使用ajax的PHP登录脚本可以工作,但会话变量不存在
在我的网站上,我只使用ajax调用来保存和获取数据 我在登录时也使用ajax。我就是这么做的: 文件->ajaxLogin.js使用ajax的PHP登录脚本可以工作,但会话变量不存在,php,jquery,ajax,session,login,Php,Jquery,Ajax,Session,Login,在我的网站上,我只使用ajax调用来保存和获取数据 我在登录时也使用ajax。我就是这么做的: 文件->ajaxLogin.js if (check === true) { $.ajax({ type: 'POST', url: 'PHPCalls.php?CallID=Login', data: $("#formLogin").serialize(), success: function(data)
if (check === true) {
$.ajax({
type: 'POST',
url: 'PHPCalls.php?CallID=Login',
data: $("#formLogin").serialize(),
success: function(data) {
var result = $.trim(data);
if(result !== 'false') {
$("#spinner").hide();
window.location.replace(result);
}
else if(result === 'false') {
$("#spinner").hide();
alert('No match');
}
}
});
}
文件->phpcall.php
if(isset($_GET['CallID']))
{
//LOGIN
if ($_GET['CallID'] == 'Login') {
loginFromForm();
}
}
文件->functions.php->loginFromForm()
文件->functions.php->登录成员($riziv,$password)
FILE->adminpanel.php(我添加了这个代码段,每个页面上都有一个include)
打印结果(美元会话)
如果登录成功,我会得到“adminpanel.php”,这就是我的页面重定向到的地方。这一切都很好,但问题从adminpanel.php开始:
虽然我使用了session_start(),但我的session变量,如id、username、login_字符串。。。已经消失了
我已经读到asp.net的一个问题,在这个问题上你不能通过ajax传递会话变量。php也是这样吗?有办法解决吗?我已经看过你的代码了。一切都很完美。但问题是当您在“FILE->functions.php->loginMember($riziv,$password)”中分配会话时。它不会对每个页面都可用,因为您是通过ajax请求的 有两种方法可以解决此问题,一种是在成功登录后重新加载页面,另一种是从“FILE->functions.php->loginMember($riziv,$password)”返回值,然后在中重置会话 “文件->adminpanel.php”
我希望您能从我的回复中得到帮助。您应该发布“adminpanel.php”的代码。会话cookie通过ajax传递得很好,因此您的问题还存在于哪里?您可以向我们展示您的phpcall.php(我假设您正在phpcall.php和adminpanel.php中运行
Session\u start()
)@ManishJ用其他代码片段进行了更新。@nettux443我添加了restthx,我将尝试一下。因此,如果我只使用POST而不是ajax,那么问题也应该得到解决?是的。当然你也可以试试。你好,我用一个帖子提交了它。我首先尝试用ajax重新加载登录页面,而不是直接转到adminpanel,但是除了“oldURL”之外,会话变量仍然没有创建。你说在adminpanel.php中重置会话是什么意思?我有另一个与此相关的问题/评论。我还有一个“更改密码”表单,我使用ajax调用changePassword($oldpass,$newpass)函数。在该函数中,我必须用密码和浏览器替换hash512创建的旧$_会话['login_string']。在这里,我可以更改会话变量…这符合逻辑吗?您可以在会话中赋值。但您必须重新加载并要求用户再次登录。
function loginFromForm() {
if($_SERVER['REQUEST_METHOD'] == 'POST') {
if(isset($_POST['riziv']) && isset($_POST['password'])) {
$riziv = htmlentities($_POST['riziv']);
$password = htmlentities($_POST['password']);
if (loginMember($riziv, $password) == true) {
//Login success
if(isset($_SESSION['oldURL'])) {
echo $_SESSION['oldURL'];
} else {
echo 'adminpanel.php';
}
} else {
echo 'false';
}
} else {
// The correct POST variables were not sent to this page.
echo 'false';
}
}
}
function loginMember($riziv, $password) {
// Using prepared statements means that SQL injection is not possible.
$db = MysqliDb::giveNewDbConnection();
$data = array('ID', 'Firstname', 'Admin', 'Salt', 'Password');
$db->where('RIZIV', $riziv);
if ($result = $db->getOne('tblMember')) {
$memberID = $result['ID'];
$firstname = $result['Firstname'];
$admin = $result['Admin'] = 1 ? true : false;
$salt = $result['Salt'];
$db_password = $result['Password'];
// hash the password with the unique salt.
$password = hash('sha512', $password . $salt);
if ($db->count == 1) {
// If the user exists we check if the account is locked
// from too many login attempts
if (checkBrute($memberID) == true) {
// Account is locked
// Send an email to user saying their account is locked
return false;
} else {
// Check if the password in the database matches
// the password the user submitted.
if ($db_password == $password) {
// Password is correct!
// Get the user-agent string of the user.
$user_browser = $_SERVER['HTTP_USER_AGENT'];
// XSS protection as we might print this value
$memberID = preg_replace("/[^0-9]+/", "", $memberID);
$_SESSION['memberid'] = $memberID;
// XSS protection as we might print this value
$username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $firstname);
$_SESSION['username'] = $username;
$_SESSION['admin'] = $admin;
$_SESSION['riziv'] = $riziv;
$_SESSION['login_string'] = hash('sha512', $password . $user_browser);
// Login successful.
return true;
} else {
// Password is not correct
// We record this attempt in the database
$now = time();
$db = MysqliDb::giveNewDbConnection();
$data = array("MemberID" => $memberID, "Time" => $now);
$db->insert('tblLoginAttempts', $data);
return false;
}
}
} else {
// No user exists.
return false;
}
}
}
<?php
sec_session_start();
if(login_check() == false) {
header('location: index.php');
}
//redirects to a specific url
if (($_SERVER['REQUEST_URI'] != 'index.php') && ($_SERVER['REQUEST_URI'] != $_SESSION['oldURL'])) {
$_SESSION['oldURL'] = $_SERVER['REQUEST_URI'];
}
?>
//START THE HTML
function sec_session_start() {
$session_name = 'sec_session_id';
$secure = false;
$httponly = true;
if (ini_set('session.use_only_cookies', 1) == FALSE) {
header("Location: admin/error.php?err=Could not initiate a safe session (ini_set)");
exit();
}
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams['lifetime'],
$cookieParams['path'],
$cookieParams['domain'],
$secure,
$httponly);
session_name($session_name);
session_start();
session_regenerate_id(true);
}
Array
(
[oldURL] => /hijw/admin/adminpanel.php
)