duanji4449
duanji4449
2018-08-14 15:01

php保持用户在更改页面后使用会话登录

  • session
  • php
  • login

i am developing a log in form with session. When i log in and try to change page in the same domain and get back to login page, i am logged out and credentials needed. Bellow is the code.

mysky.php (login page)

<?php   
    session_start();
    $pageTitle = 'MySky Login';
    include 'header.php';
?>


<div id="cloud_box">
    <div id="cloud_title">My<span>Sky</span> Login</div>

    <form action="myskyweb.php" name="form" method="POST" 
     onsubmit="return IsEmpty();">

        <div id="msg"><?php if(isset($msg)) { echo $msg; }?></div>

        <div id="u">
            <div id="user1">U</div>
            <input type="text" id="user" name="user"/>
            <div id="error_u"></div>
        </div>

        <div id="p">
            <div id="pass1">P</div>
            <input type="password" id="pass" name="pass"/>
            <div id="error_p"></div>
        </div>

        <button id="btn" type="submit">Login</button>

    </form>

</div>



<?php include 'footer.php';?>

myskyweb.php (after successfull login)

<?php 
    session_start();
    if(!isset($_SESSION['id']))
    {
        header("Location: mysky.php");
    }
    $pageTitle = sprintf('MySky - %s', $_POST['user']);
    include 'header.php';
    include 'login.php';
?>

<?php

print_r($_SESSION);

?>

<div id="logout"><a href="logout.php">Logout</a></div>

<?php include 'footer.php';?>

page1.php (one page of my domain)

<?php 
    session_start();
    $pageTitle = 'page1';
    include 'header.php';
?>

<?php

print_r($_SESSION);

?>

<div id="structure">

<?php include 'footer.php';?>

page2.php (another page)

<?php 
    session_start();
    $pageTitle = 'page2';
    include 'header.php';
?>

<?php

print_r($_SESSION);

?>

<div class="slides">

<?php include 'footer.php';?>

login.php (checking if credentials are correct & give value to session)

<?php

    include 'db_info.php';      
    $username = $password = $encrypted = $msg = '';

    //connect to db
    $conn = new mysqli($dbServer, $dbUser, $dbPass, $dbName) 
    or die($conn);

    //get values
    $username = $_POST['user'];
    $password = $_POST['pass'];

    //prevent mysql injection
    $username = stripcslashes($username);
    $password = stripcslashes($password);
    $username = mysqli_real_escape_string($conn, $username);
    $password = mysqli_real_escape_string($conn, $password);

    //encrypt pass
    $encrypted = md5($password);

    //search
    $sql = "SELECT * FROM users WHERE username = '$username' AND password = '$encrypted'";
    $result = mysqli_query($conn, $sql) or die("Failed to query database ".mysqli_error($conn));

    //compare
    $row = mysqli_fetch_array($result);
    if (($row['username'] == $username) && ($row['password'] == $encrypted)){
        $_SESSION['id'] = $row['id'];
        $_SESSION['user'] = $row['username'];
        $_SESSION['logged_in'] = time();
    } else {
        $msg = 'Credentials mismatch';
        header("Location: /mysky.php");
        die();
    }
    mysqli_close($conn);


?>

I used the function print_r() at all of the pages to understand if the problem is the session. Session is not the problem, because after log in every page shows the sessions var. So session keep the values after changing a page. I cannot undestand why i see login form in login page again rather to see successfull login page.

Any help is appreciated!

  • 点赞
  • 回答
  • 收藏
  • 复制链接分享

3条回答

为你推荐