我为我的网站创建了一个基本的用户登录功能,但它似乎没有保留用户已经登录的事实。 我已经尝试在我的'login_tools'文件中创建一个名为'logged_in'的函数来检查用户是否已经登录,并试图在'user_home'文件中调用它,但它没有识别它。我无法确定它是否真的有效。我是以正确的方式或在正确的地方称呼这个吗?或者它可能是实际功能本身的问题? 我需要确保用户可以保持登录状态,直到他们自己手动注销为止,因为这是我网站下一阶段的基础,他们可以访问特定于他们的数据库信息。 我发布了下面的这两个文件,以及其他文件的上下文。 对于我可能做错的任何建议表示赞赏。
的login.php
<!DOCTYPE HTML>
<?php
include("includes/db.php");
include("includes/head.php");
include("includes/search_box.php");
include("includes/left_sidebar.php");
?>
<html>
<body>
<h1>Login form</h1>
<form action="login_process.php" method="POST">
<p>
Email address: <input type="text" name="email"></p>
<p>
Password: <input type="password" name="password"></p>
<p>
<input type="submit" value="Login"></p>
</form>
</body>
</html>
<?php
if (isset($errors) && !empty($errors)){
echo'<h1>Error!</h1>
<p id="err_msg">There was a problem!<br>';
foreach($errors as $msg){
echo "- $msg<br>";
}
echo 'Please try again or <a href="registration.php">Register your profile</a></p>';
}//if
?>
login_tools.php
<?php
function load_page($load_page = 'login.php'){
$url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url = rtrim($url,'/\\');
$url.='/'.$load_page;
header("Location:$url");
exit();
}//load_page
function logged_in(){
return (isset($_SESSION['user_id'])) ? true : false;
}
function validate_user($con, $user_email='', $user_password=''){
$errors=array();
if (empty($user_email)){
$errors[]='Please enter your email address!';}//if
else
{$email = mysqli_real_escape_string($con, trim($user_email));}//else
if (empty($user_password)){
$errors[]='Please enter your password!';}//if
else
{$password = mysqli_real_escape_string($con, trim($user_password));}//else
if(empty($errors)){
$query_users = "select user_id, fName, sName from users where user_email='$email' and user_password=SHA1('$password')";
$run_query_users=mysqli_query($con, $query_users);
if (mysqli_num_rows($run_query_users) == 1){
$row = mysqli_fetch_array($run_query_users, MYSQLI_ASSOC);
return array(true, $row);
}//if
else { $errors[] = 'Email and password have not been found';
}//else
}//if
return array(false, $errors);
}
//validate_user
?>
login_process.php
<?php
//Check login form has been submitted correctly
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
require("includes/db.php"); //Open db connection
require("login_tools.php"); //Access login tools
require("functions/functions.php");//
//Verify if login has been successful and fetch user details
list($verify, $details) = validate_user($db, $_POST['email'], $_POST['password']);
//Set session data for user details & load user homepage
if ($verify){
session_start();
$_SESSION['user_id'] = $details['user_id'];
$_SESSION['fName'] = $details['fName'];
$_SESSION['sName'] = $details['sName'];
load_page('user_home.php');
}//if
else {$errors = $details;}
//Close db connection
mysqli_close($db);
}//if
include ('login.php');
?>
user_home.php
<!DOCTYPE HTML>
<?php
include("includes/db.php");
include("includes/head.php");
include("includes/search_box.php");
include("includes/left_sidebar.php");
?>
<?php
session_start();
//Check if user is logged in already or proceed with logging them in
if (logged_in === true) {
echo 'You are already logged in!<a href="logout.php">Logout</a>';
}
else {
if (!isset($_SESSION['user_id'])){
require('login_tools.php');
load_page();
}//if
//Confirm user is logged on
echo"<h1>PROFILE PAGE</h1>
<p>You have successfully logged in, user number {$_SESSION['user_id']} {$_SESSION['fName']} {$_SESSION['sName']}</p>";
echo '<p>
<a href="user_itinerary.php">Your itinerary</a>
<a href="user_details.php">Your details</a>
<a href="logout.php">Logout</a>
</p>';
}//else
?>
logout.php
<?php
include("includes/db.php");
include("includes/head.php");
include("includes/search_box.php");
include("includes/left_sidebar.php");
//Allow access to session data
session_start();
//Redirect user to login page if they're not already logged in_array
if (!isset($_SESSION['user_id'])){
require('login_tools.php'); load_page();
}
//Clear existing session variables
$_SESSION = array();
session_destroy();
echo "<p>You are now logged out.</p>
<p><a href=login.php>Login again here</a></p>";
?>
答案 0 :(得分:1)
session_start
应该始终是任何php页面的第一行,甚至在包括所有外部页面之前。
将session_start
设为每页的第一行。