Problem carrying Session over to other pages
I am able to login a user, but while processing to the next page (memebers area) I can't display any user info let alone print the $_SESSION[email]
. I am not sure what's up. Below is the login code and the testing members are page.
Login page:
session_start();
//also in a real app you would get the id dynamically
$sql = "select `email`, `password` from `accounts` where `email` = '$_POST[email]'";
$query = mysql_query($sql) or die ("Error: ".mysql_error());
while ($row = mysql_fetch_array($query)){
$email = $row['email'];
$secret = $row['password'];
//we will echo these into the proper fields
}
mysql_free_result($query);
// Process the POST variables
$email = $_POST["email"];
//Variables
$_SESSION["email"] = $_POST["email"];
$secret = $info['password'];
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the members page
{
$email = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT email, password FROM accounts WHERE email = '$email'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if (@ $info['password'] != $pass)
{
}
else
{
header("Location: home.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['email'] | !$_POST['password']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT email,password FROM accounts WHERE email = '".$_POST['email']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
//gives error if the password is wrong
if (@ $_POST['password'] != $info['password']) {
die('Incorrect password, please try again');
}
else
{
// if login is ok then we add a cookie
$_POST['email'] = stripslashes($_POST['email']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['email'], $hour);
setcookie(Key_my_site, $_POST['password'], $hour);
//then redirect them to the members area
header("Location: home.php");
}
}
}
else
{
// if they are not logged in
?>
<?php
}
?>
home.php
session_start();
if(!isset($_SESSION['email'])) {
hea开发者_运维技巧der('Location: login_test3.php'); die('<a href="login_test3.php">Login first!</a>');
}
//Variables
$_SESSION["email"] = $email;
print $_SESSION['name'];
UPDATE
Just realized the existing code gets in to the home.php file but will not echo anything. But as soon as you hit refresh the session is gone.
Can you please reformat that code? It's really hard to comprehend with the indents and whitespace. Once it's back up, I'll do my best to help you.
One tip: input cleaning!
These functions have saved me a lot of trouble:
function forceInteger($variable) {
return preg_replace("/[^0-9]/", "", $variable);
}
function forceAlpha($variable) {
return preg_replace("/[^A-Za-z]/", "", $variable);
}
function forceAlphaNum($variable) {
return preg_replace("/[^A-Za-z0-9 \-\.]/", "", $variable);
}
function forceAlphaNumNoSpace($variable) {
return preg_replace("/[^A-Za-z0-9\-\.]/", "", $variable);
}
I've found that dashes and periods are sufficient for most short strings. If taking in a textarea, run it through this:
function forceNaturalLanguage($variable) {
return preg_replace("/[^A-Za-z0-9 \-\.\?\!]/", "", $variable);
}
Here's my suggestion: login.php (the script that handles authentication)
session_start();
if ($_POST["submit"]) {
// query database for email and password, where email is posted email
$sql = "SELECT * FROM `accounts` WHERE `email` = '{$_POST[email]'}";
$query = mysql_query($sql) or die ("Error: ".mysql_error());
if (mysql_num_rows($query) == 1) {
// there's one result - we got it!
$result = mysql_fetch_assoc($query);
if ($_POST["password"] == $result["password"]) {
// Successful auth.
// Set session vars and redirect with header()
$_SESSION["Authenticated"] = true;
$_SESSION["FirstName"] = $result["FirstName"];
$_SESSION["Email"] = $result["Email"];
header("Location: /home.php?event=login");
// Don't forget to exit(), otherwise some other code may run, causing unintended behaviours
}
else {
// Password didn't match.
exit("Incorrect password");
}
}
}
else {
// No email match
exit("Email not found.");
}
A couple points:
1. in double-quoted strings, to put an array value into the query, you must enclose it in {curly braces} like this: "Hi, {$_SESSION["FirstName"]}";
2. Don't EVER set session variables directly from user input. If you're grabbing it from the database, store it from there. That's the safest way.
3. Setting your own login cookie is pointless when you're using PHP sessions. If you want to change the name, try something like this:
ini_set("session.name","coolSession");
精彩评论