-1
我在这段代码中有一个循环(用户被返回到登录页面)。问题部分是这样的会话/认证循环
else if (!$session_id){
//if user is not logged in, send to the login page
header("Location:" . $Config_live_site . "/user_events/login.php");
exit;
}
我有一种感觉,这是所有的嵌套if语句。如果删除了上面的“else if”,用户可以登录并且所有会话功能均正常工作。下面是代码:
//check if the user has clicked on a submit button in a login form in login.php
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$pass = $_POST['password'];
if (!$username) {
echo "<script>alert('Please enter username'); document.location.href='index.php?option=login$string_2';</script>\n";
}
if (!$pass) {
echo "<script>alert('Please enter a password'); document.location.href='index.php?option=login$string_2';</script>\n";
}
else {
$pass = md5($pass);
}
//set up user object and start a new session
$user = new user();
$database->get_user(&$user, $username, '1');
if (!strcmp($user->user_pass, $pass)) {
session_name('login');
session_start();
$logintime = time();
$session_id = md5("$user->username$user->user_type$logintime");
$database->set_session($user, $session_id, $logintime);
$_SESSION['session_id'] = $session_id;
$_SESSION['session_username'] = $user->username;
$_SESSION['session_usertype'] = $user->user_type;
$_SESSION['session_logintime'] = $logintime;
session_write_close();
// cannot using mosredirect as this stuffs up the cookie in IIS
if ($suboption) {
echo "<script>document.location.href='index.php?$string';</script>\n";
} else {
echo "<script>document.location.href='index.php?option=subscriber_home';</script>\n";
}
exit();
} else {
echo "<script>alert('Incorrect Username and Password, please try again'); document.location.href='index.php?option=subscribe$string_2';</script>\n";
exit();
}
}
else if (!$session_id){
//if user is not logged in, send to the login page
header("Location:" . $Config_live_site . "/user_events/login.php");
exit;
}
//session starts
session_name('login');
session_start();
if ($option == 'logout') {
require 'logout.php';
exit();
}
$user = new user();
$user->username = $_SESSION['session_username'];
$user->user_type = $_SESSION['session_usertype'];
$session_id = $_SESSION['session_id'];
$logintime = $_SESSION['session_logintime'];
谁知道我不得不点击勾号?现在我明白了。 – Natalia 2012-02-25 02:22:49
你为什么要创建自己的会话ID? PHP在执行'session_start()'的时候已经为你做了这个,你可以通过'session_id()'来检索这个值。 – 2012-02-25 02:24:19
问题在于,您甚至在设置会话之前尝试使用session_id! – 2012-02-25 02:28:07