无法让 $_SESSION['user'] 显示/会话未实际记录?

Can't get $_SESSION['user'] to show / session not actually recorded?

首先我要说的是,我对 PHP 还很陌生,我会尽力而为。

我四处寻找解决方案,但由于有类似的问题/答案,我无法解决我的问题。

我有一个相当简单的登录屏幕/检查为 login.php 和一个 secure.php(将在我的 post 末尾显示这两个文件)用户被重定向到什么时候用户名和密码与数据库匹配。

当您在填写正确 user/pass 的同时按下登录按钮时,没有任何反应,因为登录的会话显然是错误的,它一直在循环 login.php。

其余的如未填写所有表格、错误通过或用户通知都正常工作,所以没有错。

那么,如何让我的会话为 TRUE 并在 secure.php 上显示登录的用户名?

Login.php :

<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="login screen" content="">
<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
<title>TEST</title>
<link rel="stylesheet" href="css/style.css">

<?php

session_start();

if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
    if (isset($_POST['username']) && trim($_POST['username']) != '' && 
        isset($_POST['password']) && trim($_POST['password']) != '')
    {
        try 
        {
            $maxAttempts = 4;
            $attemptsTime = 10;

            $db = new PDO('mysql:host=localhost;dbname=users', 'root', '');
            $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

            $checkUsers = 
                "SELECT 
                    user_id
                FROM
                    users
                WHERE
                    username = :username
                AND
                    password = :password";
            $userStmt = $db->prepare($checkUsers);
            $userStmt->execute(array(
                                ':username' => $_POST['username'],
                                ':password' => $_POST['password'])
                                );
            $user = $userStmt->fetchAll();

            $checkTries =
                "SELECT
                    username
                FROM
                    loginfail
                WHERE
                    DateAndTime >= NOW() - INTERVAL :attemptsTime MINUTE
                AND
                    username = :username    
                GROUP BY
                    username, IP
                HAVING
                    (COUNT(username) = :maxAttempts)";
            $triesStmt = $db->prepare($checkTries);
            $triesStmt->execute(array(
                                ':username' => $_POST['username'],
                                ':attemptsTime' => $attemptsTime,
                                ':maxAttempts' => $maxAttempts
                                ));
            $tries = $triesStmt->fetchAll();

            if (count($user) == 1 && count($tries) == 0)
            {
                $_SESSION['user'] = array('user_id' => $user[0]['user_id'], 'IP' => $_SERVER['REMOTE_ADDR']);
                header('Location: secure.php');
                die;
            }
            else
            {
                $insertTry = 
                    "INSERT INTO
                        loginfail
                            (username, 
                            IP,
                            dateAndTime)
                    VALUES
                        (:username,
                        :IP,
                        NOW())";
                $insertStmt = $db->prepare($insertTry);
                $insertStmt->execute(array(
                                        ':username' => $_POST['username'],
                                        ':IP' => $_SERVER['REMOTE_ADDR']
                                        ));
                if(count($tries) > 0)
                {
                    header('Refresh: 3; url=login.php');
                    $message = 'To many login tries, try again in a couple of minutes.';
                }
                else
                {
                    header('Refresh: 3; url=login.php');
                    $message = 'Username or password not correct.';
                }
            }
        }
        catch (PDOException $e)
        {
            $message = $e->getMessage();
        }
        $db = NULL;
    }
    else
    {
        header('Refresh: 3; url=login.php');
        $message = 'Please fill in all required fields.';
    }
}
?>

<body>

    <?php
        if (isset($message))
        {
            echo $message;
        }
    ?>

    <form method="post" action="login.php" class="login">

    <p>
        <label for="username">User:</label>
        <input type="text" name="username" id="username">
    </p>

    <p>
        <label for="password">Password:</label>
        <input type="password" name="password" id="password">
    </p>

    <p class="login-submit">
        <button type="submit" class="login-button">Login</button>
    </p>

    </form>

</body>

Secure.php :

<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="secure" content="">
<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
<title>Secure</title>
<link rel="stylesheet" href="css/style.css">

<?php 

session_start(); 

if(!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] == false) 
{ 
    header('Location: login.php'); 
    exit(); 
}  
echo 'Welcome '.$_SESSION['user'].' and thanks for logging in.</center>'; 
?>

session_start();必须在所有输出之前

<?php session_start(); ?>    

<meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="login screen" content="">
    <meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
    <title>TEST</title>
    <link rel="stylesheet" href="css/style.css">

您没有设置 $_SESSION['logged_in']。所以在 secure.php 中它将重定向回 login.php。在重定向之前将 $_SESSION['logged_in'] 设置为 true,它将起作用

你要看两点: - "session_start" 放在哪里 - 你如何保存你的文件

您必须在发送任何字节之前启动会话。 因此,"session_start()" 应该放在文件的开头。 在开始 SESSION 的 PHP 代码之前,不能有 HTML 代码、空格或 "intros"。

也看看你是如何保存文件的。 "UTF-8" 与 "UTF-8 without BOM" 不同。 对于第一种类型,您的 SESSION 将不起作用。

你没有 $_SESSION["logged_in"] ....你有 $_SESSION['user']

试试这个:

if(!isset($_SESSION['user']) || $_SESSION['user'] == false){ 
  header('Location: login.php'); 
   exit(); 
 } 
   echo 'Welcome '.$_SESSION['user'].' and thanks for logging in.</center>';