douzhan1031 2012-07-21 09:47
浏览 24
已采纳

PHP无法回忆会话

Recently I tried to create a login webpage for my project. So there's the index.html, the login page where the person has to login. It sends the query to checklogin.php which is this:

<?php
ob_start();
$host="localhost"; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("wordshare.zxq.net", "754319_guest", "guest")or die("cannot connect"); 
mysql_select_db("wordshare_zxq_users")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM members WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_start();
session_register("myusername");
session_register("mypassword"); 
header("location:main.php");
}
else {
    header("location:index.html");
}
ob_end_flush();
?>

Then the main page checks for the session, and if you are not logged in it redirects you to index.html and the code is as following:

<?php
// Connects to your Database
mysql_connect("wordshare.zxq.net", "754319_guest", "guest")or die("cannot connect");
mysql_select_db("wordshare_zxq_users")or die("cannot select DB");
//checks cookies to make sure they are logged in
session_start();
session_start();
if(!session_is_registered(myusername)){
header("location:index.html");
}
?>

The problem is that I don't get redirected back to the main page if I go directly to the main.html. I've tried using echo to find out whether the session is recorded, and it returned undefined. What really baffled me was that even when I try to print out something else like a word, it also returns me "undefined". Can anyone help me?

  • 写回答

3条回答 默认 最新

  • duanjiaren8188 2012-07-21 10:30
    关注

    You have many issues with your code. Wherever you copied that over, it is a very bad example. I have some spare time, so I highlight what I can see, most serious first:

    • You store plain-text passwords in your database. This is very serious, because in case someone will hack your database, the username and password information can be retrieved easily. This is a very common mistake but a very bad one. Instead hash your passwords, for example with the phpass library. That website explains very well what this is about. So if you want to learn, that site does not only have code but gives also a quite good and generic description.

    • The code expects that get_magic_quotes_gpc is enabled. Instead it should refuse to work if it is enabled. Assuming that magic quotes are enabled is a security issue because it prevents you from writing safe code

      Your Code:

      $mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);

      Suggestion:

      if (get_magic_quotes_gpc()) {
    throw new UnexpectedValueException('get_magic_quotes_gpc must be off.');
}
$mypassword = $_POST['mypassword'];

      (There is no need to do stripslashes any longer)

    • You use other outdated language features. This is merely a sympton that from whereever you have copied over that code, you do not have taken code that is state of the art. A few issues you have:

      • mysql_* functions. Use PDO instead. It's much more simple to use and much more powerful. It helps you pro-actively to prevent SQL injection by providing so called prepared statements (also called parameterized queries). Learn about it, use it.
      • session_register and session_is_registered functions. Those were used to register global variables inside the session. They are unsafe and deprecated. Instead use the $_SESSION superglobal, like you use the $_POST superglobal already.

    • One long line-up of code. You do not make use of subroutines. Albeit they could be very helpful for you. Learn how you can write your own functions because you can do programming like writing a text.

    Example:

    <?php
require('my-functions.php');

$location = 'index.html';

if ($user = user_form_submitted() && user_is_valid($user)) {
    user_login_into_session_($user);
    $location = 'main.php';       
}

redirect($location);
?>

    As you can see this is quite easy to read. Just then define functions that do the job, e.g.:

    /**
 * redirect request
 *
 * @param string $location
 */
function redirect($location) {
    if (!headers_sent()) {
        header("Location: " . $location);
    }
    printf('Moved <a href="%1$s">here</a>.', htmlspecialchars($location));
}

    That's just one example. So you can start to program already without even thinking how all the glory different details will work.

    Related answers about using and extracting functions and using PDO:

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

  • PHP无法回忆会话 php
    2012-07-21 09:47
    回答 3 已采纳 You have many issues with your code. Wherever you copied that over, it is a very bad example. I ha
  • PHP会话变量请求时间 php
    2019-03-07 11:29
    回答 1 已采纳 Unless you do these session read/write operations millions of times (e.g. in a loop) you shouldn't
  • php无法读取会话 php
    2013-03-05 07:49
    回答 4 已采纳 You should add session_start() at the $user check condition page. session_start(); if ($user != n
  • php垃圾回收机制 鸟哥,php会话控制
    2021-03-24 12:51
    季春顺的博客 关于php会话控制,我有惨痛的回忆┭┮﹏┭┮,而且还是两次。第一次是我在写博客的时候,当时花了很长时间再写,当我写完并检查后,点击了保存,我勒个去,直接跳转到登录页面,点返回也返回不了,辛苦全白瞎了。...
  • Php会话无法处理输入 php
    2014-08-07 02:57
    回答 2 已采纳 Foreword: (edit) I noticed you've asked a few questions since first joining Stack but have not acc
  • PHP会话不更新变量 php
    2018-08-17 09:28
    回答 2 已采纳 session_start() must be the second thing on your page after <?php. HTML tags must be placed aft
  • PHP LDAP会话持久性 php
    2019-02-04 15:31
    回答 1 已采纳 The problem is not about LDAP, the problem is about HTTP. HTTP is a stateless protocol whereas LD
  • PHP LFI 利用临时文件Getshell
    2023-10-11 19:59
    双层小牛堡的博客 PHPINFO()特性 原理 条件竞争 PHP7 Segment Fault 利用条件 攻击技巧1 LFI 绕过 SESSION 包含限制 Getshell 会话存储 存储位置 存储命名 会话处理 session.serialize_handler LFI SESSION serialize_handler = php ...
  • session_destroy无法破坏会话php php
    2017-06-01 11:16
    回答 4 已采纳 Just use this: $_SESSION = array(); session_destroy();
  • PHP会话干扰子域会话 php
    2017-11-21 17:01
    回答 1 已采纳 Since they share the same domain, they are the same site and share a session. You can manually ov
  • PHP会话传播 php
    2017-03-13 10:01
    回答 1 已采纳 first you have to read what have been removed and edited in php (session.configuration) versions
  • PHP宿舍管理系统项目实战
    2021-06-26 15:19
    阿威的镜中月的博客 PHP宿舍管理系统项目实战系统分析系统设计知识点项目实现 系统分析 对客户(甲方)的工作需求进行了解,从而调整自己的程序功能。 系统设计 知识点 PHP表单实现数据的收集 PHP-Cookie和Session的使用 项目实现 本...
  • 会话变量间歇性PHP html php
    2018-01-19 20:45
    回答 1 已采纳 SOLVED: In my navigation bar I was using a full URL instead of a relative link, this was causing
  • PHP笔记
    2021-05-27 16:02
    祝小筱的博客 文章目录PHPHTML,CSS,JSPHP简介AJAXPHP基础语法控制结构练习1数组函数练习2日期管理数学函数信息函数提交表单COOKIES和SESSIONSCookiesSessions包含函数文件操作OOP 和 PHP一些OOP的回忆封装继承异常处理命名空间PDO...
  • php批量执行函数,php自动执行函数
    2021-04-30 01:41
    穿杨之光的博客 php 动态执行 函数,PHP学习 你的知识信息已经过时了吗? ,php自动执行函数,php的命令执行函数关键的两个函数: ignore_user_abort(true),这个函数的作用是,无论客户端是否关闭浏览器,下面的代码都将 得到执行。 set_...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥15 phython路径名过长报错 不知道什么问题
  • ¥15 深度学习中模型转换该怎么实现
  • ¥15 HLs设计手写数字识别程序编译通不过
  • ¥15 Stata外部命令安装问题求帮助!
  • ¥15 从键盘随机输入A-H中的一串字符串,用七段数码管方法进行绘制。提交代码及运行截图。
  • ¥15 TYPCE母转母,插入认方向
  • ¥15 如何用python向钉钉机器人发送可以放大的图片?
  • ¥15 matlab(相关搜索:紧聚焦)
  • ¥15 基于51单片机的厨房煤气泄露检测报警系统设计
  • ¥15 Arduino无法同时连接多个hx711模块,如何解决?