duanji4449 2018-08-14 15:01
浏览 42
已采纳

php保持用户在更改页面后使用会话登录

i am developing a log in form with session. When i log in and try to change page in the same domain and get back to login page, i am logged out and credentials needed. Bellow is the code.

mysky.php (login page)

<?php   
    session_start();
    $pageTitle = 'MySky Login';
    include 'header.php';
?>


<div id="cloud_box">
    <div id="cloud_title">My<span>Sky</span> Login</div>

    <form action="myskyweb.php" name="form" method="POST" 
     onsubmit="return IsEmpty();">

        <div id="msg"><?php if(isset($msg)) { echo $msg; }?></div>

        <div id="u">
            <div id="user1">U</div>
            <input type="text" id="user" name="user"/>
            <div id="error_u"></div>
        </div>

        <div id="p">
            <div id="pass1">P</div>
            <input type="password" id="pass" name="pass"/>
            <div id="error_p"></div>
        </div>

        <button id="btn" type="submit">Login</button>

    </form>

</div>



<?php include 'footer.php';?>

myskyweb.php (after successfull login)

<?php 
    session_start();
    if(!isset($_SESSION['id']))
    {
        header("Location: mysky.php");
    }
    $pageTitle = sprintf('MySky - %s', $_POST['user']);
    include 'header.php';
    include 'login.php';
?>

<?php

print_r($_SESSION);

?>

<div id="logout"><a href="logout.php">Logout</a></div>

<?php include 'footer.php';?>

page1.php (one page of my domain)

<?php 
    session_start();
    $pageTitle = 'page1';
    include 'header.php';
?>

<?php

print_r($_SESSION);

?>

<div id="structure">

<?php include 'footer.php';?>

page2.php (another page)

<?php 
    session_start();
    $pageTitle = 'page2';
    include 'header.php';
?>

<?php

print_r($_SESSION);

?>

<div class="slides">

<?php include 'footer.php';?>

login.php (checking if credentials are correct & give value to session)

<?php

    include 'db_info.php';      
    $username = $password = $encrypted = $msg = '';

    //connect to db
    $conn = new mysqli($dbServer, $dbUser, $dbPass, $dbName) 
    or die($conn);

    //get values
    $username = $_POST['user'];
    $password = $_POST['pass'];

    //prevent mysql injection
    $username = stripcslashes($username);
    $password = stripcslashes($password);
    $username = mysqli_real_escape_string($conn, $username);
    $password = mysqli_real_escape_string($conn, $password);

    //encrypt pass
    $encrypted = md5($password);

    //search
    $sql = "SELECT * FROM users WHERE username = '$username' AND password = '$encrypted'";
    $result = mysqli_query($conn, $sql) or die("Failed to query database ".mysqli_error($conn));

    //compare
    $row = mysqli_fetch_array($result);
    if (($row['username'] == $username) && ($row['password'] == $encrypted)){
        $_SESSION['id'] = $row['id'];
        $_SESSION['user'] = $row['username'];
        $_SESSION['logged_in'] = time();
    } else {
        $msg = 'Credentials mismatch';
        header("Location: /mysky.php");
        die();
    }
    mysqli_close($conn);


?>

I used the function print_r() at all of the pages to understand if the problem is the session. Session is not the problem, because after log in every page shows the sessions var. So session keep the values after changing a page. I cannot undestand why i see login form in login page again rather to see successfull login page.

Any help is appreciated!

  • 写回答

3条回答 默认 最新

  • douzi5214 2018-08-15 10:18
    关注

    @waterloomatt & @Isaac thanks for your time and responses! After so many hours, finally i found the code that works. If you see anything wrong, i would be happy to know! Will i have problems with SQL Injection attacks?

    login.php

    <?php
    session_start();

    include 'db_info.php';  

    //connect to db
    $conn = new mysqli($dbServer, $dbUser, $dbPass, $dbName) 
    or die($conn);

    //get values
    if ((isset($_POST['user'])) && (isset($_POST['user']))){
        $username = $_POST['user'];
        $password = $_POST['pass'];
    } else {
        $username = null;
        $password = null;
    }   

    //prevent mysql injection
    $username = stripcslashes($username);
    $password = stripcslashes($password);
    $username = mysqli_real_escape_string($conn, $username);
    $password = mysqli_real_escape_string($conn, $password);

    //encrypt pass
    $encrypted = hash('sha256', $password);

    //search
    $sql = "SELECT * FROM users WHERE username = '$username' AND password = '$encrypted'";
    $result = mysqli_query($conn, $sql) or die("Failed to query database ".mysqli_error($conn));

    //compare
    $row = mysqli_fetch_array($result);
    if (($row['username'] != $username) || ($row['password'] != $encrypted)){
        if ((isset($_POST['user'])) && (isset($_POST['pass']))){
        $_SESSION['msg'] = 'Credentials mismatch';}
    } else {
        $_SESSION['id'] = $row['id'];
        $_SESSION['user'] = $row['username'];
    }
    mysqli_close($conn);


?>

    mysky.php

    <?php 
    include 'login.php';

    if ((isset($_SESSION['id'])) && (isset($_SESSION['user'])))
    {
        include 'sky_auth.php';
    } 
    else
    {
        include 'sky_login.php';
    }

    include 'footer.php';
?>

    sky_login.php

    <?php 
    $pageTitle = 'MySky Login';
    include 'header.php';
?>


<div id="cloud_box">
    <div id="cloud_title">My<span>Sky</span> Login</div>

    <form action="" name="form" method="POST" onsubmit="return IsEmpty();">

        <div id="msg"><?php if (isset($_SESSION['msg'])){
                                echo $_SESSION['msg']; 
                                unset($_SESSION); 
                                session_destroy();} ?>
        </div>

        <div id="u">
            <div id="user1">U</div>
            <input type="text" id="user" name="user"/>
            <div id="error_u"></div>
        </div>

        <div id="p">
            <div id="pass1">P</div>
            <input type="password" id="pass" name="pass"/>
            <div id="error_p"></div>
        </div>

        <button id="btn" type="submit">Login</button>

    </form>

</div>

    sky_auth.php

    <?php
    if(!isset($_SESSION['id']))
    {
        header("Location: mysky.php");
        die();
    }
    $pageTitle = sprintf('MySky - %s', $_SESSION['user']);
    include 'header.php';
?>

<div id="sky_contain">

        <div id="logout"><a href="logout.php">Logout</a></div>

    </div>

</div>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 Attention is all you need 的代码运行
  • ¥15 一个服务器已经有一个系统了如果用usb再装一个系统,原来的系统会被覆盖掉吗
  • ¥15 使用esm_msa1_t12_100M_UR50S蛋白质语言模型进行零样本预测时,终端显示出了sequence handled的进度条,但是并不出结果就自动终止回到命令提示行了是怎么回事:
  • ¥15 前置放大电路与功率放大电路相连放大倍数出现问题
  • ¥30 关于<main>标签页面跳转的问题
  • ¥80 部署运行web自动化项目
  • ¥15 腾讯云如何建立同一个项目中物模型之间的联系
  • ¥30 VMware 云桌面水印如何添加
  • ¥15 用ns3仿真出5G核心网网元
  • ¥15 matlab答疑 关于海上风电的爬坡事件检测