开发者

Having issue with signin page

问答 作者:

After processing submitted data, my signing script redirects user back to index page. The problem is, in my index page I can't check if user signed in or not. I've inserted:

if (isset($_SESSION['id'])) 
{echo $_SESSION['id']; die();}

at the beginning of the index page for checking purposes. But it doesn't echo anything.

My signin script looks like this:

<?php
include '../includes/common.php';
$page='signin';
$err = array();

foreach($_GET as $key => $value) {
    $get[$key] = filter($value);
}

if ($_POST['dologin']=='Daxil ol') {
    foreach($_POST as $key => $value) {
        $data[$key] = filter($value);
    }

    $login = $data['login'];
    $pass = $data['pwd'];


    if (strpos($login,'@') === false) {
        $user_cond = "login='$login'";
    } else {
        $user_cond="email='$login'";
    }

    $result = $db->query("SELECT `id`,`pwd`,`fname`,`lname`,`approved`,`type`,`level` FROM users WHERE $user_cond AND `ban` = '0'") or die($db->error());

    $num = $result->num_rows;

    if ($num > 0 ) {
        list($开发者_如何学编程id,$pwd,$fname,$lname,$approved, $type, $level) = $result->fetch_row();
        if (!$approved) {
            $err[] = 6;
        }
        if ($pwd === PwdHash($pass,substr($pwd,0,9))) {
            if (empty($err)) {

                session_start();
                session_regenerate_id(true);

                $_SESSION['id']= $id;
                $_SESSION['fname'] = $fname;
                $_SESSION['lname'] = $lname;
                $_SESSION['type'] = $type;
                $_SESSION['level'] = $level;
                $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);

                $stamp = time();
                $ckey = GenKey();
                $db->query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die($db->error());

                //set a cookie

                if (isset($_POST['remember'])) {
                    setcookie("id", $_SESSION['id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                    setcookie("key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
                    setcookie("fname",$_SESSION['fname'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                }
                header("Location: ../../../index.php");
            }
        } else {
            $err[] = 7;
        }
    } else {
        $err[] = 8;
    }
    if (!empty($err)) {
    include "../includes/error.php";
    }

} 
?>

Checked php error log. No error. Also checked MySql DB tables. It sets ctime and ckey. The signin part works (I think). The filter function is from common.php (for sanitizing post data)

You need to start session (even before sending any headers to the page). You also need to start session on each page you need session data unless you have the session auto start directive set to true

<?php
session_start();
//$_SESSION data available here!
?>
<html>...
<?
   //other php code
   //$_SESSION data available here!
?>
...</html>

It looks like you are missing session_start() at the beginning of both files.

PHP wont pass session information if this function call is not present. It is a good practice to have this call be the first thing in the file.

继续阅读:authenticationphpsession

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9