登录不保留用户信息

时间:2016-06-13 18:10:45

标签: php sql

我为我的网站创建了一个基本的用户登录功能,但它似乎没有保留用户已经登录的事实。 我已经尝试在我的'login_tools'文件中创建一个名为'logged_in'的函数来检查用户是否已经登录,并试图在'user_home'文件中调用它,但它没有识别它。我无法确定它是否真的有效。我是以正确的方式或在正确的地方称呼这个吗?或者它可能是实际功能本身的问题? 我需要确保用户可以保持登录状态,直到他们自己手动注销为止,因为这是我网站下一阶段的基础,他们可以访问特定于他们的数据库信息。 我发布了下面的这两个文件,以及其他文件的上下文。 对于我可能做错的任何建议表示赞赏。

的login.php 

<!DOCTYPE HTML>

<?php
include("includes/db.php");
include("includes/head.php");
include("includes/search_box.php");
include("includes/left_sidebar.php");

?>

<html>
    <body>

    <h1>Login form</h1>
    <form action="login_process.php" method="POST">
    <p>
    Email address: <input type="text" name="email"></p>
    <p>
    Password: <input type="password" name="password"></p>
    <p>
    <input type="submit" value="Login"></p>
    </form>

    </body>
    </html>

    <?php

    if (isset($errors) && !empty($errors)){
        echo'<h1>Error!</h1>
        <p id="err_msg">There was a problem!<br>';
        foreach($errors as $msg){
            echo "- $msg<br>";
        }
        echo 'Please try again or <a href="registration.php">Register your profile</a></p>';
        }//if

    ?>

login_tools.php 

<?php

function load_page($load_page = 'login.php'){
    $url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);

    $url = rtrim($url,'/\\');
    $url.='/'.$load_page;
    header("Location:$url");
    exit();
}//load_page

function logged_in(){
    return (isset($_SESSION['user_id'])) ? true : false;
}

function validate_user($con, $user_email='', $user_password=''){

    $errors=array();


    if (empty($user_email)){
        $errors[]='Please enter your email address!';}//if
    else
    {$email = mysqli_real_escape_string($con, trim($user_email));}//else


    if (empty($user_password)){
        $errors[]='Please enter your password!';}//if
    else
    {$password = mysqli_real_escape_string($con, trim($user_password));}//else

    if(empty($errors)){
        $query_users = "select user_id, fName, sName from users where user_email='$email' and user_password=SHA1('$password')";
        $run_query_users=mysqli_query($con, $query_users);

        if (mysqli_num_rows($run_query_users) == 1){
            $row = mysqli_fetch_array($run_query_users, MYSQLI_ASSOC);
            return array(true, $row);
        }//if
        else { $errors[] = 'Email and password have not been found';

        }//else
        }//if

    return array(false, $errors);

}

    //validate_user


?>

login_process.php 

<?php

//Check login form has been submitted correctly

if ($_SERVER['REQUEST_METHOD'] == 'POST'){

    require("includes/db.php"); //Open db connection
    require("login_tools.php"); //Access login tools
    require("functions/functions.php");//

    //Verify if login has been successful and fetch user details
    list($verify, $details) = validate_user($db, $_POST['email'], $_POST['password']);

    //Set session data for user details & load user homepage


    if ($verify){
        session_start();

        $_SESSION['user_id'] = $details['user_id'];
        $_SESSION['fName'] = $details['fName'];
        $_SESSION['sName'] = $details['sName'];

        load_page('user_home.php');

    }//if
    else {$errors = $details;}

    //Close db connection
    mysqli_close($db);

    }//if



include ('login.php');

?>

user_home.php 

<!DOCTYPE HTML>

<?php
include("includes/db.php");
include("includes/head.php");
include("includes/search_box.php");
include("includes/left_sidebar.php");

?>

<?php

session_start();

//Check if user is logged in already or proceed with logging them in

if (logged_in === true) {
    echo 'You are already logged in!<a href="logout.php">Logout</a>';
}
else {

if (!isset($_SESSION['user_id'])){
    require('login_tools.php');
    load_page();

    }//if

//Confirm user is logged on
echo"<h1>PROFILE PAGE</h1>
<p>You have successfully logged in, user number {$_SESSION['user_id']} {$_SESSION['fName']} {$_SESSION['sName']}</p>";

echo '<p>
<a href="user_itinerary.php">Your itinerary</a>
<a href="user_details.php">Your details</a>
<a href="logout.php">Logout</a>
</p>';

}//else

?>

logout.php 

<?php

include("includes/db.php");
include("includes/head.php");
include("includes/search_box.php");
include("includes/left_sidebar.php");

//Allow access to session data

session_start();

//Redirect user to login page if they're not already logged in_array
if (!isset($_SESSION['user_id'])){
require('login_tools.php'); load_page();
}

//Clear existing session variables
$_SESSION = array();

session_destroy();

echo "<p>You are now logged out.</p>
<p><a href=login.php>Login again here</a></p>";

?>

1 个答案:

答案 0 :(得分:1)

session_start应该始终是任何php页面的第一行,甚至在包括所有外部页面之前。

session_start设为每页的第一行。

相关问题
最新问题