Admin'] = 1 ? true : false; 
     $salt = $result['Salt']; 
     $db_password = $result['Password']; 

     // hash the password with the unique salt. 
     $password = hash('sha512', $password . $salt); 

     if ($db->count == 1) { 
      // If the user exists we check if the account is locked 
      // from too many login attempts 
      if (checkBrute($memberID) == true) { 
       // Account is locked 
       // Send an email to user saying their account is locked 
       return false; 
      } else { 
       // Check if the password in the database matches 
       // the password the user submitted. 
       if ($db_password == $password) { 
        // Password is correct! 
        // Get the user-agent string of the user. 
        $user_browser = $_SERVER['HTTP_USER_AGENT']; 
        // XSS protection as we might print this value 
        $memberID = preg_replace("/[^0-9]+/", "", $memberID); 
        $_SESSION['memberid'] = $memberID; 
        // XSS protection as we might print this value 
        $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $firstname); 
        $_SESSION['username'] = $username; 
        $_SESSION['admin'] = $admin; 
        $_SESSION['riziv'] = $riziv; 
        $_SESSION['login_string'] = hash('sha512', $password . $user_browser); 
        // Login successful. 
        return true; 
       } else { 
        // Password is not correct 
        // We record this attempt in the database 
        $now = time(); 
        $db = MysqliDb::giveNewDbConnection(); 
        $data = array("MemberID" => $memberID, "Time" => $now); 
        $db->insert('tblLoginAttempts', $data); 
        return false; 
       } 
      } 
     } else { 
      // No user exists. 
      return false; 
     } 
    } 
}

文件 - > adminpanel.php(我补充这个片段与包括每一页上)

<?php 
sec_session_start(); 

if(login_check() == false) { 
    header('location: index.php'); 
} 
//redirects to a specific url 
if (($_SERVER['REQUEST_URI'] != 'index.php') && ($_SERVER['REQUEST_URI'] != $_SESSION['oldURL'])) { 
    $_SESSION['oldURL'] = $_SERVER['REQUEST_URI']; 
} 
?> 
//START THE HTML

文件 - >的functions.php - > sec_session_start()

function sec_session_start() { 
    $session_name = 'sec_session_id'; 
    $secure = false; 
    $httponly = true; 
    if (ini_set('session.use_only_cookies', 1) == FALSE) { 
     header("Location: admin/error.php?err=Could not initiate a safe session (ini_set)"); 
     exit(); 
    } 
    $cookieParams = session_get_cookie_params(); 
    session_set_cookie_params($cookieParams['lifetime'], 
     $cookieParams['path'], 
     $cookieParams['domain'], 
     $secure, 
     $httponly); 
    session_name($session_name); 
    session_start(); 
    session_regenerate_id(true); 
}

结果的print_r($ _ SESSION);

Array 
(
    [oldURL] => /hijw/admin/adminpanel.php 
)

如果登录成功的我得到“adminpanel.php”的结果是在我的网页会被重定向到。这一切工作正常,但问题开始在adminpanel.php: 虽然我使用session_start()我的会话变量,如id,用户名,login_string,...已消失。

我已阅读有关asp.net的问题,您无法通过ajax传递会话变量。这是相同的PHP?有没有办法解决它?

来源

2014-09-03 bflydesign

+1

你应该发布'adminpanel.php'的代码。 – 2014-09-03 12:54:13

+0

会话cookie通过ajax很好,所以你的问题在别处 – Steve 2014-09-03 12:54:28

+0

你也可以告诉我们你的PHPCalls.php(我假设你在PHPCalls.php和adminpanel.php中运行'session_start()') – nettux443 2014-09-03 12:55:22

回答

1

我已阅读您的代码。一切都很完美。但问题是当你在“FILE - > functions.php - > loginMember($ riziv,$ password)”中分配会话时。它不会用于每个页面,因为您通过ajax请求。

还有就是要解决它要么成功登录后重新加载页面或“文件 - >的functions.php - > loginMember($ riziv,$密码)”返回值双向和

复位会话“ FILE - > adminpanel.php“

我希望你能从我的回复中得到帮助。

来源

2014-09-04 04:58:22

+0

thx,我会试试这个。所以如果我只是用POST而不是ajax,那么问题也应该解决呢? – bflydesign 2014-09-04 06:58:10

+0

是的。当然你也可以尝试一下。 – 2014-09-04 07:13:12

+0

你好,我使用POST提交工作。我首先尝试使用ajax重新加载登录页面,而不是直接转到adminpanel,但会话变量除'oldURL'外仍未创建。在adminpanel.php中重置会话意味着什么? – bflydesign 2014-09-04 07:32:05

相关问题

 相关问题