2014-04-13 37 views
1

所以我有這種形式,用戶在他的屁股上簽名。當用戶填寫所有的細節時,他點擊提交按鈕。 Ajax請求提交表單並將所有詳細信息放入數據庫中。如果發生這種情況沒有任何錯誤,則會打開一個帶有兩個(付款)按鈕的隱藏div。點擊iDeal或PayPal按鈕後,colorbox打開並顯示「概覽頁面」。現在我想通過$ _SESSION ['user_id']顯示數據庫中的用戶信息。但不知何故,因爲「概覽頁面」爲空,所以我沒有存儲會話orso。無法獲得會話存儲,我錯過了什麼?

我不確定我錯過了什麼,任何擡頭都會很棒!

這是形式:

<div class="content main container" id="goShowOrderForm"> 
<div class="content main box"> 
<div id="udidOrderForm" class="order form"> 
<form action="post" id="orderForm" name="form"> 

<label for="email">Email</label> 
<input type="email" class="input-fullwidth" name="email"> 

<div class="two-column"> 
<label for="password">Password</label> 
<input type="password" name="password"> 
</div> 

<div class="two-column right"> 
<label for="repassword">Confirm Password</label> 
<input type="password" name="re_password"> 
</div> 

<input type="hidden" name="token" value="<?php echo $_SESSION['guest_token'] ?>"> 

</form> 

<div class="orderFormActions"> 
<input type="submit" class="button darkblue order" name="submitNewStep" id="submitNewStep" value="Nu afrekenen"> 
<div class="button red cancel" id="cancelUdidOrder">Afbreken</div> 
</div> 

</div> 
</div> 

阿賈克斯後一頁(以數據存儲在數據庫提交後)

<?php 
include '../includes/database/db_connect.php'; 
include '../includes/database/functions.php'; 

if($_POST) { 

//Form data 
$email = safe($mysqli,$_POST['email']); 
$guestToken = safe($mysqli,$_POST['token']); 

$password = veilig($mysqli,$_POST['password']); 
$rePassword = veilig($mysqli,$_POST['re_password']); 

//Check if everything has been filled in correctly 
if ($email == '' || $password == '' || $rePassword == '') {  
echo "orderFormRequiredFields"; 
exit(); 
} 

//Check emailFormat 
if (!CheckEmailFormat($email)) { 
echo "orderFormerrorEmailFormat"; 
exit(); 
} 

//Check if email already exist 
$checkIfEmailExist = mysqli_query($mysqli,"SELECT * FROM members WHERE email = '$email'"); 
if (mysqli_num_rows($checkIfEmailExist) > 0){ 
echo "orderFormEmailAlreadyExist"; 
exit(); 
} 

//Check if the two passwords do match 
if ($password == $rePassword) { 
//Als wachtwoorden overeen komen, maak er een hashed pw + salt van 
$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); 
$saltedPW = $password . $salt; 
$hashedPW = hash('sha256', $saltedPW); 

} else { 
echo "orderFormErrorPasswordConfirm"; 
exit(); 
} 


$tstamp = time(); 
$token = md5(uniqid(mt_rand())); 
//Add user to the database 
$createUser = mysqli_query($mysqli,"INSERT INTO members (account_active, email, guest_token, password, salt) 
VALUES ('0', '$email', '$guestToken', '$hashedPW', '$salt'); "); 


//begin storing user_id 
//Check for the users salt 
$getSalt = mysqli_query($mysqli,"SELECT salt FROM members WHERE email = '$email';"); 

if (!$getSalt) { 
echo "Error Salt"; 
exit(); 
} 

$row = mysqli_fetch_assoc($getSalt); 
$salt = $row['salt']; 


//Find the user details 
$saltedPW = $password . $salt; 
$hashedPW = hash('sha256', $saltedPW); 
$findUser = mysqli_query($mysqli,"SELECT * FROM members WHERE email = '$email' AND password = '$hashedPW'"); 
$roww = mysqli_fetch_assoc($findUser); 
$user_id = $roww['user_id']; 

//If users exist, count should be 1 
$count = mysqli_num_rows($findUser); 

if($count == 1) { 
$_SESSION['user_id'] = $user_id; 
$_SESSION['email'] = $email; 
} else { 
echo "Error"; 
exit(); 
} 
//end 

echo "succesMsgOrderForm"; 
} 
?> 

這是概述頁面的基本

<?php 
include 'includes/database/db_connect.php'; 
include 'includes/database/functions.php'; 

sec_session_start(); 

$user_id = $_SESSION['user_id']; 

$getAllDetails = mysqli_query($mysqli,"SELECT * FROM members WHERE user_id = '$user_id' ") OR die (mysqli_error($mysqli)); 
$row = mysqli_fetch_array($getAllDetails); 
$email = $row['email']; 

?> 
<body> 
user_id is: <?php echo $user_id ?> <br> 
email is: <?php echo $email ?> 
</body> 

謝謝

編輯#1 sec_session_start()部分是在functions.php中:

function sec_session_start() { 
    $session_name = 'sec_session_id'; // Set a custom session name 
    $secure = SECURE; 
    // This stops JavaScript being able to access the session id. 
    $httponly = true; 
    // Forces sessions to only use cookies. 
    ini_set('session.use_only_cookies', 1); 
    // Gets current cookies params. 
    $cookieParams = session_get_cookie_params(); 
    session_set_cookie_params($cookieParams["lifetime"], 
     $cookieParams["path"], 
     $cookieParams["domain"], 
     $secure, 
     $httponly); 
    // Sets the session name to the one set above. 
    session_name($session_name); 
    session_start();   // Start the PHP session 
    session_regenerate_id(); // regenerated the session, delete the old one. 
} 

編輯#2 - 第一部分,我打通顏色框(JavaScript的)

$(document).on('click', '#pay_ideal', function(){ 
    $.colorbox({ 
     width: 500, 
     height: 350, 
     speed: 350, 
     closeButton: false, 
     href:"order-overview.php" 
    }); 
}); 
+0

代碼'sec_session_start();'? –

+0

對不起。剛編輯我的問題。 sec_session_start部分已被編輯。 – user3512502

+0

你說你沒有存儲會話,但你已經存儲了sessio。請發佈您的代碼,打開彩盒 –

回答

0

您需要在刷新會話之前檢查會話狀態,

function sec_session_start() { 
    $session_name = 'sec_session_id'; // Set a custom session name 
    $secure = SECURE; 
    // This stops JavaScript being able to access the session id. 
    $httponly = true; 
    // Forces sessions to only use cookies. 
    ini_set('session.use_only_cookies', 1); 
    // Gets current cookies params. 
    $cookieParams = session_get_cookie_params(); 
    session_set_cookie_params($cookieParams["lifetime"], 
     $cookieParams["path"], 
     $cookieParams["domain"], 
     $secure, 
     $httponly); 
    // Sets the session name to the one set above. 
    if (session_id() == '') { 
     session_name($session_name); 
     session_start();   // Start the PHP session 
     session_regenerate_id(); 
    } 
} 
+0

我已將其替換爲我所擁有的。它不再加載總覽頁面,並提供GET http://domain.com/order-overview.php 500(內部服務器錯誤)錯誤 – user3512502

+0

請告訴我確切的錯誤。你使用哪個版本的PHP? –

+0

確切的錯誤:GET http://domain.com/order-overview.php 500(內部服務器錯誤)jquery.js:7845(consolelog)。 Colorbox無法打開內容。我正在使用最新的PHP – user3512502

相關問題