尝试使用 session 进行常规身份验证和更新,但是当我单击链接时,即使是同一页面,它也只会闪烁“incorect id”,我必须刷新并重新登录,这意味着用户甚至无法更新自己的信息导航到其他页面。现在它在一个子域上,而不是我进行开发测试时的完整域,所以也许这就是问题所在,但我想我想看看是否有敏锐的眼睛能发现问题。
session 是通过每个页面顶部的包含处理的,如下所示
<?php // accesscontrol.php
include_once 'common.php';
include_once 'db.php';
include_once 'messages.php';
session_start();
$uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];
$id = $_SESSION['id'];
if(!isset($uid)) {
?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> Please Log In for Access </title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1> Login Required </h1>
<p>You must log in to access this area of the site. If you are
not a registered user, <a href="signup.php">click here</a>
to sign up for instant access!</p>
<p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
User ID: <input type="text" name="uid" size="8" /><br />
Password: <input type="password" name="pwd" SIZE="8" /><br />
<input type="submit" value="Log in" />
</form></p>
</body>
</html>
<?php
exit;
}
$_SESSION['id'] = $id;
$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;
$link = dbConnect('db_name');
$sql = "SELECT * FROM Users WHERE
LOWER(username) = '".mysqli_real_escape_string($link, strtolower($_POST[uid]))."' AND password = '".mysqli_real_escape_string($link, strtolower($_POST[pwd]))."'";
$result = mysqli_query($link, $sql);
if (!$result) {
error('A database error occurred while checking your '.
'login details.\nIfhis error persists, please '.
'contact '.$adminemail.'.');
}
if (mysqli_num_rows($result) == 0) {
unset($_SESSION['id']);
unset($_SESSION['uid']);
unset($_SESSION['pwd']);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> Access Denied </title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1> Access Denied </h1>
<p>Your user ID or password is incorrect, or you are not a
registered user on this site. To try logging in again, click
<a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
access, click <a href="<?=$signuppage?>">here</a>.</p>
</body>
</html>
<?php
exit;
}
$row = mysqli_fetch_array($result);
$First_Name = $row['First_Name'];
$Middle_Name = $row['Middle_Name'];
$Last_Name = $row['Last_Name'];
$email = $row['email'];
$notes = $row['notes'];
$id = $row['ID'];
托管分页格式类似于
<?php include 'includes/accesscontrol.php'; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> Members-Only Page </title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" href="includes/pwmeter.css" />
<link rel="stylesheet" href="includes/topnav.css" />
</head>
<body>
<?include('includes/nav_top_member.php');?>
<p>Welcome, <?=$username?>! You have entered a members-only area
of the site. Don't you feel special?</p>
最佳答案
查询正在使用 $_POST['uid'] 和 $_POST['pwd']。如果用户已经登录,则需要使用 session 变量,而不是 POST 参数。这是在 $uid 和 $pwd 中,您在脚本顶部设置的。
$sql = "SELECT * FROM Users
WHERE LOWER(username) = '".mysqli_real_escape_string($link, strtolower($uid))."'
AND password = '".mysqli_real_escape_string($link, strtolower($pwd))."'";
您应该学习使用准备好的查询和 mysqli_bind_param() 而不是转义和连接。并且您不应该在数据库中存储明文密码,或者在匹配密码时忽略大小写。
关于javascript - session 不要跨页面保留,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43904047/