Php 会话/身份验证循环
我在这段代码中有一个循环(用户返回登录页面)。问题在于这一点Php 会话/身份验证循环,php,session,authentication,Php,Session,Authentication,我在这段代码中有一个循环(用户返回登录页面)。问题在于这一点 else if (!$session_id){ //if user is not logged in, send to the login page header("Location:" . $Config_live_site . "/user_events/login.php"); exit; } 我觉得这与所有嵌套的if语句有关。如果删除上面的“else If”,则用户可以登录,并且所有会话功能都可以正常
else if (!$session_id){
//if user is not logged in, send to the login page
header("Location:" . $Config_live_site . "/user_events/login.php");
exit;
}
我觉得这与所有嵌套的if语句有关。如果删除上面的“else If”,则用户可以登录,并且所有会话功能都可以正常工作。代码如下:
//check if the user has clicked on a submit button in a login form in login.php
if (isset( $_POST['submit'] )) {
$username = $_POST['username'];
$pass = $_POST['password'];
if (!$username) {
echo "<script>alert('Please enter username'); document.location.href='index.php?option=login$string_2';</script>\n";
}
if (!$pass) {
echo "<script>alert('Please enter a password'); document.location.href='index.php?option=login$string_2';</script>\n";
}
else {
$pass = md5( $pass );
}
//set up user object and start a new session
$user = new user();
$database->get_user(&$user, $username, '1');
if (!strcmp( $user->user_pass, $pass)) {
session_name( 'login' );
session_start();
$logintime = time();
$session_id = md5( "$user->username$user->user_type$logintime" );
$database->set_session($user, $session_id, $logintime);
$_SESSION['session_id'] = $session_id;
$_SESSION['session_username'] = $user->username;
$_SESSION['session_usertype'] = $user->user_type;
$_SESSION['session_logintime'] = $logintime;
session_write_close();
// cannot using mosredirect as this stuffs up the cookie in IIS
if ($suboption) {
echo "<script>document.location.href='index.php?$string';</script>\n";
} else {
echo "<script>document.location.href='index.php?option=subscriber_home';</script>\n";
}
exit();
} else {
echo "<script>alert('Incorrect Username and Password, please try again'); document.location.href='index.php?option=subscribe$string_2';</script>\n";
exit();
}
}
else if (!$session_id){
//if user is not logged in, send to the login page
header("Location:" . $Config_live_site . "/user_events/login.php");
exit;
}
//session starts
session_name( 'login' );
session_start();
if ($option == 'logout') {
require 'logout.php';
exit();
}
$user = new user();
$user->username = $_SESSION['session_username'];
$user->user_type = $_SESSION['session_usertype'];
$session_id = $_SESSION['session_id'];
$logintime = $_SESSION['session_logintime'];
//检查用户是否单击了login.php中登录表单中的提交按钮
如果(isset($_POST['submit'])){
$username=$_POST['username'];
$pass=$_POST['password'];
如果(!$username){
echo“警报('请输入用户名');document.location.href='index.php?option=login$string_2';\n”;
}
如果(!$pass){
echo“警报('请输入密码');document.location.href='index.php?option=login$string_2';\n”;
}
否则{
$pass=md5($pass);
}
//设置用户对象并启动新会话
$user=新用户();
$database->get_user(&$user,$username,'1');
如果(!strcmp($user->user\u pass,$pass)){
会话名称(“登录”);
会话_start();
$logintime=time();
$session_id=md5(“$user->username$user->user_type$logintime”);
$database->set_session($user、$session_id、$logintime);
$\u SESSION['SESSION\u id']=$SESSION\u id;
$\u会话['SESSION\u username']=$user->username;
$\u SESSION['SESSION\u usertype']=$user->user\u type;
$\u SESSION['SESSION\u logintime']=$logintime;
会话写入关闭();
//无法使用mosredirect,因为这会填充IIS中的cookie
如果($子选项){
echo“document.location.href='index.php?$string';\n”;
}否则{
echo“document.location.href='index.php?option=subscriber_home';\n”;
}
退出();
}否则{
echo“警报(‘用户名和密码不正确,请重试’);document.location.href='index.php?option=subscribe$string_2';\n”;
退出();
}
}
else if(!$session\u id){
//如果用户未登录,请发送到登录页面
标题(“位置:“.$Config\u live\u site./user\u events/login.php”);
出口
}
//会议开始
会话名称(“登录”);
会话_start();
如果($option=='logout'){
需要“logout.php”;
退出();
}
$user=新用户();
$user->username=$\u SESSION['SESSION\u username'];
$user->user\u type=$\u SESSION['SESSION\u usertype'];
$session\u id=$\u session['session\u id'];
$logintime=$\u SESSION['SESSION\u logintime'];
此代码非常混乱,如果不知道数据库对象是什么以及它是如何运行的,我无法完全帮助您,但请执行类似的操作。它将简化您的代码堆
session_start();
try{
if(!isset($_POST['submit']))
throw new exception('No Post Data Found.');
if(!isset($_POST['username']))
throw new exception('Please enter a username.');
if(!isset($_POST['password']))
throw new exception('Please enter a password.');
$username = $_POST['username'];
$password = $_POST['password'];
$password = md5($password);
//CHECK IF USER CREDENTIALS ARE CORRECT HERE
#$result = database results as object.
$valid_credentials = true;
if(!$valid_credentials)
throw new exception('Your credentials were incorrect.');
$_SESSION['username'] = $username;
$_SESSION['user_type'] = $result->user_type;
$_SESSION['logintime'] = time();
echo '<script>document.location.href="success.php";</script>'
catch (Exception $E){
echo "<script>alert('$E->getMessage()'); document.location.href='login.php'; </script>";
}
session_start();
试一试{
如果(!isset($_POST['submit']))
抛出新异常(“未找到Post数据”);
如果(!isset($\u POST['username']))
抛出新异常('请输入用户名');
如果(!isset($\u POST['password']))
抛出新异常('请输入密码');
$username=$_POST['username'];
$password=$_POST['password'];
$password=md5($password);
//在此处检查用户凭据是否正确
#$result=数据库结果作为对象。
$valid_credentials=true;
如果(!$valid\u凭证)
抛出新异常('您的凭据不正确');
$\会话['username']=$username;
$\u会话['user\u type']=$result->user\u type;
$\u会话['logintime']=time();
echo'document.location.href=“success.php”;'
捕获(例外$E){
echo“警报('$E->getMessage()');document.location.href='login.php';”;
}
我不推荐其中一些做法,但我尽可能地将其与您的代码相适应。您完全需要将数据库对象添加到代码中
我也更喜欢用户头('Location:');而不是javascript脚本,但我使用了您现有的工具
祝你好运!谁知道我必须点击复选标记?现在我知道了。你为什么要创建自己的会话id?当你执行
session\u start()
时,PHP已经为你这样做了,你可以使用session\u id()检索值
。问题是你在设置会话之前就试图使用会话id!更大的问题是你在数据库中以明文存储用户名!BenLee为什么明文存储用户名不好?我理解密码,但他至少尝试过散列他的密码,尽管md5不是最安全的。