登录中不需要的无限循环

时间:2016-01-30 21:50:02

标签: php loops cookies infinite-loop

我尝试使用cookie进行登录,但无法使其正常工作,因为我每次都有无限循环,已经在思考如何修复它。 就像这样它会显示一切都很完美,存储cookie并重定向到panel.php,但验证不再有用,我可以进入每个模块,如index.php?do=module

更新会话Cookie 它是用户登录后保存在数据库中的ramdon值,然后将其存储在Cookie中以便每次进行比较。 我在需要时使用$_COOKIE["session"]查找用户信息,因为每次登录时都会动态更改。

core.php中

if (! defined ( 'SRCP' )) {
die ( "Error" );
}
@include_once (CORE_DIR. '/security/check.loged.php');
// i was trying to set a variable to tell the script to do not check again, so the loop will break, but i just got a blank page.
if (!$conectado='si') {
header("Location: index.php?do=login");
 }
//recive and store, i was going to use the $_GET inside the switch, but that loop got me
if (isset($_GET['do'])) {
$do = $_GET['do'];
}
switch ( $do ) {

case "panel" :
    include_once CORE_DIR . '/modulos/panel.php';
    break;
case "login" :
    include_once CORE_DIR . '/modulos/login.php';
    break;
default:
    include_once CORE_DIR . '/modulos/login.php';
    break;
}

check.login.php

if (! defined ( 'SRCP' )) {
 die ( "Error" );
}
if (isset($_COOKIE["id_usuario"]) && isset($_COOKIE["session"])){

if ($_COOKIE["id_usuario"]!="" || $_COOKIE["session"]!=""){

    $query = "  SELECT  ID, 
                        password,
                        salt,
                        correo,
                        logueado
                FROM    usuarios 
                WHERE   cookie = :cookie 
             "; 
    $query_params = array( 
        ':cookie' => $_COOKIE['session'] 
    ); 

    try{ 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex){ 
      //echo the error.
            } 
    $row = $stmt->fetch();
    $conectado='si';
}
else{
  $conectado='no';
}
}

在面板内部,我没有php代码,因为我将它包含在这个index.php文件中。

define ( 'SRCP', true );
define ( 'ROOT_DIR', dirname ( __FILE__ ) );
define ( 'CORE_DIR', ROOT_DIR . '/core' );
require_once ROOT_DIR . '/core/core.php';

编辑: 修复了。不得不在check.loged.php

中重新制作代码
$row = $stmt->fetch();
if($row['logueado']=='SI'){
  $login_ok = true;
}else{
  $login_ok = 0;
}

1 个答案:

答案 0 :(得分:0)

core.php中,这是不对的:

if (!$conectado='si') { // this is setting a value instead of comparing
    header("Location: index.php?do=login");
}

Shoud be:

if ($conectado != 'si') { ... }

if ($conectado == 'no') { ... }