1. 首頁
  2. 問答
  3. PHP頁面之間的行爲表現不正常

PHP頁面之間的行爲表現不正常

2013-08-31 48 views
0

我在我的網站上有一個'login-act'腳本處理的'login'頁面,該腳本在成功時重定向到'post'頁面。 「發佈」頁面具有鏈接以發佈各種類型的內容,例如, 「後的音頻」。 'post'頁面可以正常工作,因爲它顯示的是用戶名,如果通過身份驗證的話,但從那時起就是災難:如果一個經過身份驗證的用戶點擊'post-audio',它會以某種方式註銷他並將其重定向到登錄頁面。但是,過了一段時間後(或者如果我在'後期音頻'腳本中進行了修改並撤消),它再次正常工作。這讓我瘋狂。你能幫我嗎?PHP頁面之間的行爲表現不正常

登錄-act.php:

<? ob_start();//Start buffer output ?> 

<html> 

<head> 
<link rel="stylesheet" type="text/css" href="mystyle-a.css"> 
<title>BQuotes CMS: User Generated Content: Login Notification</title> 
</head> 

<body class='center'> 

<?php 
session_start(); 
if(isset($_POST["captcha"])&&$_POST["captcha"]!=""&&$_SESSION["code"]==$_POST["captcha"]) 
{ 
// echo "<font color='green'>Correct Code Entered"; 

//Do req 





$host="host"; // Host name 
$username="user"; // Mysql username 
$password="password"; // Mysql password 
$db_name="db"; // Database name 
$tbl_name="table"; // Table name 
$tbl_name2="table2"; // Table name 2 

// Connect to server and select database. 
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB"); 

// Get values from form 
$myusername=mysql_real_escape_string($_POST['myusername']); 
$mypassword=mysql_real_escape_string($_POST['mypassword']); 

// Validate the login 
$sql2="SELECT * FROM $tbl_name2 WHERE username='$myusername' and password='$mypassword'"; 
$result2=mysql_query($sql2); 

$count=mysql_num_rows($result2); 

// If result matched $myusername and $mypassword, table row must be 1 row 
if($count==1) 
      { 
session_start();    
$_SESSION['myusername'] = $myusername; 
header ("Location: mybq-post.php"); 

      } 

else { 
echo "<div class='center2'><font color='red'>Invalid Login Details. Not Logged In.</div>"; 
echo "<br>"; 
echo "<div class='center2'><font color='red'>Please go back and try again.</div>"; 
echo "<br>"; 

echo "<div class='center2'><a href='mybq-login.php'>Back</a></div>"; 
} 


} 

else { 
echo "<div class='center2'><font color='red'>Wrong Captcha. Not Logged In.</div>"; 
echo "<br>"; 
echo "<div class='center2'><font color='red'>Please go back and try again.</div>"; 
echo "<br>"; 

echo "<div class='center2'><a href='mybq-login.php'>Back</a></div>"; 
} 
?> 


<?php 
// close connection 
//mysql_close(); 
?> 


</body> </html> 
<? ob_flush();//Flush buffer output ?>

post.php中:

<?php 

session_start(); 

if (!(isset($_SESSION['myusername']) && $_SESSION['myusername'] != '')) { 

header ("Location: mybq-login.php"); 

} 

if ($_SESSION['timeout'] + 10 * 60 < time()) { 
// session timed out 
session_destroy(); 
//header("Location: mybq-logout.php"); 
    } 

$_SESSION['timeout'] = time(); 


echo "<body class='left'><header><a href='mybq-logout.php'>Logout</a></header></body>" . $_SESSION['myusername']; 

?> 

<html> 

<head> 
<link rel="stylesheet" type="text/css" href="mystyle-a.css"> 
<title>BQuotes CMS: User Generated Content: Post Index</title> 
</head> 

<body class='center'> 

<div class='center2'> 
<b>MyBQuotes Post</b><br> 
<a href='mybq-post-txt.php'>Post Text</a> <a href='mybq-post-img.php'>Post Image</a><br> 
<a href='mybq-post-audio.php'>Post Audio</a> <a href='mybq-post-video.php'>Post Video<br> 
<a href='index.php'>CMS Index</a> <a href='mybq-index.php'>MyBQuotes Main</a><br> 
<font size="0.5px;" color="red"><b>Disclaimer: </b>Poster solely responsible for posted content! 
</div> 

</body> </html>

後audio.php:

<?php 

session_start(); 

if (!(isset($_SESSION['myusername']) && $_SESSION['myusername'] != '')) { 

header ("Location: mybq-login.php"); 

} 

if ($_SESSION['timeout'] + 10 * 60 < time()) { 
// session timed out 
session_destroy(); 
//header("Location: mybq-logout.php"); 
    } 

$_SESSION['timeout'] = time(); 


echo "<body class='left'><header><a href='mybq-logout.php'>Logout</a></header></body>" . $_SESSION['myusername']; 
?> 

<html> 

<head> 
<link rel="stylesheet" type="text/css" href="mystyle-a.css"> 
<title>BQuotes CMS: User Generated Content: Post Audio</title> 
</head> 

<div class='center2'> 
<body class='center'> 
<b>MyBQuotes Post Audio:</b><br> 
<font size=2>Allowed File Type: MP3<br /> 
Max File Size: 8MB</p> 
<form name=mybq-post-audio action="mybq-post-audio-act.php" method="post" enctype="multipart/form-data"> 

<!-- 
Username:<br /> 
<input type="text" size="25" name="myusername" /><br /> 
Password:<br /> 
<input type="password" size="25" name="mypassword" /><br /> 
--> 

Audio:<br /> 
<input type="file" name="audio" id="myaudio" /><br /> 
Tag:<br /> 
<input type="text" size="25" name="mytag" /><br /> 

Enter Image Text:<br /> 
<input name="captcha" type="text"> 
<img src="captcha.php" /><br> 

<input type="submit" value="Post" /><br /> 
</form> 
<a href="forg-pass.htm"><div class='tagtext'>Forgot Login details?</a> 
<br /> 
<a href="index.php">CMS Index</a> <a href="mybq-post.php">MyBQuotes Post</a> 

</div> 
</body> </html>

任何幫助表示讚賞。 (我知道我的一些代碼已經過時...我的工作就可以了:))

來源

2013-08-31 adeoba

+0

在您的文件中註釋會話超時並檢查出來。 。 –

+1

'mysql_()'已棄用,''已棄用,您在''之前呼應''因此一般情況下我建議您重寫整個代碼 –

+0

vicky,評論超時無效......我知道它必須處理第一個條件:if(!(isset ...我只是無法弄清楚:( – adeoba

回答

1

在您的登錄表單(login-act.php)你不設置$_SESSION['timeout']所以當您訪問的頁面post.php檢查$_SESSION['timeout'] + 10 * 60 < time()是總是如此,session_destroy()會摧毀你的會話。

解決的方法是添加設置是在login-act.php腳本超時行,即:

session_start();    
$_SESSION['myusername'] = $myusername; 
$_SESSION['timeout'] = time();

而且總是exit任何重定向後,如果不退出,雖然瀏覽器將重定向導致服務器告訴他,腳本將繼續在服務器中執行,讓您的代碼可用於難以調試的漏洞和奇怪的行爲。

來源

2013-08-31 13:06:43

+0

感謝ilalopoulos,它做了詭計;) – adeoba

相關問題

 相關問題