我创建了一个主页,如果用户没有登录,用户必须登录。
这是我的index.php:
<?php
error_reporting(-1);
session_start();
echo $_SESSION['PHPSESSID'];
echo $_COOKIE['PHPSESSID'];
require_once('config.php');
require_once('core/login.php');
$config = new Notesconfig();
$baseURL = $config -> baseURL;
$login = new Login();
$connect = $login -> connectDB($config -> host, $config -> user, $config -> password, $config -> db);
if(isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password'])) {
$login -> processLogin($connect, $_POST['username'], md5($_POST['password']), $baseURL);
}
if(isset($_GET['logout'])) {
$login -> processLogout($connect, $baseURL);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html lang='en' xml:lang='en' xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="stylesheet" href="<?php echo $baseURL; ?>/css/main.css">
</head>
<body class="mainBody">
<div id="container">
<div id="header">
</div>
<div id="content">
<?php
if(!isset($_SESSION['PHPSESSID']) || empty($_SESSION['PHPSESSID']) || !isset($_COOKIE['PHPSESSID']) || empty($_COOKIE['PHPSESSID']) || ($_SESSION['PHPSESSID']) != ($_COOKIE['PHPSESSID'])) {
?>
<div id="main-content" style="width: 960px;">
<?php
$login -> viewLoginForm();
?>
</div>
<?php
}
else {
?>
<div id="main-content" style="width: 710px;">
</div>
<div id="right-column" style="width: 250px;">
<a href="./?logout=true" class="logout" target="_self" >Logout</a>
</div>
<?php
}
?>
</div>
<div id="footer">
</div>
</div>
</body>
</html>
这是我的core/login.php:
<?php
class Login {
//Connect Database
public function connectDB($host, $user, $password, $db) {
$connect = mysqli_connect($host, $user, $password, $db); //mysqli_connect(host,username,password,dbname,port,socket);
if($connect) {
echo "Database Connection Established.";
return $connect;
}
else {
echo "Database Connection Failed.";
}
}
//Login User
public function processLogin($connection, $username, $password, $baseURL) {
$username = mysqli_real_escape_string($connection, stripslashes($username));
$password = mysqli_real_escape_string($connection, stripslashes($password));
$db = "SELECT `username`, `password`, `phpsessid` FROM `login` WHERE `username` = '$username' AND `password` = '$password' LIMIT 1";
$db_query = mysqli_query($connection, $db);
if(mysqli_num_rows($db_query)) {
echo "Query Success.";
$row = mysqli_fetch_array($db_query);
$_SESSION['PHPSESSID'] = $row['phpsessid'];
setcookie("PHPSESSID", $row['phpsessid'], 0);
}
else {
echo "Query Failed. Reason:".$connection->error;
return false;
}
mysqli_close($connection);
header('Location: '.$baseURL);
die;
}
//Logout User
public function processLogout($connection, $phpsessid, $baseURL) {
unset($_SESSION['PHPSESSID']);
//unset($_COOKIE['PHPSESSID']);
setcookie("PHPSESSID", $phpsessid, time()-360000);
mysqli_close($connection);
header('Location: '.$baseURL);
}
//Display Login Form
public function viewLoginForm() {
echo '<form action=" " id="loginForm" method="POST" >';
echo '<table class="loginForm">';
echo '<tr>';
echo '<td>Matric No.</td><td><input type=\"text\" name="username" /></td>';
echo '</tr>';
echo '<tr>';
echo '<td>Password</td><td><input type="password" name="password" /></td>';
echo '</tr>';
echo '<tr>';
echo '<td> </td><td><input type="submit" name="login" value="Login" /></td>';
echo '</tr>';
echo '</table>';
echo '</form>';
}
}
?>
config.php只包含我想要使用的一些数据:
<?php
class Notesconfig {
public $baseURL = 'http://localhost/notes';
public $siteName = 'Notes';
public $host = 'localhost';
public $user = 'root';
public $password = '';
public $db = 'notes';
}
?>
但是,我需要登录两次,然后成功设置session和cookies,而我不需要退出两次。
当我第一次点击登录时,我得到Query Success,但没有登录。
然后我点击了AGAIN登录,这次我将成功登录。
登录后,我点击退出,然后返回登录页面。我需要再次登录两次才能成功登录。
如何解决此错误?
修改
更改所有PHPSESSID并解决问题。
答案 0 :(得分:4)
设置后,您在同一请求中从$_COOKIE获取值,这是不可能的。此值可以从下一个请求访问,因此登录后您必须重定向用户(并且POST请求后重定向是好的。)