【发布时间】:2012-12-18 16:57:34
【问题描述】:
您好,我在这里阅读了主题并尝试以不同的方式进行操作,但我的问题仍未解决。我尝试存储会话并使用它再次从数据库中检索数据。我使用了会话 idmember 并将其设置为一个变量,然后将其用于查询以回显他/她的名字和姓氏。我可以进入主页,但用户名没有回显。 在这里总结一下它是如何工作的。索引 > 验证(验证) > 学生/index.php
functions.php
<?php
function sec_session_start() {
$session_name = 'sec_session_id'; // Set a custom session name
$secure = true; // Set to true if using https.
$httponly = true; // This stops javascript being able to access the session id.
ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies.
$cookieParams = session_get_cookie_params(); // Gets current cookies params.
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_name($session_name); // Sets the session name to the one set above.
session_start(); // Start the php session
session_regenerate_id(); // regenerated the session, delete the old one.
}
?>
index.php(主页)
<?php
include ('include/functions.php');
sec_session_start();
include ('header.php');
?>
<title>Students Portal</title>
<div id="upper_row"><b>Announcement:</b></div>
<div id="l_column"></div>
<div id="r_column">
<form action="authenticate.php" method="POST" name="loginform">
<table width="100%">
<tr>
<th colspan="3" align="left">USER LOGIN<br /><hr /></th>
</tr>
<tr>
<td width="72">Username:</td>
<td width="212">
<script type="text/javascript">
function blank(a) { if(a.value == a.defaultValue) a.value = ""; }
function unblank(a) { if(a.value == "") a.value = a.defaultValue; }
</script>
<input type="text" value="Enter your School ID here" onfocus="blank(this)" onblur="unblank(this)" name="id" />
</td>
</tr>
<tr>
<td>Password:</td>
<td><script type="text/javascript">
function blank(a) { if(a.value == a.defaultValue) a.value = ""; }
function unblank(a) { if(a.value == "") a.value = a.defaultValue; }
</script>
<input type="password" value="Password" onfocus="blank(this)" onblur="unblank(this)" name="password" /></td>
</tr>
<tr>
<td></td>
<td rowspan="3" align="center"><input type="submit" name="login" value="Login" /></td>
</tr>
</table>
</form>
</div>
<?php
include "footer.php";
?>
认证.php
<?php
include ('include/conn.php');
include ('include/functions.php');
sec_session_start();
// username and password sent from form
if(isset($_POST['login'])) {
$user=$_POST['id'];
$pass=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$crypt_pass=md5($pass);
//query from database
$result=mysql_query("SELECT username,user_pass,user_id FROM tbl_user WHERE username ='$user' and user_pass='$crypt_pass'");
$result2=mysql_fetch_row($result);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
//First Step of Validation
//get the ip address of the user then the attempts
$iptocheck = $_SERVER['REMOTE_ADDR'];
$iptocheck = mysql_real_escape_string($iptocheck);
$resultip = mysql_query("SELECT ip_address,login_attempts,username FROM tbl_sec_login WHERE ip_address = '$iptocheck' AND username='$user'");
$ipcount = mysql_num_rows($resultip);
$rowx = mysql_fetch_row($resultip);
if(mysql_num_rows($resultip) > 1) {
//Already has some IP address records in the database
//Get the total failed login attempts associated with this IP address
if ($rowx['1'] > 3) {
header("Location: index.php");
}
}
//If none then insert it to the table
else if ($ipcount == 0) {
$loginattempts = 0;
mysql_query("INSERT INTO tbl_sec_login (ip_address,login_attempts,username) VALUES ('$iptocheck','$loginattempts','$user')");
}
//Second step of validation
//if count is equal to 1 then proceed to next condition
if($count==1){
//Third Step of Validation
// If result matched $user and $crypt_pass, table row must be 1 row
if ($user==$result2[0] AND $crypt_pass==$result2[1]){
$_SESSION['idmember'] = $_POST['id'];
$loginattempts = 0;
mysql_query("DELETE FROM tbl_sec_login WHERE ip_address = '$iptocheck' AND username='$user'");
if($result2[2]==3) {
header("Location: student/index.php?id=$user");
}elseif ($result2[2]==2) {
header("Location: epersonnel/index.php");
}elseif ($result2[2]==1) {
header("Location: admin/index.php");
}
}else{
$loginattempts = $rowx['1'] + 1;
mysql_query("UPDATE tbl_sec_login SET login_attempts = '$loginattempts' WHERE ip_address = '$iptocheck' AND username='$user'");
header("Location: login.php");
}
}
else {
$loginattempts = $rowx['1'] + 1;
mysql_query("UPDATE tbl_sec_login SET login_attempts = '$loginattempts' WHERE ip_address = '$iptocheck' AND username='$user'");
header("Location: login.php");
}
}
else {
header("Location: index.php");
}
?>
学生/index.php
<?php
session_start();
if(!empty($_SESSION['idmember'])){
header("Location: login.php");
}
require 'include/conn.php';
$id = $_SESSION['idmember'];
$query="SELECT first_name,last_name FROM tbl_studentmasterlist WHERE sid ='$id'";
$result=mysql_query($query);
$row = mysql_fetch_array($result);
include "header.php";
?>
<div id="s_l_column">
<div id="i_location">
Welcome, <br />
<center><img name="" src="" width="185" height="135" alt=""> <br />
» <?php echo $row['first_name']." ".$row['last_name'];?> </center>
<hr />
</div>
<div id="side_menubar">
</div>
</div>
<div id="s_r_column">
<div class="menubar">
<ul>
<li><a href="#" class="leftEdge clearBorder">Home</a></li>
<li><a href="#">Account Setting</a></li>
<li><a href="#">Enrollment Guide</a></li>
<li><a href="#">Enroll</a></li>
<li><a href="#" class="rightEdge">Logout</a></li>
</ul>
</div>
<div id="b_contianer">
</div>
</div>
<?php
include "footer.php";
?>
【问题讨论】:
-
我尝试使用 $_GET ,例如 www.test.php?cn= 但问题是我发现它会公开给所有人看。有什么建议?和上面的答案?因为我认为会话是唯一的方式。
-
刚刚编辑了它。在这里,我尝试执行 isset 功能,但似乎我的会话未设置,即使我在成功后尝试在验证过程中设置它。我使用的是 5.0.51 mysql,以防我的代码只影响版本。