1. 首頁
  2. 問答
  3. 會話/認證循環

會話/認證循環

2012-02-25 61 views
-1

我在這段代碼中有一個循環(用戶被返回到登錄頁面)。問題部分是這樣的會話/認證循環

else if (!$session_id){ 
    //if user is not logged in, send to the login page 
    header("Location:" . $Config_live_site . "/user_events/login.php"); 
    exit; 
}

我有一種感覺,這是所有的嵌套if語句。如果刪除了上面的「else if」,用戶可以登錄並且所有會話功能均正常工作。下面是代碼:

//check if the user has clicked on a submit button in a login form in login.php 
if (isset($_POST['submit'])) { 
    $username = $_POST['username']; 
    $pass  = $_POST['password']; 
    if (!$username) { 
     echo "<script>alert('Please enter username'); document.location.href='index.php?option=login$string_2';</script>\n"; 
    } 
    if (!$pass) { 
     echo "<script>alert('Please enter a password'); document.location.href='index.php?option=login$string_2';</script>\n"; 
    } 
    else { 
     $pass = md5($pass); 
    } 
//set up user object and start a new session 
    $user = new user(); 
    $database->get_user(&$user, $username, '1'); 
     if (!strcmp($user->user_pass, $pass)) { 
      session_name('login'); 
      session_start(); 
      $logintime = time(); 
      $session_id = md5("$user->username$user->user_type$logintime"); 
      $database->set_session($user, $session_id, $logintime); 
      $_SESSION['session_id']   = $session_id; 
      $_SESSION['session_username'] = $user->username; 
      $_SESSION['session_usertype'] = $user->user_type; 
      $_SESSION['session_logintime'] = $logintime; 
      session_write_close(); 
     // cannot using mosredirect as this stuffs up the cookie in IIS 
       if ($suboption) { 
       echo "<script>document.location.href='index.php?$string';</script>\n"; 
       } else { 
       echo "<script>document.location.href='index.php?option=subscriber_home';</script>\n"; 
       } 
       exit(); 
     } else { 
     echo "<script>alert('Incorrect Username and Password, please try again'); document.location.href='index.php?option=subscribe$string_2';</script>\n"; 
     exit(); 
     } 
} 
else if (!$session_id){ 
    //if user is not logged in, send to the login page 
    header("Location:" . $Config_live_site . "/user_events/login.php"); 
    exit; 
} 



//session starts 
session_name('login'); 
session_start(); 
if ($option == 'logout') { 
    require 'logout.php'; 
    exit(); 
} 

$user = new user(); 
$user->username = $_SESSION['session_username']; 
$user->user_type = $_SESSION['session_usertype']; 
$session_id = $_SESSION['session_id']; 
$logintime = $_SESSION['session_logintime'];

來源

2012-02-25 Natalia

+0

誰知道我不得不點擊勾號?現在我明白了。 – Natalia 2012-02-25 02:22:49

+1

你爲什麼要創建自己的會話ID? PHP在執行'session_start()'的時候已經爲你做了這個,你可以通過'session_id()'來檢索這個值。 – 2012-02-25 02:24:19

+0

問題在於,您甚至在設置會話之前嘗試使用session_id! – 2012-02-25 02:28:07

回答

1

這段代碼很凌亂,我不能完全幫助你不知道你的數據庫對象是什麼,它是如何運行的,但是做這樣的事情。它會簡化你的代碼堆。

session_start(); 
try{ 
    if(!isset($_POST['submit'])) 
     throw new exception('No Post Data Found.'); 

    if(!isset($_POST['username'])) 
     throw new exception('Please enter a username.'); 

    if(!isset($_POST['password'])) 
     throw new exception('Please enter a password.'); 

    $username = $_POST['username']; 
    $password = $_POST['password']; 
    $password = md5($password); 

    //CHECK IF USER CREDENTIALS ARE CORRECT HERE 
    #$result = database results as object. 
    $valid_credentials = true; 

    if(!$valid_credentials) 
     throw new exception('Your credentials were incorrect.'); 

    $_SESSION['username'] = $username; 
    $_SESSION['user_type'] = $result->user_type; 
    $_SESSION['logintime'] = time(); 

    echo '<script>document.location.href="success.php";</script>' 
catch (Exception $E){ 
    echo "<script>alert('$E->getMessage()'); document.location.href='login.php'; </script>"; 
}

其中一些我不會推薦的做法,但我試圖儘可能使用代碼來適應它。你有需要將數據庫對象添加到代碼中。

我也寧願用戶標題('位置:');比JavaScript腳本,但我用你現有的工具。

Goodluck!

來源

2012-02-25 03:11:27 MichaelH

相關問題

 相關問題