无法让 $_SESSION['user'] 显示/会话未实际记录?
Can't get $_SESSION['user'] to show / session not actually recorded?
首先我要说的是,我对 PHP 还很陌生,我会尽力而为。
我四处寻找解决方案,但由于有类似的问题/答案,我无法解决我的问题。
我有一个相当简单的登录屏幕/检查为 login.php 和一个 secure.php(将在我的 post 末尾显示这两个文件)用户被重定向到什么时候用户名和密码与数据库匹配。
当您在填写正确 user/pass 的同时按下登录按钮时,没有任何反应,因为登录的会话显然是错误的,它一直在循环 login.php。
其余的如未填写所有表格、错误通过或用户通知都正常工作,所以没有错。
那么,如何让我的会话为 TRUE 并在 secure.php 上显示登录的用户名?
Login.php :
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="login screen" content="">
<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
<title>TEST</title>
<link rel="stylesheet" href="css/style.css">
<?php
session_start();
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
if (isset($_POST['username']) && trim($_POST['username']) != '' &&
isset($_POST['password']) && trim($_POST['password']) != '')
{
try
{
$maxAttempts = 4;
$attemptsTime = 10;
$db = new PDO('mysql:host=localhost;dbname=users', 'root', '');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$checkUsers =
"SELECT
user_id
FROM
users
WHERE
username = :username
AND
password = :password";
$userStmt = $db->prepare($checkUsers);
$userStmt->execute(array(
':username' => $_POST['username'],
':password' => $_POST['password'])
);
$user = $userStmt->fetchAll();
$checkTries =
"SELECT
username
FROM
loginfail
WHERE
DateAndTime >= NOW() - INTERVAL :attemptsTime MINUTE
AND
username = :username
GROUP BY
username, IP
HAVING
(COUNT(username) = :maxAttempts)";
$triesStmt = $db->prepare($checkTries);
$triesStmt->execute(array(
':username' => $_POST['username'],
':attemptsTime' => $attemptsTime,
':maxAttempts' => $maxAttempts
));
$tries = $triesStmt->fetchAll();
if (count($user) == 1 && count($tries) == 0)
{
$_SESSION['user'] = array('user_id' => $user[0]['user_id'], 'IP' => $_SERVER['REMOTE_ADDR']);
header('Location: secure.php');
die;
}
else
{
$insertTry =
"INSERT INTO
loginfail
(username,
IP,
dateAndTime)
VALUES
(:username,
:IP,
NOW())";
$insertStmt = $db->prepare($insertTry);
$insertStmt->execute(array(
':username' => $_POST['username'],
':IP' => $_SERVER['REMOTE_ADDR']
));
if(count($tries) > 0)
{
header('Refresh: 3; url=login.php');
$message = 'To many login tries, try again in a couple of minutes.';
}
else
{
header('Refresh: 3; url=login.php');
$message = 'Username or password not correct.';
}
}
}
catch (PDOException $e)
{
$message = $e->getMessage();
}
$db = NULL;
}
else
{
header('Refresh: 3; url=login.php');
$message = 'Please fill in all required fields.';
}
}
?>
<body>
<?php
if (isset($message))
{
echo $message;
}
?>
<form method="post" action="login.php" class="login">
<p>
<label for="username">User:</label>
<input type="text" name="username" id="username">
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password">
</p>
<p class="login-submit">
<button type="submit" class="login-button">Login</button>
</p>
</form>
</body>
Secure.php :
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="secure" content="">
<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
<title>Secure</title>
<link rel="stylesheet" href="css/style.css">
<?php
session_start();
if(!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] == false)
{
header('Location: login.php');
exit();
}
echo 'Welcome '.$_SESSION['user'].' and thanks for logging in.</center>';
?>
session_start();必须在所有输出之前
<?php session_start(); ?>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="login screen" content="">
<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
<title>TEST</title>
<link rel="stylesheet" href="css/style.css">
您没有设置 $_SESSION['logged_in']
。所以在 secure.php 中它将重定向回 login.php。在重定向之前将 $_SESSION['logged_in']
设置为 true,它将起作用
你要看两点:
- "session_start" 放在哪里
- 你如何保存你的文件
您必须在发送任何字节之前启动会话。
因此,"session_start()" 应该放在文件的开头。
在开始 SESSION 的 PHP 代码之前,不能有 HTML 代码、空格或 "intros"。
也看看你是如何保存文件的。
"UTF-8" 与 "UTF-8 without BOM" 不同。
对于第一种类型,您的 SESSION 将不起作用。
你没有 $_SESSION["logged_in"]
....你有 $_SESSION['user']
试试这个:
if(!isset($_SESSION['user']) || $_SESSION['user'] == false){
header('Location: login.php');
exit();
}
echo 'Welcome '.$_SESSION['user'].' and thanks for logging in.</center>';
首先我要说的是,我对 PHP 还很陌生,我会尽力而为。
我四处寻找解决方案,但由于有类似的问题/答案,我无法解决我的问题。
我有一个相当简单的登录屏幕/检查为 login.php 和一个 secure.php(将在我的 post 末尾显示这两个文件)用户被重定向到什么时候用户名和密码与数据库匹配。
当您在填写正确 user/pass 的同时按下登录按钮时,没有任何反应,因为登录的会话显然是错误的,它一直在循环 login.php。
其余的如未填写所有表格、错误通过或用户通知都正常工作,所以没有错。
那么,如何让我的会话为 TRUE 并在 secure.php 上显示登录的用户名?
Login.php :
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="login screen" content="">
<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
<title>TEST</title>
<link rel="stylesheet" href="css/style.css">
<?php
session_start();
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
if (isset($_POST['username']) && trim($_POST['username']) != '' &&
isset($_POST['password']) && trim($_POST['password']) != '')
{
try
{
$maxAttempts = 4;
$attemptsTime = 10;
$db = new PDO('mysql:host=localhost;dbname=users', 'root', '');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$checkUsers =
"SELECT
user_id
FROM
users
WHERE
username = :username
AND
password = :password";
$userStmt = $db->prepare($checkUsers);
$userStmt->execute(array(
':username' => $_POST['username'],
':password' => $_POST['password'])
);
$user = $userStmt->fetchAll();
$checkTries =
"SELECT
username
FROM
loginfail
WHERE
DateAndTime >= NOW() - INTERVAL :attemptsTime MINUTE
AND
username = :username
GROUP BY
username, IP
HAVING
(COUNT(username) = :maxAttempts)";
$triesStmt = $db->prepare($checkTries);
$triesStmt->execute(array(
':username' => $_POST['username'],
':attemptsTime' => $attemptsTime,
':maxAttempts' => $maxAttempts
));
$tries = $triesStmt->fetchAll();
if (count($user) == 1 && count($tries) == 0)
{
$_SESSION['user'] = array('user_id' => $user[0]['user_id'], 'IP' => $_SERVER['REMOTE_ADDR']);
header('Location: secure.php');
die;
}
else
{
$insertTry =
"INSERT INTO
loginfail
(username,
IP,
dateAndTime)
VALUES
(:username,
:IP,
NOW())";
$insertStmt = $db->prepare($insertTry);
$insertStmt->execute(array(
':username' => $_POST['username'],
':IP' => $_SERVER['REMOTE_ADDR']
));
if(count($tries) > 0)
{
header('Refresh: 3; url=login.php');
$message = 'To many login tries, try again in a couple of minutes.';
}
else
{
header('Refresh: 3; url=login.php');
$message = 'Username or password not correct.';
}
}
}
catch (PDOException $e)
{
$message = $e->getMessage();
}
$db = NULL;
}
else
{
header('Refresh: 3; url=login.php');
$message = 'Please fill in all required fields.';
}
}
?>
<body>
<?php
if (isset($message))
{
echo $message;
}
?>
<form method="post" action="login.php" class="login">
<p>
<label for="username">User:</label>
<input type="text" name="username" id="username">
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password">
</p>
<p class="login-submit">
<button type="submit" class="login-button">Login</button>
</p>
</form>
</body>
Secure.php :
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="secure" content="">
<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
<title>Secure</title>
<link rel="stylesheet" href="css/style.css">
<?php
session_start();
if(!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] == false)
{
header('Location: login.php');
exit();
}
echo 'Welcome '.$_SESSION['user'].' and thanks for logging in.</center>';
?>
session_start();必须在所有输出之前
<?php session_start(); ?>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="login screen" content="">
<meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
<title>TEST</title>
<link rel="stylesheet" href="css/style.css">
您没有设置 $_SESSION['logged_in']
。所以在 secure.php 中它将重定向回 login.php。在重定向之前将 $_SESSION['logged_in']
设置为 true,它将起作用
你要看两点: - "session_start" 放在哪里 - 你如何保存你的文件
您必须在发送任何字节之前启动会话。 因此,"session_start()" 应该放在文件的开头。 在开始 SESSION 的 PHP 代码之前,不能有 HTML 代码、空格或 "intros"。
也看看你是如何保存文件的。 "UTF-8" 与 "UTF-8 without BOM" 不同。 对于第一种类型,您的 SESSION 将不起作用。
你没有 $_SESSION["logged_in"]
....你有 $_SESSION['user']
试试这个:
if(!isset($_SESSION['user']) || $_SESSION['user'] == false){
header('Location: login.php');
exit();
}
echo 'Welcome '.$_SESSION['user'].' and thanks for logging in.</center>';