duanlanzhi5509 2012-05-12 05:18
浏览 63
已采纳

PHP表单/ Cookies,需要刷新页面才能看到变化

Excuse the poor title...

I'm trying to write a basic form for a login script. The user enters a username and password and presses "login". The action assigned to the form is just to refresh the same page. The page has code that checks for the username and password in $_POST and if they are there, checks credentials, creates a session ID and sets a cookie. If the login succeeds, the login section of the page should no longer be displayed.

The problem I'm having is that after I hit login, it seems like the cookie doesn't get written fast enough or something, because the subsequent read from that cookie fails. If I manually refresh my page immediately however, it has in fact successfully logged in.

// Login function, MD5 hashing would be replaced with something better
// if this were something mission critical, but as it stands I'm only
// using this as a learning tool
function login($username, $password) 
{

    $username = addslashes($username);
    $password = md5($password);
    $query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");

    if(mysql_num_rows($query) == 1) 
    {
        $info = mysql_fetch_array($query);
        $userid = $info[uid];
        $sessionid = md5($userid . time());
        $time = time();
        setcookie ("testcookie", $sessionid, $time+3600, '/', '');
        mysql_query("DELETE FROM sessions WHERE uid='$userid'");
        mysql_query("INSERT INTO sessions (sessionid,uid,timestamp) VALUES('$sessionid','$userid','$time')");
        return $userid;
    } 
    else 
    {
        return 0;
    }
}







// Check the cookie and return the userid

function status() 
    {

        $sessionid = $_COOKIE[nojunkcontest];
        $oldtime = time() - 3600;
        $query = mysql_query("SELECT * FROM sessions WHERE sessionid='$sessionid' AND timestamp>$oldtime");


        if(mysql_num_rows($query) == 1) 
        {
            $info = mysql_fetch_array($query);
            return $info[uid];
        }

        return 0;
    }





// Check whether to attempt login, get userid either way

if($_POST[username] !='' || $_POST[password] != '') 
{
    $login_status = login($_POST[username], $_POST[password]);
} 

else if($_GET[logout]) 
{
    logout();
}

unset($userid); 
$userid = status();





// This is in the body of the document...

<?php
if($userid > 0) 
{ 
echo "Logged in  (<a href='?logout=1'>Logout</a>)"; 
} 

else 
{

if($login_status != '' && $login_status == 0) 
{ 
    echo "Invalid username/password combo.<br>"; 
}

?>

<form action = 'index.php' method ='post'>
<table border = '0' cellspacing = '5'>
<tr>
    <td>Username</td>
    <td><input type = 'text' name = 'username'></td>

    <td>Password</td>
    <td><input type = 'password' name = 'password'></td>

    <td><input type = 'submit' name = 'submit' value = 'Login'></td>
</tr>
</table>
</form>

As you can see, the form action is "index.php" which is the same page where all this code resides, so it just performs a refresh. The status() function returns 0 on this refresh though, but if I refresh manually afterwards, it succeeds, which leads me to believe it's the $_COOKIE call that is failing. The login() function which I didn't include writes the cookie that status() reads from. So everything is working in that department, it's just this annoying refresh thing I can't figure out.

Any help would be appreciated, thanks.

  • 写回答

1条回答 默认 最新

  • dongou1970 2012-05-12 11:00
    关注

    As you stated that you are just experimenting and it doesn't have to be secure:

    The problem with your cookie is that a cookie is set after execution and delivery to the user is done. This is why you cannot read the cookie a few lines after you set it in the same script.

    But as others in the comments already suggested, never use a cookie for this, use sessions.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 matlab图像高斯低通滤波
  • ¥15 针对曲面部件的制孔路径规划,大家有什么思路吗
  • ¥15 钢筋实图交点识别,机器视觉代码
  • ¥15 如何在Linux系统中,但是在window系统上idea里面可以正常运行?(相关搜索:jar包)
  • ¥50 400g qsfp 光模块iphy方案
  • ¥15 两块ADC0804用proteus仿真时,出现异常
  • ¥15 关于风控系统,如何去选择
  • ¥15 这款软件是什么?需要能满足我的需求
  • ¥15 SpringSecurityOauth2登陆前后request不一致
  • ¥15 禅道二次开发编辑版本,上传不了发行包