1. 首页
  2. 问答
  3. 会话/认证循环

会话/认证循环

2012-02-25 34 views
-1

我在这段代码中有一个循环(用户被返回到登录页面)。问题部分是这样的会话/认证循环

else if (!$session_id){ 
    //if user is not logged in, send to the login page 
    header("Location:" . $Config_live_site . "/user_events/login.php"); 
    exit; 
}

我有一种感觉,这是所有的嵌套if语句。如果删除了上面的“else if”,用户可以登录并且所有会话功能均正常工作。下面是代码:

//check if the user has clicked on a submit button in a login form in login.php 
if (isset($_POST['submit'])) { 
    $username = $_POST['username']; 
    $pass  = $_POST['password']; 
    if (!$username) { 
     echo "<script>alert('Please enter username'); document.location.href='index.php?option=login$string_2';</script>\n"; 
    } 
    if (!$pass) { 
     echo "<script>alert('Please enter a password'); document.location.href='index.php?option=login$string_2';</script>\n"; 
    } 
    else { 
     $pass = md5($pass); 
    } 
//set up user object and start a new session 
    $user = new user(); 
    $database->get_user(&$user, $username, '1'); 
     if (!strcmp($user->user_pass, $pass)) { 
      session_name('login'); 
      session_start(); 
      $logintime = time(); 
      $session_id = md5("$user->username$user->user_type$logintime"); 
      $database->set_session($user, $session_id, $logintime); 
      $_SESSION['session_id']   = $session_id; 
      $_SESSION['session_username'] = $user->username; 
      $_SESSION['session_usertype'] = $user->user_type; 
      $_SESSION['session_logintime'] = $logintime; 
      session_write_close(); 
     // cannot using mosredirect as this stuffs up the cookie in IIS 
       if ($suboption) { 
       echo "<script>document.location.href='index.php?$string';</script>\n"; 
       } else { 
       echo "<script>document.location.href='index.php?option=subscriber_home';</script>\n"; 
       } 
       exit(); 
     } else { 
     echo "<script>alert('Incorrect Username and Password, please try again'); document.location.href='index.php?option=subscribe$string_2';</script>\n"; 
     exit(); 
     } 
} 
else if (!$session_id){ 
    //if user is not logged in, send to the login page 
    header("Location:" . $Config_live_site . "/user_events/login.php"); 
    exit; 
} 



//session starts 
session_name('login'); 
session_start(); 
if ($option == 'logout') { 
    require 'logout.php'; 
    exit(); 
} 

$user = new user(); 
$user->username = $_SESSION['session_username']; 
$user->user_type = $_SESSION['session_usertype']; 
$session_id = $_SESSION['session_id']; 
$logintime = $_SESSION['session_logintime'];

来源

2012-02-25 Natalia

+0

谁知道我不得不点击勾号?现在我明白了。 – Natalia 2012-02-25 02:22:49

+1

你为什么要创建自己的会话ID? PHP在执行'session_start()'的时候已经为你做了这个,你可以通过'session_id()'来检索这个值。 – 2012-02-25 02:24:19

+0

问题在于,您甚至在设置会话之前尝试使用session_id! – 2012-02-25 02:28:07

回答

1

这段代码很凌乱,我不能完全帮助你不知道你的数据库对象是什么,它是如何运行的,但是做这样的事情。它会简化你的代码堆。

session_start(); 
try{ 
    if(!isset($_POST['submit'])) 
     throw new exception('No Post Data Found.'); 

    if(!isset($_POST['username'])) 
     throw new exception('Please enter a username.'); 

    if(!isset($_POST['password'])) 
     throw new exception('Please enter a password.'); 

    $username = $_POST['username']; 
    $password = $_POST['password']; 
    $password = md5($password); 

    //CHECK IF USER CREDENTIALS ARE CORRECT HERE 
    #$result = database results as object. 
    $valid_credentials = true; 

    if(!$valid_credentials) 
     throw new exception('Your credentials were incorrect.'); 

    $_SESSION['username'] = $username; 
    $_SESSION['user_type'] = $result->user_type; 
    $_SESSION['logintime'] = time(); 

    echo '<script>document.location.href="success.php";</script>' 
catch (Exception $E){ 
    echo "<script>alert('$E->getMessage()'); document.location.href='login.php'; </script>"; 
}

其中一些我不会推荐的做法,但我试图尽可能使用代码来适应它。你有需要将数据库对象添加到代码中。

我也宁愿用户标题('位置:');比JavaScript脚本,但我用你现有的工具。

Goodluck!

来源

2012-02-25 03:11:27 MichaelH

相关问题

 相关问题