数据未保存在会话变量中
Posted
技术标签:
【中文标题】数据未保存在会话变量中【英文标题】:Data not saving in session variable 【发布时间】:2021-10-16 18:23:05 【问题描述】:数据未存储在会话中一切正常登录系统一切正常,但用户名用户传递和用户 ID 等数据应保存在会话中,但我不知道,因为如果它在您成功登录时保存它应该显示欢迎 username。
进入论坛主页,但它没有显示之前显示的用户名,但我遇到了问题,当所有问题都解决后,这个错误就出来了。
代码:
<style>
<?php include 'signin.css'; ?>
</style>
<script type="text/javascript" src="signup.js"></script>
<?php
//signin.php
include 'connect.php';
include 'header.php';
//first, check if the user is already signed in. If that is the case, there is no need to display this page
if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.';
else
if($_SERVER['REQUEST_METHOD'] != 'POST')
/*the form hasn't been posted yet, display it
note that the action="" will cause the form to post to the same page it is on */
echo '<form action="" method="post" >
<div class="all" >
<div class="container" >
<div class="first" >
<h2>SIGN IN</h2>
</div>
<div class="user" >
<input class="use" type="text" placeholder="Username" id="username" name="user_name" required>
</div>
<div class="userimg" >
<img src="user.png" style="height:2em;width:2em;" >
</div>
<div class="pass" >
<input type="password" placeholder="Password" id="password" name="user_pass" minlength="8" required >
<img src="lock.png" >
</div>
<div class="show">
<img src="visible.png" id="visible" class="visible" onclick="myFunction()">
<img src="invisible.png" id="invisible" class="invisible" onclick="mynot()" >
</div>
<div class="check" >
<input type="checkbox" required >
</div>
<div class="box" >
<p>I accept all <a href="#" >terms</a> and <a href="#" >privacy</a>.</p>
</div>
<div class="submit" >
<input type="submit" name="submit" onclick="submit()" value="Sign in">
</div>
<div class="close" >
<input type="button" value="Back" >
</div>
<div class="log" >
dont have an account? <a href="#" >Login</a>
</div>
<div class="organic" >
<img src="logo.png" class="organicpe" >
</div>
<div>
<h2 class="back" ><a href="#" >Go Back</a></h2>
</div>
</div>
</div>
</form>';
else
/* so, the form has been posted, we'll process the data in three steps:
1. Check the data
2. Let the user refill the wrong fields (if necessary)
3. Verify if the data is correct and return the correct response
*/
$errors = array(); /* declare the array for later use */
if(!isset($_POST['user_name']))
$errors[] = 'The username field must not be empty.';
if(!isset($_POST['user_pass']))
$errors[] = 'The password field must not be empty.';
if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
echo 'Uh-oh.. a couple of fields are not filled in correctly..';
echo '<ul>';
foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
echo '<li>' . $value . '</li>'; /* this generates a nice error list */
echo '</ul>';
else
//the form has been posted without errors, so save it
//notice the use of mysql_real_escape_string, keep everything safe!
//also notice the sha1 function which hashes the password
$sql = "SELECT
user_id,
user_name,
user_level
FROM
Users
WHERE
user_name = '" . mysql_real_escape_string($_POST['user_name']) . "'
AND
user_pass = '" . sha1($_POST['user_pass']) . "'";
$result = mysqli_query($conn,$sql);
if(!$result)
//something went wrong, display the error
echo 'Something went wrong while signing in. Please try again later.';
//echo mysql_error(); //debugging purposes, uncomment when needed
else
//the query was successfully executed, there are 2 possibilities
//1. the query returned data, the user can be signed in
//2. the query returned an empty result set, the credentials were wrong
if(mysqli_num_rows($result) == 0)
echo 'You have supplied a wrong user/password combination. Please try again.';
else
while ($row = $result -> fetch_row())
session_start();
//set the $_SESSION['signed_in'] variable to TRUE
$_SESSION['signed_in'] = true;
//we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_name'] = $row['user_name'];
$_SESSION['user_level'] = $row['user_level'];
while ($row = mysqli_fetch_array($result))
//set the $_SESSION['signed_in'] variable to TRUE
$_SESSION['signed_in'] = true;
//we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
while($row = mysqli_fetch_assoc($result))
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_name'] = $row['user_name'];
echo '<h3>Welcome, ' . $_SESSION['user_name'] . '. <a href="index.php">Proceed to the forum overview</a>.</h1>';
include 'footer.php';
?>
【问题讨论】:
您是否在这些包含的文件中调用session_start()?
警告:您对SQL Injections 持开放态度,应该使用参数化的prepared statements,而不是手动构建查询。它们由PDO 或MySQLi 提供。永远不要相信任何形式的输入!即使您的查询仅由受信任的用户执行,you are still in risk of corrupting your data。 Escaping is not enough!
切勿以明文形式或使用 MD5/SHA1 存储密码! 仅存储使用 PHP 的 password_hash() 创建的密码哈希,然后您可以使用 password_verify() 进行验证。看看这个帖子:How to use password_hash 并了解更多关于bcrypt & password hashing in PHP
mysql_real_escape_string 不存在
如果你刚刚开始学习 PHP,那么你应该学习 PDO 而不是 mysqli。 PDO 更容易,更适合初学者。从这里开始phpdelusions.net/pdo & websitebeaver.com/…
【参考方案1】:
您需要启动每个 php 文件使用会话
session_start();
【讨论】:
兄弟我正在使用这样的文件,我有会话开始以上是关于数据未保存在会话变量中的主要内容,如果未能解决你的问题,请参考以下文章