开发者

Having issue with signin page

开发者 https://www.devze.com 2023-04-01 21:40 出处:网络
After processing submitted data, my signing script redirects user back to index page. The problem is, in my index page I can\'t check if user signed in or not. I\'ve inserted:

After processing submitted data, my signing script redirects user back to index page. The problem is, in my index page I can't check if user signed in or not. I've inserted:

if (isset($_SESSION['id'])) 
{echo $_SESSION['id']; die();}

at the beginning of the index page for checking purposes. But it doesn't echo anything.

My signin script looks like this:

<?php
include '../includes/common.php';
$page='signin';
$err = array();

foreach($_GET as $key => $value) {
    $get[$key] = filter($value);
}

if ($_POST['dologin']=='Daxil ol') {
    foreach($_POST as $key => $value) {
        $data[$key] = filter($value);
    }

    $login = $data['login'];
    $pass = $data['pwd'];


    if (strpos($login,'@') === false) {
        $user_cond = "login='$login'";
    } else {
        $user_cond="email='$login'";
    }

    $result = $db->query("SELECT `id`,`pwd`,`fname`,`lname`,`approved`,`type`,`level` FROM users WHERE $user_cond AND `ban` = '0'") or die($db->error());

    $num = $result->num_rows;

    if ($num > 0 ) {
        list($开发者_如何学编程id,$pwd,$fname,$lname,$approved, $type, $level) = $result->fetch_row();
        if (!$approved) {
            $err[] = 6;
        }
        if ($pwd === PwdHash($pass,substr($pwd,0,9))) {
            if (empty($err)) {

                session_start();
                session_regenerate_id(true);

                $_SESSION['id']= $id;
                $_SESSION['fname'] = $fname;
                $_SESSION['lname'] = $lname;
                $_SESSION['type'] = $type;
                $_SESSION['level'] = $level;
                $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);

                $stamp = time();
                $ckey = GenKey();
                $db->query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die($db->error());

                //set a cookie

                if (isset($_POST['remember'])) {
                    setcookie("id", $_SESSION['id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                    setcookie("key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
                    setcookie("fname",$_SESSION['fname'], time()+60*60*24*COOKIE_TIME_OUT, "/");
                }
                header("Location: ../../../index.php");
            }
        } else {
            $err[] = 7;
        }
    } else {
        $err[] = 8;
    }
    if (!empty($err)) {
    include "../includes/error.php";
    }

} 
?>

Checked php error log. No error. Also checked MySql DB tables. It sets ctime and ckey. The signin part works (I think). The filter function is from common.php (for sanitizing post data)


You need to start session (even before sending any headers to the page). You also need to start session on each page you need session data unless you have the session auto start directive set to true

<?php
session_start();
//$_SESSION data available here!
?>
<html>...
<?
   //other php code
   //$_SESSION data available here!
?>
...</html>


It looks like you are missing session_start() at the beginning of both files.

PHP wont pass session information if this function call is not present. It is a good practice to have this call be the first thing in the file.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号