Php $\转到配置文件时更改会话
我制作了一个登录脚本,在用户登录时设置用户名和令牌会话。问题是,如果我在登录会话后立即进入配置文件页面,则会话不会继续,唯一防止这种情况的方法是在登录后刷新索引页面,然后设置会话。但是,只要我登录Krumo,就会显示会话变量 由于某些原因,它不会将会话注册为有效会话,并显示“未登录”消息。但是,如果在导航到配置文件页面之前刷新索引页面(我在其中登录),则会话有效并已启动 图片Php $\转到配置文件时更改会话,php,session,login,Php,Session,Login,我制作了一个登录脚本,在用户登录时设置用户名和令牌会话。问题是,如果我在登录会话后立即进入配置文件页面,则会话不会继续,唯一防止这种情况的方法是在登录后刷新索引页面,然后设置会话。但是,只要我登录Krumo,就会显示会话变量 由于某些原因,它不会将会话注册为有效会话,并显示“未登录”消息。但是,如果在导航到配置文件页面之前刷新索引页面(我在其中登录),则会话有效并已启动 图片 就在我从索引页面登录之后- 如果我导航为 我一登录 此外,如果我从个人资料页面注销,它会破坏会话并返回主
- 就在我从索引页面登录之后-
- 如果我导航为 我一登录
此外,如果我从个人资料页面注销,它会破坏会话并返回主页。然而,当我回到主页时,我发现我有以前的会话令牌 在我学习一个类时,有很多代码 概括
- 我从索引页登录
- 我在登录后导航到配置文件页面,没有设置会话
- 如果我在登录配置文件页面后刷新索引页面一次,则设置了会话
- 虽然我有一个有效的会话,但如果我尝试从配置文件页面注销,我会得到一个不匹配的令牌,索引页面会显示前一个会话令牌(这让我最困惑)
- 如果我从索引页面登录,我可以立即注销,只要我不转到个人资料页面并从那里注销,一切都会正常。
- 我已经添加了图片的链接
- 将fonts.html从会话\u开始向下移动,问题仍然存在
index.PHP文件中使用的PHP Index.php文件:
<?php
session_start();
include_once("".$_SERVER['DOCUMENT_ROOT']."/includes/Krumo/class.krumo.php");
include_once("".$_SERVER['DOCUMENT_ROOT']."/auth/class_loader.php");
$sessCheck = new userFunc;
if($sessCheck->validSess('bool')){
$sess = true;
}
else{ $sess = false;}
krumo($_SESSION);
include("style/fonts/fonts.html");
?>
<?php
$bar = new accountBar;
$bar->getBar($sess);
?>
<?php
session_start();
include_once("".$_SERVER['DOCUMENT_ROOT']."/auth/class_loader.php");
$login = new login();
if(!isset($_POST['username']) || !isset($_POST['password'])){
$_SESSION['msg'] = "Please fill out all the information";
header("location:/");
}
$login = $login->startLogin($_POST['username'],$_POST['password']);
header("location:/");
?>
<?php
session_start();
class login{
/**
* startLogin()
* PARAMETERS: username, password
* RETURN: start login process
* DESCRIPTION: Start login process and handle login functions
*/
function startLogin($u, $p){
$u = preg_replace('#[^a-z0-9_]#i', '', $u);
$u = strtolower($u);
$u = (trim($u));
$p = (trim($p));
if($u == "" || $p == ""){
unset($_SESSION['msg']);
$_SESSION['msg'] = "Please fill out all the information TEST";
//header("location:/");
return false;
}
$salt = $this->grabSalt($u);
//echo "salt is: ".$salt."<br>";
$p = md5($p.$salt);
//echo "password is: ".$p."<br>";
$ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
if($this->checkPswd($u, $p)){
// echo "Passwords Match!<br>";
$this->setSessions($u);
}
else{
unset($_SESSION['msg']);
$_SESSION['msg'] = "Username or password is not correct";
header("location:/");
}
}
/**
* grabSalt()
* PARAMETERS: username
* RETURN: salt for that user
* DESCRIPTION: Grab the users salt for use in password matching
*/
function grabSalt($u){
$conx = mysqli_connect("mysql.pipeten.co.uk", "********", "********", "******_GameAndShame");
$stmt = $conx->prepare("SELECT `UID` FROM users WHERE `username` = ? LIMIT 1");
$stmt->bind_param('s',$u);
if($stmt->execute()){
$stmt->bind_result($uid);
$stmt->fetch();
$stmt->close();
$stmt = $conx->prepare("SELECT `salt` FROM users_salts WHERE `UID` = ? LIMIT 1");
$stmt->bind_param('i',$uid);
if($stmt->execute()){
$stmt->bind_result($salt);
$stmt->fetch();
$stmt->close();
}else{$stmt->error; $stmt->close();}
}else{$stmt->error; $stmt->close();} //USER NOT FOUND IN DB
return $salt;
}
/**
* checkPswd()
* PARAMETERS: $p (password), $u (username)
* RETURN: true of false
* DESCRIPTION: takes the username and hashed password and checks it against the user in the database, if it matches up we return true
*/
function checkPswd($u, $p){
$conx = mysqli_connect("mysql.pipeten.co.uk", "********", "********", "******_GameAndShame");
$stmt = $conx->prepare("SELECT `password` from users WHERE `username` = ? LIMIT 1");
$stmt->bind_param('s',$u);
if($stmt->execute()){
$stmt->bind_result($dbp);
$stmt->fetch();
//echo "dbpassword is: ".$dbp."<br>";
if($dbp == $p){$stmt->close(); return true;}else{$stmt->close(); return false;}
}else{$stmt->error; $stmt->close();}
}
/**
* setSessions()
* PARAMETERS: $u (username)
* RETURN:
* DESCRIPTION: sets the user session for the person.
*/
function setSessions($u){
$ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
$t = md5($u.time());
$conx = mysqli_connect("mysql.pipeten.co.uk", "********", "********", "******_GameAndShame");
$stmt = $conx->prepare("UPDATE users SET `ip` = ?, `lastlogin` = NOW() WHERE `username` = ?");
$stmt->bind_param("ss",$ip,$u);
if($stmt->execute()){ $stmt->close();}else{$stmt->error; $stmt->close();}
$stmt = $conx->prepare("SELECT `token` from users_tokens WHERE `username` = ?");
$stmt->bind_param("s",$u);
if($stmt->execute()){
$stmt->bind_result($count);
$stmt->fetch();
$stmt->close();
if($count != NULL){
$stmt = $conx->prepare("UPDATE users_tokens SET `token` = ?, `IP` = ? WHERE `username` = ?");
$stmt->bind_param("sss",$t, $ip, $u);
if($stmt->execute()){$stmt->close();}else{$stmt->error; $stmt->close();}
}
else{
$stmt = $conx->prepare("INSERT INTO users_tokens (`username`, `token`, `IP`) VALUES (?, ?, ?)");
$stmt->bind_param("sss",$u, $t, $ip);
if($stmt->execute()){
}else{ $stmt->error; $stmt->close();}
}
}else{ $stmt->error; $stmt->close();}
// setcookie("u", $u, strtotime( '+30 days' ), "", "", "", TRUE);
// setcookie("t", $t, strtotime( '+30 days' ), "", "", "", TRUE);
echo "SUCCESS";
$_SESSION['t'] = $t;
$_SESSION['u'] = $u;
return;
}
}
?>
function validSess($a = 'bool'){
$conx = mysqli_connect("mysql.pipeten.co.uk", "********", "********", "******_GameAndShame");
if(isset($_SESSION['u']) && isset($_SESSION['t'])){
$u = $_SESSION['u'];
$t = $_SESSION['t'];
$u = preg_replace('#[^a-z0-9_]#i', '', $u);
$t = preg_replace('#[^a-z0-9_]#i', '', $t);
$user_ok = $this->evalLoggedUser($conx,$u,$t);
if($user_ok){
if($a == 'bool'){
return true;
}
}else{return false;}
}
}
function evalLoggedUser($conx,$u,$t){
$stmt = $conx->prepare("SELECT `ip` FROM users WHERE `username` = ? LIMIT 1");
$stmt->bind_param("s",$u);
if($stmt->execute()){
$stmt->bind_result($ip);
$stmt->fetch();
$stmt->close();
}else{$stmt->error; $stmt->close();}
$stmt = $conx->prepare("SELECT * FROM users_tokens WHERE `username` = ? AND `IP` = ?");
$stmt->bind_param("ss",$u,$ip);
if($stmt->execute()){
$stmt->bind_result($uid, $user, $token, $ip2);
$stmt->fetch();
if($ip == $ip2){
if($ip2 == preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'))){
if($t == $token){
return true;
}else{ echo "Invalid Token, somebody else could have logged in as you?"; }
}else{header("location:/auth/logout.php");}
}else{ header("location:/auth/logout.php"); }
}else{ $stmt->error; $stmt->close();}
}
<?php
session_start();
include("style/fonts/fonts.html");
include_once("".$_SERVER['DOCUMENT_ROOT']."/includes/Krumo/class.krumo.php");
include_once("".$_SERVER['DOCUMENT_ROOT']."/auth/class_loader.php");
krumo($_SESSION);
$sessCheck = new userFunc;
if($sessCheck->validSess('bool')){
$sess = true;
echo "SESSION IS VALID";
}
else{ $sess = false; $_SESSION['msg'] = "You are not logged in, please log in to access your profile.";}
?>
<?php
session_start();
include_once("".$_SERVER['DOCUMENT_ROOT']."/includes/Krumo/class.krumo.php");
include_once("".$_SERVER['DOCUMENT_ROOT']."/auth/class_loader.php");
$sessCheck = new userFunc;
if($sessCheck->validSess('bool')){
$sess = true;
}
else{ $sess = false;}
krumo($_SESSION);
include("style/fonts/fonts.html");
?>
<?php
$bar = new accountBar;
$bar->getBar($sess);
?>
<?php
session_start();
include_once("".$_SERVER['DOCUMENT_ROOT']."/auth/class_loader.php");
$login = new login();
if(!isset($_POST['username']) || !isset($_POST['password'])){
$_SESSION['msg'] = "Please fill out all the information";
header("location:/");
}
$login = $login->startLogin($_POST['username'],$_POST['password']);
header("location:/");
?>
<?php
session_start();
class login{
/**
* startLogin()
* PARAMETERS: username, password
* RETURN: start login process
* DESCRIPTION: Start login process and handle login functions
*/
function startLogin($u, $p){
$u = preg_replace('#[^a-z0-9_]#i', '', $u);
$u = strtolower($u);
$u = (trim($u));
$p = (trim($p));
if($u == "" || $p == ""){
unset($_SESSION['msg']);
$_SESSION['msg'] = "Please fill out all the information TEST";
//header("location:/");
return false;
}
$salt = $this->grabSalt($u);
//echo "salt is: ".$salt."<br>";
$p = md5($p.$salt);
//echo "password is: ".$p."<br>";
$ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
if($this->checkPswd($u, $p)){
// echo "Passwords Match!<br>";
$this->setSessions($u);
}
else{
unset($_SESSION['msg']);
$_SESSION['msg'] = "Username or password is not correct";
header("location:/");
}
}
/**
* grabSalt()
* PARAMETERS: username
* RETURN: salt for that user
* DESCRIPTION: Grab the users salt for use in password matching
*/
function grabSalt($u){
$conx = mysqli_connect("mysql.pipeten.co.uk", "********", "********", "******_GameAndShame");
$stmt = $conx->prepare("SELECT `UID` FROM users WHERE `username` = ? LIMIT 1");
$stmt->bind_param('s',$u);
if($stmt->execute()){
$stmt->bind_result($uid);
$stmt->fetch();
$stmt->close();
$stmt = $conx->prepare("SELECT `salt` FROM users_salts WHERE `UID` = ? LIMIT 1");
$stmt->bind_param('i',$uid);
if($stmt->execute()){
$stmt->bind_result($salt);
$stmt->fetch();
$stmt->close();
}else{$stmt->error; $stmt->close();}
}else{$stmt->error; $stmt->close();} //USER NOT FOUND IN DB
return $salt;
}
/**
* checkPswd()
* PARAMETERS: $p (password), $u (username)
* RETURN: true of false
* DESCRIPTION: takes the username and hashed password and checks it against the user in the database, if it matches up we return true
*/
function checkPswd($u, $p){
$conx = mysqli_connect("mysql.pipeten.co.uk", "********", "********", "******_GameAndShame");
$stmt = $conx->prepare("SELECT `password` from users WHERE `username` = ? LIMIT 1");
$stmt->bind_param('s',$u);
if($stmt->execute()){
$stmt->bind_result($dbp);
$stmt->fetch();
//echo "dbpassword is: ".$dbp."<br>";
if($dbp == $p){$stmt->close(); return true;}else{$stmt->close(); return false;}
}else{$stmt->error; $stmt->close();}
}
/**
* setSessions()
* PARAMETERS: $u (username)
* RETURN:
* DESCRIPTION: sets the user session for the person.
*/
function setSessions($u){
$ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
$t = md5($u.time());
$conx = mysqli_connect("mysql.pipeten.co.uk", "********", "********", "******_GameAndShame");
$stmt = $conx->prepare("UPDATE users SET `ip` = ?, `lastlogin` = NOW() WHERE `username` = ?");
$stmt->bind_param("ss",$ip,$u);
if($stmt->execute()){ $stmt->close();}else{$stmt->error; $stmt->close();}
$stmt = $conx->prepare("SELECT `token` from users_tokens WHERE `username` = ?");
$stmt->bind_param("s",$u);
if($stmt->execute()){
$stmt->bind_result($count);
$stmt->fetch();
$stmt->close();
if($count != NULL){
$stmt = $conx->prepare("UPDATE users_tokens SET `token` = ?, `IP` = ? WHERE `username` = ?");
$stmt->bind_param("sss",$t, $ip, $u);
if($stmt->execute()){$stmt->close();}else{$stmt->error; $stmt->close();}
}
else{
$stmt = $conx->prepare("INSERT INTO users_tokens (`username`, `token`, `IP`) VALUES (?, ?, ?)");
$stmt->bind_param("sss",$u, $t, $ip);
if($stmt->execute()){
}else{ $stmt->error; $stmt->close();}
}
}else{ $stmt->error; $stmt->close();}
// setcookie("u", $u, strtotime( '+30 days' ), "", "", "", TRUE);
// setcookie("t", $t, strtotime( '+30 days' ), "", "", "", TRUE);
echo "SUCCESS";
$_SESSION['t'] = $t;
$_SESSION['u'] = $u;
return;
}
}
?>
function validSess($a = 'bool'){
$conx = mysqli_connect("mysql.pipeten.co.uk", "********", "********", "******_GameAndShame");
if(isset($_SESSION['u']) && isset($_SESSION['t'])){
$u = $_SESSION['u'];
$t = $_SESSION['t'];
$u = preg_replace('#[^a-z0-9_]#i', '', $u);
$t = preg_replace('#[^a-z0-9_]#i', '', $t);
$user_ok = $this->evalLoggedUser($conx,$u,$t);
if($user_ok){
if($a == 'bool'){
return true;
}
}else{return false;}
}
}
function evalLoggedUser($conx,$u,$t){
$stmt = $conx->prepare("SELECT `ip` FROM users WHERE `username` = ? LIMIT 1");
$stmt->bind_param("s",$u);
if($stmt->execute()){
$stmt->bind_result($ip);
$stmt->fetch();
$stmt->close();
}else{$stmt->error; $stmt->close();}
$stmt = $conx->prepare("SELECT * FROM users_tokens WHERE `username` = ? AND `IP` = ?");
$stmt->bind_param("ss",$u,$ip);
if($stmt->execute()){
$stmt->bind_result($uid, $user, $token, $ip2);
$stmt->fetch();
if($ip == $ip2){
if($ip2 == preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'))){
if($t == $token){
return true;
}else{ echo "Invalid Token, somebody else could have logged in as you?"; }
}else{header("location:/auth/logout.php");}
}else{ header("location:/auth/logout.php"); }
}else{ $stmt->error; $stmt->close();}
}
<?php
session_start();
include("style/fonts/fonts.html");
include_once("".$_SERVER['DOCUMENT_ROOT']."/includes/Krumo/class.krumo.php");
include_once("".$_SERVER['DOCUMENT_ROOT']."/auth/class_loader.php");
krumo($_SESSION);
$sessCheck = new userFunc;
if($sessCheck->validSess('bool')){
$sess = true;
echo "SESSION IS VALID";
}
else{ $sess = false; $_SESSION['msg'] = "You are not logged in, please log in to access your profile.";}
?>
我已经解决了这个问题 logout.php文件返回到网站的www.版本,而会话在非www.版本的网站上运行,因为有些链接使用“/”来访问根路径,有些使用完整地址,我技术上导致出现两个会话,一个是在www上运行的前一个会话,另一个是在非www上运行的新会话 所有这些都是由于在my.HTACCESS中重新写入了一些url造成的
成功!(目前)如果您提供图像URL,有人会将其插入问题。这是否包括(“style/fonts/fonts.html”)使PHP输出一些东西?在输出任何内容之前完成所有会话工作。字体不会导致输出,不,它只是一个为站点添加字体的文件。它是一个HTML文件。除非是空的,否则它怎么不输出?运行此程序并查看source
这只是一个问题,但我已将其向下移动,它是在会话启动之后,所以我知道这并不是导致问题的原因。