php - 用户在 PHP 中注销后第二次无法在 SESSION 中存储值

标签 php mysql session

我有一个用于用户登录的登录脚本。用户信息存储在MYSQL数据库中。当我第一次登录时,它将信息存储在 session 中并显示欢迎消息。但是当我注销并尝试再次登录时,尽管已登录,但 session 数组显示为空。

这是我的代码:

reservation.php

<?php
session_start(); 
require_once("./includes/config_db.php");
$error1=array();
if(isset($_POST['submit'])){

    if (preg_match ('%^[A-Za-z0-9]{4,8}$%', stripslashes(trim($_POST['user_id'])))) {
        $e = escape_data($_POST['user_id']);
    } else {
        $e = FALSE;
        $error1['user_id']="UserID Required!";
    }

    if (preg_match ('%^[A-Za-z0-9]{8,}$%', stripslashes(trim($_POST['password'])))) {
        $p = escape_data($_POST['password']);
    } else {
        $p = FALSE;
        $error1['password']="Password Required!";
    }


    if($e && $p){
        $query="SELECT * FROM users WHERE(user_id='$e' AND password=SHA('$p')) AND active='NULL'";
        $results=mysql_query($query);
        if(mysql_affected_rows() == 1){
            $row=mysql_fetch_array($results, MYSQL_NUM);
            mysql_free_result($results);
            $_SESSION['name']=$row[0];
            $_SESSION['department']=$row[1];
            $_SESSION['email']=$row[2];
            $_SESSION['user_id']=$row[4];
            $_SESSION['phone']=$row[5];
            $_SESSION['pre']=$row[8];

            //create second token
            $tokenid=rand(10000,9999999);
            $query2="UPDATE r_users SET token='$tokenid' WHERE user_id='$_SESSION[user_id]'";
            $result2=mysql_query($query2);
            $_SESSION['tokenid']=$tokenid;
            session_regenerate_id();
            mysql_close();
            header("Location:local.php");
            exit();

        }else
        {
            $error1['active']="Either your Account is inactive or Email/Password is incorrect";
             mysql_close();
        }
    }
 }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Reservation System</title>
<!--Link to external files-->
<link rel="stylesheet" type="text/css" href="css/reservation.css"></link>

</head>

<body class="body">
    <div id="mainHeader">
        <?php include('includes/ers_header.php'); ?>
    </div>
    <div id="content">  
    </div>
    <div id="navigation">
    <?php include('includes/ers_nav.php');?>
    <h3>Member Login</h3>
<form id="login" action="reservation.php" method="post">
<?php if(!empty($error1['active'])) echo '<p><font color="red">'.$error1['active'].'</font></p>'; ?>
<label for="userid">User ID:</label>
<input type="text" name="user_id" <?php  if (!empty($error1['user_id'])){ echo 'value="'.htmlentities($_POST['user_id']).'"';} ?>  autofocus />
<?php  if (!empty($error1['user_id'])){ echo '<p><font color="red">'.$error1['user_id'].'</font></p>';} ?>
<label for="password">Password:</label>
<input type="password" name="password" />
<?php  if (!empty($error1['password'])){ echo '<p><font color="red">'.$error1['password'].'</font></p>';} ?>
<button class="submit" name="submit" type="submit">Login</button>
</form
    </div>
</body>
</html>

ers_header.php:

<h1>XXXXXXXXXX</h1>
<h2>YYYYYYYYYYY</h2>
<h2>ZZZZZZZZZZZZ</h2>
<?php
    require_once("./includes/config_db.php");
    if(isset($_SESSION['name'])){
        $sql="SELECT token FROM users WHERE(user_id='$_SESSION[user_id]')";
        $result=mysql_query($sql);

        if (mysql_affected_rows() == 1) { // A match was made.
            $row = mysql_fetch_array ($result, MYSQL_NUM);
            mysql_free_result($result);
            mysql_close(); // Close the database connection.

            if($_SESSION['tokenid'] == $row[0]){
                echo '<p>Welcome';
                echo "&nbsp;{$_SESSION['name']}";
                $loggedin=1;
            }else{
                $loggedin=0;
            }
        }
    }

      if(isset($_SESSION['user_id']) AND (substr($_SERVER['PHP_SELF'] AND $loggedin,-10)!='logout.php')){
      echo'&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="logout.php">Logout</a>';
      echo'</p>';
      }
?>

logout.php

<?php
   session_start();
   require_once("./includes/config_db.php");

   if ( !isset( $_SESSION['name'] ) ) {
       header("Location: reservation.php");
       exit(); 
   } else { 
       $_SESSION = array(); // Destroy the variables.
       session_destroy(); // Destroy the session itself.
       setcookie( session_name(), ", time()-300, '/', ", 0 ); // Destroy the cookie.
       header("Location:reservation.php");
   }

不知道是什么问题。我已经尝试了很多,但找不到。请任何人找出我的错误。

最佳答案

你真的应该只需要取消设置 $_SESSION 数组,而不是破坏 session 和 cookie 数据,尝试删除这些行,但是:

mysql_affected_rows 应该是 mysql_num_rows

这行代码也是不正确的:

$query2="UPDATE r_users SET token='$tokenid' WHERE user_id='$_SESSION[user_id]'";

$_SESSION[user_id] 应该是 $_SESSION["user_id"] 并且您应该将其包装在 {} 中。 PHP 可能会对此发出警告。

这行代码很奇怪:

if(isset($_SESSION['user_id']) AND (substr($_SERVER['PHP_SELF'] AND $loggedin,-10)!='logout.php')

$loggedin,-10 真的应该在 substr 中吗?

关于php - 用户在 PHP 中注销后第二次无法在 SESSION 中存储值,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18866076/

上一篇:mysql - Django Admin 外键从单个 SQL 查询中下拉

下一篇:MySQL Order By 备用值

相关文章:

php - 根据另一个值更新最小值 - MySql

mysql - 如何在 MySQL 中将 "MONTHNAME()"函数设置为列默认值?

python - 每 x 分钟运行一次 python 作业

asp.net - 如何获取asp.net下拉列表的选定值并将其存储在 session 变量中?

php - 如何更改 session 数组变量值

Javascript 等价于 PHP Explode()

php - MySQL 按另一个表的计数排序

从数据库表中解析 PHP SQL 数据给出错误 `Trying to get property of non-object`

php - 从数据库中选择以定义符号开头的记录

python - SQLAlchemy:如何将作用域 session 绑定(bind)到请求

©2024 IT工具网  联系我们