1. 首页
  2. 问答
  3. 如何在PHP中成功登录后重定向?

如何在PHP中成功登录后重定向?

2014-07-11 53 views
0

我试图使工作的代码,但由于某些原因,我不能:如何在PHP中成功登录后重定向?

<?php 
include 'AS.php'; 

//csrf protection 
if(empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') 
    die("Sorry bro!"); 

$url = parse_url(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''); 
if(!isset($url['host']) || ($url['host'] != $_SERVER['SERVER_NAME'])) 
    die("Sorry bro!"); 

$action = $_POST['action']; 

switch ($action) { 
    case 'checkLogin': 
     $logged = $login->userLogin($_POST['username'], $_POST['password']); 
     if($logged === true) 
header("refresh: 5; url=index.php"); 
echo 'You\'ll be redirected in about 5 secs. '; 
echo 'If not, click <a href="index.php">here</a>.'; 
     break;

出于某种原因,标题(“刷新:5; URL =的index.php”);不起作用,因为对页面没有任何影响。

如果我尝试只是头重定向,它做的工作,但页面不加载corectly,加载一些CSS问题,所以我决定使用刷新。

这个想法是,当用户被锁定时,它只是刷新页面,所以他会在我的脚本的后端区域。

好了,我想这是我的错不很好地解释了情况:

我有这样的剧本,原来的代码是这样的:

<?php 
include 'AS.php'; 

//csrf protection 
if(empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') 
    die("Sorry bro!"); 

$url = parse_url(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''); 
if(!isset($url['host']) || ($url['host'] != $_SERVER['SERVER_NAME'])) 
    die("Sorry bro!"); 

$action = $_POST['action']; 

switch ($action) { 
    case 'checkLogin': 
     $logged = $login->userLogin($_POST['username'], $_POST['password']); 
     if($logged === true) 
      echo "true"; 
     break; 

    case "registerUser": 
     $register->register($_POST['user']); 
     break; 

    case "addUser": 
     $registeruser->registeruser($_POST['user']); 
     break; 

    case "resetPassword": 
     $register->resetPassword($_POST['newPass'], $_POST['key']); 
     break; 

    case "forgotPassword": 
     $register->forgotPassword($_POST['email']); 
     break; 

    case "logout": 
     ASSession::destroySession(); 
     break; 

    case "postComment": 
     $ASComment = new ASComment(); 
     echo $ASComment->insertComment(ASSession::get("user_id"), $_POST['comment']); 
     break; 

    case "updatePassword": 
     $user = new ASUser(ASSession::get("user_id")); 
     $user->updatePassword($_POST['oldpass'], $_POST['newpass']); 
     break; 

    case "updateDetails": 
     $user = new ASUser(ASSession::get("user_id")); 
     $user->updateDetails($_POST['details']); 
     break; 

    case "updateEmail": 
     $user = new ASUser(ASSession::get("user_id")); 
     $user->updateEmail($_POST['email']); 
     break; 

    case "updateUser": 
     $loggedUser = new ASUser(ASSession::get("user_id")); 
     if(!$loggedUser->isAdmin()) exit(); 
     //$idusuario = ASSession::get("iduser"); 
     $username = $_POST['userdata']['username']; 
     $result = $db->select("SELECT * FROM `as_users` WHERE `username` = :u", array('u' => $username)); 
     $user = new ASUser($result[0]['user_id']); 
     $user->updateUser($_POST['userdata']); 
     break; 

    case "updatePass": 
     $loggedUser = new ASUser(ASSession::get("user_id")); 
     if(!$loggedUser->isAdmin()) exit(); 
     $idusuario = ASSession::get("iduser"); 
     $result = $db->select("SELECT * FROM `as_users` WHERE `user_id` = :u", array('u' => $idusuario)); 
     $user = new ASUser($result[0]['user_id']); 
     $user->updatePass($_POST['newpass']); 
     break; 

    case "changeRole": 
     $loggedUser = new ASUser(ASSession::get("user_id")); 
     if(!$loggedUser->isAdmin()) exit(); 

     $user = new ASUser($_POST['userId']); 
     echo ucfirst($user->changeRole()); 
     break; 

    case "deleteUser": 
     $loggedUser = new ASUser(ASSession::get("user_id")); 
     if(!$loggedUser->isAdmin()) exit(); 

     $user = new ASUser($_POST['userId']); 
     $user->deleteUser(); 
     break; 

    case "getUserDetails": 
     $user = new ASUser($_POST['userId']); 
     $loggedUser = new ASUser(ASSession::get("user_id")); 
     if(!$loggedUser->isAdmin()) exit(); 

     $info = $user->getInfo(); 

     //prepare and output result 
     $result    = $user->getDetails(); 
     $result['email'] = $info['email']; 
     $result['username'] = $info['username']; 
     echo json_encode($result); 
     break; 

    case "addRole": 
     $loggedUser = new ASUser(ASSession::get("user_id")); 
     if(!$loggedUser->isAdmin()) exit(); 

     $res = $db->select("SELECT * FROM `as_user_roles` WHERE `role` = :r", array('r' => $_POST['role'])); 
     if(count($res) == 0) { 
      $db->insert("as_user_roles", array("role" => strtolower(strip_tags($_POST['role'])))); 
      $result = array(
       "status" => "success", 
       "roleName" => strip_tags($_POST['role']), 
       "roleId" => $db->lastInsertId() 
      ); 
     } 
     else { 
      $result = array(
       "status" => "error", 
       "message" => "Role already exists." 
      ); 
     } 
     echo json_encode($result); 
     break; 

    case "deleteRole": 
     $loggedUser = new ASUser(ASSession::get("user_id")); 
     if(!$loggedUser->isAdmin()) exit(); 

     //default user roles can't be deleted 
     if(in_array($_POST['roleId'], array(1,2,3))) 
      exit(); 

     $db->delete("as_user_roles", "role_id = :id", array(
      "id" => $_POST['roleId'] 
     )); 
     $db->update("as_users", array('user_role' => "1"), "user_role = :r", array("r" => $_POST['roleId'])); 
     break; 


    default: 

     break; 
}

的问题是,剧本是为了造使用ajax,它应该用ajax重新加载页面,但不是,我在子域上运行这个脚本,我也在主域中安装了wordpress,并且Ajax运行良好,但我不是当然,为什么不在这个脚本上工作,所以我决定可能重新加载登录表单后提交的问题将被解决。

事情是,当我提交表单时,它只显示:“true”消息,但它不会重新加载页面,如果我手动重新加载页面,所以它可以工作,而且im已经嵌入。是整个问题。

我仍然是整个编码的东西noobot,但我努力工作,如果有任何其他代码你需要,为了使这更清楚,我会尽力去做。

来源

2014-07-11 GTCR

回答

0

感谢所有帮助,最后我发现这个代码,和它的工作很好,也登录验证工作propertly,这是代码改变工作:

`<?php 
include 'AS.php'; 

//csrf protection 
if(empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') 
    die("Sorry bro!"); 

$url = parse_url(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''); 
if(!isset($url['host']) || ($url['host'] != $_SERVER['SERVER_NAME'])) 
    die("Sorry bro!"); 

$action = $_POST['action']; 

switch ($action) { 
    case 'checkLogin': 
     $logged = $login->userLogin($_POST['username'], $_POST['password']); 
     if($logged === true) 
echo '<script>parent.window.location.reload(true);</script>'; 
     break;`

这奏效了:

echo '<script>parent.window.location.reload(true);</script>';

林想知道是否有可能添加一个延迟到这个重新加载,所以我可以在登录前提出一条消息,和ALS即时通讯想知道如果这种方式是安全的做到这一点。

最好的问候。

来源

2014-07-17 08:08:24 GTCR

0

您可以简单地使用Location头,即:

header('Location: /home.php');

代替:

header("refresh: 5; url=index.php");

来源

2014-07-11 18:55:01

+0

是的,我尝试过,但重定向时,一切都搞砸了,页面不加载正确 – GTCR

+0

这听起来像一个问题,你连接到你的CSS/etc文件或你的'home.php'的方式(例如)正在被加载。如果您发布该文件的内容,它可能有助于解决您的问题。 –

0

你肯定$登录回馈真的吗?

if($logged === true) 
header("refresh: 5; url=index.php"); 
echo 'You\'ll be redirected in about 5 secs. '; 
echo 'If not, click <a href="index.php">here</a>.';

如果没有,它仍然会写出回显文本,但标题将不会运行。

确保使用此代码(使用括号{})

if($logged === true) 
{ 
    header("refresh: 5; url=index.php"); 
    echo 'You\'ll be redirected in about 5 secs. '; 
    echo 'If not, click <a href="index.php">here</a>.'; 
} 
else 
{ 
    echo 'Wrong username or password!'; 
}

来源

2014-07-11 18:55:57 Axel

+0

我想去尝试一下,让我检查一下,谢谢你的帮助:) – GTCR

+0

我更新了我的问题的描述,而你的代码没有工作,但是你能否再次检查描述,我更好地解释了发生了什么。谢谢:) – GTCR

+0

你还在使用ajax登录吗?或者你更新了表单以直接发送表单数据到文件? (

...
) – Axel

相关问题

 相关问题