1
我試圖設置密碼保護以與某些文件一起使用。我遵循在線教程,並取得一些成功,但在其他情況下,不斷接到拒絕訪問的頁面的呼叫,儘管看起來與正在執行的操作完全相同。某些文件上的密碼保護訪問被拒絕
從我的登錄頁面,登錄腳本調用一個php登錄頁面,它應該存儲會話ID。然後我有一個單獨的頁面來檢查會話ID是否已經存儲,並且該頁面(稱爲auth.php)包含在我試圖保護的頁面中。我把php代碼放在文件的開頭,正如我對一些測試頁面所說的那樣,但是對於我需要的頁面來說,它會恢復到訪問被拒絕的頁面,這對我來說意味着它不會意識到會話ID已被存儲。我沒有收到與連接問題有關的任何錯誤消息,所以我的重點是會話ID問題。任何想法將不勝感激。
包括代碼:
<?php
require_once('auth.php');
?>
auth.php代碼:
<?php
//Check whether the session variable SESS_MEMBER_ID is present or not
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
header("location: access-denied.php");
exit();
}
?>
的登錄腳本代碼相關
部分:
//Create query
$qry="SELECT * FROM members WHERE login='$login' AND password='".md5($_POST['password'])."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
session_write_close();
header("location: member-index.php");
exit();
}else {
//Login failed
header("location: login-failed.php");
exit();
}
}else {
die("Query failed");
}
全部登錄代碼:
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login-form.php");
exit();
}
//Create query
$qry="SELECT * FROM members WHERE login='$login' AND password='".md5($_POST['password'])."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
session_write_close();
header("location: member-index.php");
exit();
}else {
//Login failed
header("location: login-failed.php");
exit();
}
}else {
die("Query failed");
}
?>
登錄腳本具有之初的session_start()腳本 - 我只列出了我懷疑問題所在的腳本部分。 – dmwesq 2011-05-02 20:44:55
我添加了完整的登錄代碼。我在測試目錄上運行完全相同的代碼,並且文件執行得很好。我看到沒有任何編碼差異,當我在正確登錄後嘗試訪問受密碼保護的文件時,會導致我繼續拒絕訪問。 – dmwesq 2011-05-02 21:02:24
但會員頁面是否有session_start?只運行一次是不夠的。你的auth.php只有在同一個文件(或包含它的文件)中有session_start()時纔會起作用。 – Nanne 2011-05-03 05:34:23