在PHP中通过Sessions设置登录系统 [英] To set up a login system by Sessions in PHP
问题描述
我找到了问题2的根源.它是 session_register(foo)的使用.
I found the source of the problem #2. It is the use of session_register(foo).
我将以下内容放入了 handle_registration.php .
session_register("foo");
session_register("foo2");
$foo2 = $_POST['email'];
$foo['email'] = $_POST['email']
问题仍然存在,因为没有变量存储到我的会话cookie中.
The problem still persists, since no variables are stored to my session cookie.
这是我的
我的 我的index.php的开始 当我的index.php结束时 while the very end of my index.php 在会话代码开始之后,我就通过以下方式对用户密码进行验证了 I have right after the very beginning of the session code the validation process of user's password by 该代码连续为我生成随机会话,因此不会为该用户保存任何用户数据.
在我的代码中,我在登录/注册处理程序后将每个 The code generates me continuously random sessions such that no user's data is being saved for the user.
I replaced each 您的代码如下: 在调用 You definitly have some output (the whole content of your page, actually) before 问题不在于空行"或空格:而是与输出有关;并输出 HTML ;-) The problem is not with "empty lines" or spaces : it is with output ; and HTML is output ;-) 与对 Like the call to 更多想法. 顺便说一句?我不确定您是否真的需要调用 BTW? I'm not sure you actually need to call 会话数据通常存储在
您的脚本已终止,但没有
需要调用session_write_close() Session data is usually stored after
your script terminated without the
need to call session_write_close() 您可能需要自己调用此函数的唯一情况是,如果您要进行长计算: The only case you might need to call this function yourself is if you are doing long calculations : 会话数据被锁定以防止
并发只写一个脚本
随时进行会话操作.什么时候
将框架集与会话一起使用
您将体验帧加载
由于此锁定,一个接一个.你
可以减少加载所有文件所需的时间
通过将会话结束为以下帧
所有会话更改后
变量已完成. session data is locked to prevent
concurrent writes only one script may
operate on a session at any time. When
using framesets together with sessions
you will experience the frames loading
one by one due to this locking. You
can reduce the time needed to load all
the frames by ending the session as
soon as all changes to session
variables are done. 但这似乎不是您的情况,因为您在脚本末尾调用此代码. But this doesn't seem to be your case, as you are calling this at the end of your script. 因此,您可以尝试删除对该函数的(无用吗?)调用... So, you could try removing the (useless ?) call to that function... 我想,永远不要调用它足以使您的站点正常工作...即使出于用户安全方面的考虑,即使您希望在用户登录时调用它(如果我没记错的话,只要用户的权限级别更改) I suppose never calling it would be enough for your site to work... Even if you might want to call it when the user logs in, for security precautions (If I remember correctly, it's nice to call this function whenever the privileges level of a user changes) 与 session_id 一样,顺便说一句:您真的需要在每个页面上调用此函数吗? Same about session_id, btw : do you really need to call this function on each page ? 这篇关于在PHP中通过Sessions设置登录系统的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!session_write_close
用于生成用于登录的会话?
session_write_close
in generating sessions for login?index.php
开头有session_start()
. session_start();
if($_SESSION['logged_in'] == false) {
$random_number = rand(1,100000);
session_id($random_number);
session_id['email'] = '';
}
<?php
session_write_close(); // Session code ends here!
?>
$dbconn = pg_connect("host=localhost port=5432 dbname=masi user=masi password=123");
$result = pg_prepare($dbconn, "query22", "SELECT passhash_md5 FROM users
WHERE email=$1;");
$passhash_md5 = pg_execute($dbconn, "query22", array($_REQUEST['email']));
// users from registration/login form
if ($passhash_md5 == md5($_REQUEST['password'])) {
$_SESSION['logged_in'] = true;
$_SESSION['email'] = $_REQUEST['email'];
$_SESSION['passhash_md5'] = md5($_REQUEST['password']);
}
// this may be unnecessary if the passhash_md5 cannot be changed by the user
$passhash_md5_2 = pg_execute($dbconn, "query22", array($_SESSION['email']));
// users staying in the site
if ($passhash_md5_2 == $_SESSION['passhash_md5'])) {
$_SESSION['logged_in'] = true;
}
$_REQUEST
替换为$_SESSION
,因为$_REQUEST
不包含$ _SESSION-仍然是同样的问题,并且在注册/登录后我无法在首页中看到用户名.>
$_REQUEST
after the login/registration handlers by $_SESSION
in my code, since $_REQUEST
does not include $_SESSION - still the same problem and I cannot see the username in the homepage after registration/login.推荐答案
-- content cut --
</html>
<?php
session_regenerate_id(true); // Session code ends here!
session_write_close();
?>
session_regenerate_id
之前,您肯定有一些输出(实际上是页面的全部内容);因此是错误.session_regenerate_id
is called ; hence the error.session_start
的调用一样,对session_regenerate_id
的调用应在脚本开始之前完成,然后再将任何内容发送到浏览器.
因此,在这里,在index.php
顶部"的块中.session_start
, the call to session_regenerate_id
should be done at the beginning of the script, before anything is sent to the browser.
So, here, in the block at the "top" of your index.php
.session_write_close
;我相信我可能从未使用过该功能,而且,还引用了doc:session_write_close
; I've probably never used that function, I believe... And, quoting the doc :
而且,关于 session_regenerate_id
:您真的需要在每个页面上调用此函数吗?
And, about session_regenerate_id
: do you really need to call this function on each page ?