Php 重新加载页面时会话似乎正在退出
我在登录页面上设置会话变量,然后它重定向到主页,在主页上,名为Php 重新加载页面时会话似乎正在退出,php,session,cookies,Php,Session,Cookies,我在登录页面上设置会话变量,然后它重定向到主页,在主页上,名为isLoggedIn()的函数决定它是include()ssigned-in.php还是membership-container.phpsigned-in.php显示用户是否登录,如果客户端未登录,则显示membership container.php。在我登录后,它会像预期的那样显示signed-in.php,但当我重新加载页面时,它会显示membership-container.php 登录页面: <!DOCTYPE htm
isLoggedIn()include()signed-in.phpmembership-container.phpsigned-in.phpmembership container.phpsigned-in.phpmembership-container.php<!DOCTYPE html>
<?php
session_start();
/*error_reporting(0);*/
require 'users/database/connect-database.php';
require 'users/database/database-functions.php';
if ($_POST) {
$email = sanitize($connection, strip_tags($_POST['login_email']));
$password = sanitize($connection, strip_tags($_POST['login_password']));
$encrypted_password = sha1($password);
if (!empty($email) && !empty($password)) {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error = 'Your email is not valid.';
} else if(exists($connection, 'email', 'members', 'email', $email) == false) {
$error = "We didn't find anyone with that email and password. Have you joined SamHalesJr.com yet?";
} else if (exists($connection, 'email', 'members', 'password', $encrypted_password) == false) {
$error = "Please enter the correct password.";
} else if (detail($connection, 'active', 'members', 'email', $email) != 1) {
$error = "You haven't activated your account!";
} else {
$query = login($connection, $email, $encrypted_password);
if ($query == true) {
ini_set('session.gc_maxlifetime', $inactive_session);
$_SESSION['session'] = time();
$_SESSION['logged_in'] = detail($connection, 'user_id', 'members', 'email', $email);
if (isLoggedIn()) {header('Location: /home');}
}
}
} else {
$error = 'Please enter an email and password.';
}
}
require 'users/database/disconnect-database.php';
?>
<html>
<head>
<meta charset="utf-8">
</head>
<body>
<form action="/login" method="POST">
<input placeholder="Email" value="<?php echo $email; ?>" type="text" name="login_email"><br>
<input placeholder="Password" value="<?php echo $password; ?>" type="password" name="login_password"><br>
<input type="submit" value="Login">
</form>
</body>
</html>
session\u start()$\u session[''']<?php
include 'users/database/database-functions.php';
ini_set('session.gc_maxlifetime', $inactive_session);
session_start();
if (isset($_SESSION['session']) && (time() - $_SESSION['session'] > $inactive_session)) {
logout();
}
$_SESSION['session'] = time(); // Update session
?>
谢谢任何帮助我的人。旁注:你的密码哈希功能完全没有用,一轮不含盐的SHA-1(或者SHA-512,如果我们看你发布的第二个代码)将立即被破解。@André你是说如果我写了
echo sha1($encrypted_password))它会显示原始密码吗?我不知道你的意思。“会话_start()和任何其他$_会话[''']变量需要放在标记之前,这一点我是正确的吗?”–在进行任何输出之前,只需调用会话_start
(除非打开了输出缓冲)-但你已经没有遵守登录页面中的规定,因为前面有doctype。@CBroe哦,所以它必须在
之前!我想知道这是否是问题所在,因为它在所有页面的doctype之后!密码是散列的,因此不,您的示例不会显示明文密码。然而,因为这只是一轮SHA1,所以对蛮力来说是微不足道的,而且因为没有盐,所以更微不足道。和。
<?php
include 'users/database/database-functions.php';
ini_set('session.gc_maxlifetime', $inactive_session);
session_start();
if (isset($_SESSION['session']) && (time() - $_SESSION['session'] > $inactive_session)) {
logout();
}
$_SESSION['session'] = time(); // Update session
?>
<?php if (isLoggedIn()) {
include 'signed-in.php';
} else {
include 'membership-container.php';
} ?>