0
下面的代码应该检查是否有效的会话存在或有效的cookie,如果这样include_once file A.php如果不是include_once login.php。PHP是用户会话/ cookie的有效的重定向错误
到目前为止,login.php和logout.php正在正确执行(会话/ cookie)被创建和销毁,但以下代码仍未显示正确的内容。
因为这些代码代表我看到了login.php不管有效的会话或饼干。
任何帮助将是伟大的。谢谢。
<?php
include_once '../accounts/dbc.php';
if (isset($_SESSION['user_id']) && isset($_SESSION['user_name']))
{
include_once 'A.php';
}
else if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])){
/* we double check cookie expiry time against stored in database */
$cookie_user_id = filter($_COOKIE['user_id']);
$rs_ctime = mysql_query("select `ckey`,`ctime` from `users` where `id` ='$cookie_user_id'") or die(mysql_error());
list($ckey,$ctime) = mysql_fetch_row($rs_ctime);
// coookie expiry
if((time() - $ctime) > 60*60*24*COOKIE_TIME_OUT) {
include_once '../login.php';
}
/* Security check with untrusted cookies - dont trust value stored in cookie.
/* We also do authentication check of the `ckey` stored in cookie matches that stored in database during login*/
if(!empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey) ) {
session_regenerate_id(); //against session fixation attacks.
$_SESSION['user_id'] = $_COOKIE['user_id'];
$_SESSION['user_name'] = $_COOKIE['user_name'];
/* query user level from database instead of storing in cookies */
list($user_level) = mysql_fetch_row(mysql_query("select user_level from users where id='$_SESSION[user_id]'"));
$_SESSION['user_level'] = $user_level;
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
include_once 'A.php';
}
else {
include_once '../login.php';
}
} else {
include_once '../login.php';
}
?>
什么是'COOKIE_TIME_OUT'和'$ ctime'?你能打印这两个吗? – Tushar 2013-04-03 22:17:06
@Tushar当你说打印你的意思是....(sr我有点在这里我的深度) – 2013-04-03 22:20:14
@Tushar如果你想我有一个stacksoverflow聊天打开。无需填写此区域。 http://chat.stackoverflow.com/rooms/info/27461/discussion-between-aventus-and-webmaster-alex-l – 2013-04-03 22:22:01