目前我遇到了一些麻烦。我的网站是通过路由器工作的,但是当我和我姐姐在我的网站上时,我们就会登录到同一个帐户/用户。
示例:说,我退出了。然后我的姐姐退出了,或者我登录,然后她使用与我相同的帐户登录。
我知道我的会话肯定有问题,目前我正在努力学习并思考如果有多个用户在线互动和做事会是什么样子。老实说,我几乎没有触及会议的表面,我正在努力了解当多个用户同时在线时会发生什么。
我已经看过其他Q& As在这里,但我没有太多运气找到任何有用的这个主题。我不介意任何帮助或建议,以及我的基本系统中的任何缺陷。
<?php
session_start();
session_id("userID");
if(!isset($_SESSION['login'])) {
$_SESSION['login'] = false;
} elseif($_SESSION['login'] === true) {
$query = "SELECT * FROM users WHERE username='{$_SESSION['l-user']}' LIMIT 1";
$set = mysqli_query($db->connection, $query);
$get = mysqli_fetch_assoc($set);
$_SESSION['l-avatar'] = "{$get['avatar']}";
}
class Registery {
// variables
public $login;
public $user;
private $reg;
private $log;
public function register() {
$db = new MySQLDatabase();
if($_SESSION['login'] === false) {
$s_user = strip_tags($_POST['user']);
$s_pass = strip_tags($_POST['pass']);
$s_bio = strip_tags($_POST['content'], "<p><b><i><img><br><a>");
$s_gend = strip_tags($_POST['gender']);
$s_age = strip_tags($_POST['age']);
$s_u = mysqli_real_escape_string($db->connection, $s_user);
$s_p = mysqli_real_escape_string($db->connection, $s_pass);
$s_b = mysqli_real_escape_string($db->connection, $s_bio);
$s_g = mysqli_real_escape_string($db->connection, $s_gend);
$s_a = mysqli_real_escape_string($db->connection, $s_age);
$sql = "INSERT INTO users (id, username, password, content, tag, gender, rank, age, date, time) VALUES (NULL, '{$s_u}', '".sha1($s_p)."', '{$s_b}', 'I\'m new! And my name is {$s_u}', '{$s_g}', 'member', '{$s_a}', CURDATE(), NOW())";
$this->reg = mysqli_query($db->connection, $sql);
if($this->reg === true) {
$_SESSION['login'] = true;
$_SESSION['l-user'] = "{$s_u}";
}
}
}
public function confirm_reg() {
if($this->reg === true) {
$success = "<div class=\"success\">";
$success .= "<p><b><i class=\"fi-info\"></i></b> Successfully registered.</p>";
$success .= "</div>";
echo "{$success}";
} else {
$error = "<div class=\"error\">";
$error .= "<p><b><i class=\"fi-info\"></i></b> Failed to register.<br /><b>NOTE:</b> You may have entered a username that already exists.</p>";
$error .= "</div>";
echo "{$error}";
}
}
public function login() {
$db = new MYSQLDatabase();
if($_SESSION['login'] === false) {
$s_user = strip_tags($_POST['user']);
$s_pass = strip_tags($_POST['pass']);
$s_u = mysqli_real_escape_string($db->connection, $s_user);
$s_p = mysqli_real_escape_string($db->connection, $s_pass);
$sql = "SELECT * FROM users WHERE username='{$s_u}' AND password='".sha1($s_p)."' LIMIT 1";
$this->log = mysqli_query($db->connection, $sql);
if(mysqli_num_rows($this->log) === 1) {
$_SESSION['login'] = true;
$_SESSION['l-user'] = "{$s_u}";
}
}
}
public function confirm_log() {
if(mysqli_num_rows($this->log) === 1) {
$success = "<div class=\"success\">";
$success .= "<p><b><i class=\"fi-info\"></i></b> Successfully logged in.</p>";
$success .= "</div>";
echo "{$success}";
} else {
$error = "<div class=\"error\">";
$error .= "<p><b><i class=\"fi-info\"></i></b> Failed to login.<br /><b>NOTE:</b> You entered the wrong username or password, make sure your capslock is off.</p>";
$error .= "</div>";
echo "{$error}";
}
}
public function logout() {
$_SESSION['login'] = false;
$_SESSION['l-user'] = "";
}
} // end of class
$user = new Registery();
?>
答案 0 :(得分:0)
您必须为每个会话创建唯一的会话ID。