0
我现在正在靠墙敲打我的头。我一直在摆弄这个小时,而我似乎无法弄清楚。
当我从一个页面导航到另一个页面时,我的会话数据未保存。我已经在WAMP中设置了它,顺便说一句。
正在保存cookie,会话数据仅在每个脚本的开头重置时才有效。我不太确定这里要做什么。这可能是荒谬的愚蠢,但任何输入是非常感激。
我的登录脚本:
<?php
include('../partials/_header.php');
include('includes/connectvars.php');
if(!isset($_SESSION['id'])) { //logged in?
if(isset($_POST['submit'])) { // form submitted?
if(!empty($_POST['email']) && !empty($_POST['password'])) { /* Check to make sure post isn't empty in case of JS override/disable */
$email = mysqli_real_escape_string($dbc, trim($_POST['email']));
$password = sha1(mysqli_real_escape_string($dbc, trim($_POST['password'])));
/* query DB */
$query = "SELECT * FROM users WHERE email = '$email' AND password = '$password'";
$result = mysqli_query($dbc, $query) or die ("There was an error with your mySQL query:" . mysqli_error($dbc));
if(mysqli_num_rows($result)==1) { /* Check that matching row exists in users for login */
$row = mysqli_fetch_array($result);
$_SESSION['id'] = $row['id']; // set the session info
$_SESSION['type'] = $row['type'];
$_SESSION['name'] = $row['f_name'];
setcookie('id', $row['id'], time()+ (60*60*24*30));
setcookie('type', $row['type'], time()+ (60*60*24*30));
setcookie('name', $row['f_name'], time()+ (60*60*24*30));
$home_url = '/'; //redirect not working with $_SERVER variable in WAMP. keep an eye for the future
header('Location: '.$home_url);
mysqli_close($dbc);
} else { /* if no match in database ask to resubmit login info or register */?>
<script type="text/javascript" src="../js/jquery.validate.js"></script>
<script>
$(document).ready(function(){
$("#login_form").validate();
});
</script>
<div class="span-24 colborder">
<form id="login_form" action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<label class="error">Your email and/or password are incorrect. </label><br />
<label class="error">If you haven't already signed up, feel free to <a href="user_registration.php" > register</a> </label><br />
<input type="text" name="email" id="email" value="" class="email required" placeholder="[email protected]"/> <br />
<input type="password" name="password" id="password" class="required" value="" /> <br />
<input type="submit" name="submit" value="Login" />
</form>
</div>
<?php
}/* end conditional to check $rows array for username pw match */
} /* end conditional to check that form isn't blank */
else { /* If form is blank ask to resubmit or register */?>
<script type="text/javascript" src="../js/jquery.validate.js"></script>
<script>
$(document).ready(function(){
$("#login_form").validate();
});
</script>
<div class="span-24 colborder">
<form id="login_form" action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<label class="error">You must enter your email and password if you wish to continue.</label><br />
<input type="text" name="email" id="email" value="" class="email required" placeholder="[email protected]"/> <br />
<input type="password" name="password" id="password" class="required" value="" /> <br />
<input type="submit" name="submit" value="Login" />
</form>
</div>
<?php
} // end else to resubmit in case of blank form
} /* end check if form has been submitted */ else{ /* prompt for login if page visited but login form not submitted */ ?>
<script type="text/javascript" src="../js/jquery.validate.js"></script>
<script>
$(document).ready(function(){
$("#login_form").validate();
});
</script>
<div class="span-24 colborder">
<form id="login_form" action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<label class="error">You must be logged in to do that!.</label><br />
<input type="text" name="email" id="email" value="" class="email required" placeholder="[email protected]"/> <br />
<input type="password" name="password" id="password" class="required" value="" /> <br />
<input type="submit" name="submit" value="Login" />
</form>
</div>
<?php
}
} /* end check if cookie isset */ else { //redirect if cookies & session is already set
$home_url = '/';
header('Location: '.$home_url);
}
?>
<?php include('partials/_footer.php'); ?>
这是我的报头(其包括如果饼干isset该组会话变量)
<?php //set session if isset cookie but not session
session_start();
if(!isset($_SESSION['id'])) {
if(isset($_COOKIE['id']) && isset($_COOKIE['name']) && isset($_COOKIE['type'])) {
$_SESSION['id'] = $_COOKIE['id'];
$_SESSION['name'] = $_COOKIE['name'];
$_SESSION['type'] = $_COOKIE['type'];
}
} //end if !isset session verify
?>
并且取决于他们的会话ID的菜单输出的一个例子:
<?php
if(isset($_SESSION['type']) && $_SESSION['type'] == "rnr") { //start special runner menu options
?>
<ul class="main_menu">
<li id="how_it_works" class="main_menu"><a class="main_menu" href="/user/bid_task.php">Bid on a task</a></li>
<li id="our_runners" class="main_menu"><a class="main_menu" href="/our_runners.php">Our Runners</a></li>
<li id="login" class="main_menu"><a class="main_menu" href="/user/my_account.php">My account</a></li>
<li id="register" class="main_menu"><a class="main_menu" href="/user/logout.php">Logout</a></li>
</ul>
<?php } /* end runner menu */ ?>
在此先感谢。
因此,任何人都可以在其cookie中指定'name = admin'并成为管理员? – zerkms 2012-08-10 03:43:17
编号名字就是他们的名字。 – user1589198 2012-08-10 03:47:38
好的。如何指定任意的ID?如果我在cookie中指定'id = 1',会怎么样? – zerkms 2012-08-10 03:48:52