1. 首頁
  2. 問答
  3. 不同環境下的PHP會話問題

不同環境下的PHP會話問題

2013-03-23 22 views
0

我通過會話傳遞用戶變量。它在本地主機上正常工作,但一旦在Web服務器上出現奇怪的事情。不同環境下的PHP會話問題

登錄後,會話變量的工作原理應該是......直到您點擊三頁左右,並突然出現POOF!

注意「Welcome, jordan.」而不是「Welcome, .」也是左上角。

會議功能: http://imageshack.us/photo/my-images/32/loggedins.png/

會議噗! http://imageshack.us/photo/my-images/515/loggedinno.png/

登錄/創建會話變量代碼:

<?php 
     include_once 'gtheader.php'; 
     if (!isset($_SESSION['user'])) 
     { 
     if (isset($_POST['user'])) 
     { 
     $user = sanitizeString($_POST['user']); 
     $pass = sanitizeString($_POST['pass']); 
     if (preg_match($txtMatch,$user)) 
     { 
     if ($user == "" || $pass == "") 
     { 
     $error = "Please enter all required fields"; 
     } 
     else 
     { 
     $query = "SELECT * FROM gtmembers WHERE user='$user'"; 
     $result = queryMysql($query); 
     $rank = mysql_result($result, 0, 'rank'); 
     if (!mysql_num_rows($result)) 
     { 
     $error = "Username does not exist."; 
     } 
     else 
     { 
     $getPass = mysql_result($result, 0, 'pass'); 
     $salt = substr($getPass, 0, 64); 
     $hash = $salt . $pass; 
     for ($i = 0; $i < 100000; $i++) 
     { 
     $hash = hash('sha256', $hash); 
     } 
     $hash = $salt . $hash; 
     if ($hash == $getPass) 
     { 
     if ($rank != "Banned") 
     { 
     $userLow = strtolower($user); 
     $_SESSION['user'] = $userLow; 
     $_SESSION['rank'] = $rank; 
     echo <<<_END 
     <script type="text/javascript"> 
     window.location.href='index.php'; 
     </script> 
     _END; 
     echo "Successfully logged in. Click <a href='index.php'>here</a> to continue."; 
     }

部首代碼:

 <?php //gtheader.php 
     session_start(); 
     include_once 'gtfunctions.php'; 
     $loggedIn = FALSE; 

     if (isset($_SESSION['user'])) 
     { 
     $user = $_SESSION['user']; 
     if ($user) echo "Current User: $user<br />"; 
     else echo "Current User: None<br />"; 
     $rank = $_SESSION['rank']; 
     $loggedIn = TRUE; 
     echo "is set SESSION['user']? Yes"; 
     } 
     else echo "is set SESSION['user']? No"; 

     echo "<div id='header'><a class='header' href='index.php'> <h1 id='headerTitle'>$appname</h1></a>"; 
     if ($loggedIn == TRUE) 
     { 
     $query = "SELECT * FROM gtmessages WHERE recip='$user' AND status='0'"; 
     $result = queryMysql($query); 
     if (mysql_num_rows($result) == 0) $num = ""; 
     else $num = "[".mysql_num_rows($result)."]"; 
     if ($rank == 'Owner' || $rank == 'Admin') 
     { 
     echo "Welcome, <a class='header' href='gtmembers.php?view=$user'>$user</a><a  class='header' href='gtmessage.php'>$num</a>. [<a class='header'  href='gtlogout.php'>Logout</a>] | <a class='header' href='gtadmin.php'>Admin</a><br />"; 
     } 
     else 
     { 
     echo "Welcome, <a class='header' href='gtmembers.php?view=$user'>$user</a><a  class='header' href='gtmessage.php'>$num</a>. [<a class='header'  href='gtlogout.php'>Logout</a>]<br />"; 
     } 
     } 
?>

來源

2013-03-23 user2058050

+0

有沒有可能成爲hostgator的機會?此代碼通過print_r($ _ SESSION)在頭文件檢查會話中與1&1 – user2058050 2013-03-23 01:20:57

+1

一起工作,因此您可以看到所有值都將到或不在。 – Napster 2013-03-23 04:25:11

+0

您的計算機和其他服務器上的PHP版本是什麼? – 2013-03-23 09:41:52

回答

1

isset()函數將用於即使數組爲空數組返回true。

您應該使用!empty()來代替。

更新 還要確保服務器配置爲以相同的方式存儲變量。

更新2

<?php 
      error_reporting(E_ALL); 
      ini_set("display_errors", 1); 
    include_once 'gtheader.php'; 
    if (empty($_SESSION['user'])){ 
     if (!empty($_POST['user'])){ 
      $user = sanitizeString($_POST['user']); 
      $pass = sanitizeString($_POST['pass']); 
      if (preg_match($txtMatch,$user)){ 
       if (empty($user) || empty($pass)){ 
        $error = "Please enter all required fields"; 
       }else{ 
        $query = "SELECT * FROM gtmembers WHERE user='".mysql_real_escape_string($user)."'"; 
        $result = queryMysql($query); 
        $rank = mysql_result($result, 0, 'rank'); 
       } 
      } 
      if (!mysql_num_rows($result)){ 
       $error = "Username does not exist."; 
      }else{ 
       $getPass = mysql_result($result, 0, 'pass'); 
       $salt = substr($getPass, 0, 64); 
       $hash = $salt . $pass; 
       for ($i = 0; $i < 100000; $i++){ 
        $hash = hash('sha256', $hash); 
       } 
       $hash = $salt . $hash; 
       if ($hash == $getPass){ 
        if ($rank !== "Banned"){ 
         $userLow = strtolower($user); 
         $_SESSION['user'] = $userLow; 
         $_SESSION['rank'] = $rank; 
         echo "<script type=\"text/javascript\">window.location.href='index.php';</script>"; 
         echo "Successfully logged in. Click <a href='index.php'>here</a> to continue."; 
        } 
       } 
      } 
     } 
    } 
    ?>

gtheader.php

<?php //gtheader.php 
    session_start(); 
      error_reporting(E_ALL); 
      ini_set("display_errors", 1); 

      include_once 'gtfunctions.php'; 
      $loggedIn = FALSE; 

      if(session_id() == "") 
      { session_start(); } 

      if(empty($_REQUEST['PHPSESSID'])){ 
       $session_id = session_id(); 
      } else { 
       $session_id = $_REQUEST['PHPSESSID']; 
      } 

      if (!empty($_SESSION['user'])){ 

       //This is not safe at all. Someone could change the user to % 
       $user = $_SESSION['user']; 

        echo "Current User: $user<br />"; 
       //This is not safe either. Someone could change their rank to Admin. 
       $rank = $_SESSION['rank']; 

       $loggedIn = TRUE; 
       echo "is set SESSION['user']? Yes"; 
      } else { 
      $user = ''; 
      $rank = ''; 
      echo "is set SESSION['user']? No"; 
      } 

      echo "<div id='header'><a class='header' href='index.php'> <h1 id='headerTitle'>$appname</h1></a>"; 
      if ($loggedIn == TRUE){ 
      //without filtering, someone could set the user to % which would return everyone from the DB.  
      $query = "SELECT * FROM gtmessages WHERE recip='".mysql_real_escape_string($user)."' AND status='0'"; 
      //This is not a standard function so we're assuming it's set in gtfunctions.php 
      $result = queryMysql($query); 
      //Here you're only checking if this is set, not how many 
      if (empty(mysql_num_rows($result))){ 
       $num = "";} else { 
        //If they trick your SQL statement into returning more than one... 
        $num = "[".mysql_num_rows($result)."]"; 
       } 
      if ($rank == 'Owner' || $rank == 'Admin') 
      { 
      echo "Welcome, <a class='header' href='gtmembers.php?view=$user'>$user</a><a class='header' href='gtmessage.php'>$num</a>. [<a class='header' href='gtlogout.php'>Logout</a>] | <a class='header' href='gtadmin.php'>Admin</a><br />"; 
      } else { 
      echo "Welcome, <a class='header' href='gtmembers.php?view=$user'>$user</a><a  class='header' href='gtmessage.php'>$num</a>. [<a class='header'  href='gtlogout.php'>Logout</a>]<br />"; 
      } 
     } 
    ?>

你要使用類似Firefox中的Firebug,以檢查頭,看看它的傳球一個cookie你參加會議,或者如果會話僅存儲在服務器端。另外如果會話通過GET變量傳遞。

有很多用戶提供的信息(如會話)的盲信任。有人可以劫持會話或欺騙更高的用戶名或等級。代碼中沒有檢查用戶級別是否設置正確。

我在gtheader下清理了一些SQL的東西。再次,盲目信任直接傳遞給SQL的東西。如果執行該查詢的SQL用戶具有對這些表的寫入權限,那麼您可能有注入攻擊的可能性。

來源

2013-03-23 01:09:04

+0

即使如此,這並不解釋爲什麼會話數組保持清空。 – user2058050 2013-03-23 01:12:19

相關問題

 相關問題