duanbin198788 2015-12-04 14:10
浏览 39
已采纳

会话user_name无法启动或工作[关闭]

I am new to StackOverflow, so please inform me if i need to do some updates to my article.

My problem is that echo $row_settings['user_name']; or echo $_SESSION['user_name']; are responding. I have searched around for a while and cannot seem to find the problem.

Here is my DBC.php scripts

<?php

define ("DB_HOST", "fomo.no.mysql"); // set database host
define ("DB_USER", "fomo_no"); // set database user
define ("DB_PASS","******"); // set database password
define ("DB_NAME","fomo_no"); // set database name

$link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection.");
$db = mysql_select_db(DB_NAME, $link) or die("Couldn't select database");


$user_registration = 1;  // set 0 or 1

define("COOKIE_TIME_OUT", 10); //specify cookie timeout in days (default is 10 days)
define('SALT_LENGTH', 9); // salt for password

//define ("ADMIN_NAME", "admin"); // sp

/* Specify user levels */
define ("ADMIN_LEVEL", 5);
define ("USER_LEVEL", 1);
define ("GUEST_LEVEL", 0);


/**** PAGE PROTECT CODE  ********************************
This code protects pages to only logged in users. If users have not logged in then it will redirect to login page.
If you want to add a new page and want to login protect, COPY this from this to END marker.
Remember this code must be placed on very top of any html or php page.
 ********************************************************/

function page_protect() {
    session_start();
    $user = $_SESSION['user_name'];
    global $db;

    /* Secure against Session Hijacking by checking user agent */
    if (isset($_SESSION['HTTP_USER_AGENT']))
    {
        if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT']))
        {
            logout();
            exit;
        }
    }

// before we allow sessions, we need to check authentication key - ckey and ctime stored in database

    /* If session not set, check for cookies set by Remember me */
    if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name']) )
    {
        if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])){
            /* we double check cookie expiry time against stored in database */

            $cookie_user_id  = filter($_COOKIE['user_id']);
            $rs_ctime = mysql_query("select `ckey`,`ctime` from `users` where `id` ='$cookie_user_id'") or die(mysql_error());
            list($ckey,$ctime) = mysql_fetch_row($rs_ctime);
            // coookie expiry
            if( (time() - $ctime) > 60*60*24*COOKIE_TIME_OUT) {

                logout();
            }
            /* Security check with untrusted cookies - dont trust value stored in cookie.
            /* We also do authentication check of the `ckey` stored in cookie matches that stored in database during login*/

            if( !empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey)  ) {
                session_regenerate_id(); //against session fixation attacks.

                $_SESSION['user_id'] = $_COOKIE['user_id'];
                $_SESSION['user_name'] = $_COOKIE['user_name'];
                /* query user level from database instead of storing in cookies */
                list($user_level) = mysql_fetch_row(mysql_query("select user_level from users where id='$_SESSION[user_id]'"));

                $_SESSION['user_level'] = $user_level;
                $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);

            } else {
                logout();
            }

        } else {
            header("Location: login.php");
            exit();
        }
    }
}

function logout()
{
    global $db;
    session_start();

    $sess_user_id = strip_tags(mysql_real_escape_string($_SESSION['user_id']));
    $cook_user_id = strip_tags(mysql_real_escape_string($_COOKIE['user_id']));

    if(isset($sess_user_id) || isset($cook_user_id)) {
        mysql_query("update `users`
            set `ckey`= '', `ctime`= ''
            where `id`='$sess_user_id' OR  `id` = '$cook_user_id'") or die(mysql_error());
    }

    /************ Delete the sessions****************/
    unset($_SESSION['user_id']);
    unset($_SESSION['user_name']);
    unset($_SESSION['user_level']);
    unset($_SESSION['HTTP_USER_AGENT']);
    session_unset();
    session_destroy();

    /* Delete the cookies*******************/
    setcookie("user_id", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
    setcookie("user_name", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
    setcookie("user_key", '', time()-60*60*24*COOKIE_TIME_OUT, "/");

    header("Location: login.php");
}


?>

Is my codes wrong? It works to show other information from database just not by using $_SESSION['user_name']. It is just like session username has not started or something?

Many thanks for your time and help

  • 写回答

2条回答 默认 最新

  • down_load1117 2015-12-04 14:48
    关注

    1.) session_start() should be first line of your code in php, in any case session_start() must come before you attempt to check any session variable.

    2.) you placed session_start() inside a function, of which that function will not run until called. starting right below that function on this line

    if (isset($_SESSION['HTTP_USER_AGENT'])) you attempt to start checking session variables, however session_start() has not yet been started, because its inside a function you have not called. Thus all those $_SESSION checks your doing are probably all going to fail.

    3.) if your going to keep this structure, then simply add session_start() to first line of your code and take it out of the function.

    <?php session_start(); ----> rest of your code.

    After that change you still need to call page_protect() somewhere, your code doesnt show the function being called anyways.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 素材场景中光线烘焙后灯光失效
  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 保护模式-系统加载-段寄存器