在PHP中通过Sessions设置登录系统 [英] To set up a login system by Sessions in PHP

问题描述

我找到了问题2的根源.它是 session_register(foo)的使用.

I found the source of the problem #2. It is the use of session_register(foo).

我将以下内容放入了 handle_registration.php .

session_register("foo");
session_register("foo2");

$foo2 = $_POST['email'];
$foo['email'] = $_POST['email']

问题仍然存在，因为没有变量存储到我的会话cookie中.

The problem still persists, since no variables are stored to my session cookie.

这是我的

由解决Pascal Martin 和崩解器: 在哪个位置将函数session_write_close用于生成用于登录的会话?

如何为用户会话"获得永久会话，以使每次加载index.php时都不会启动新会话?

1. Solved by Pascal Martin and The Disintegrator: Which is the right place to put the function session_write_close in generating sessions for login?
2. How can you get a permanent session for user "session" such that a new session is not started each time index.php is loaded?

我的index.php开头有session_start().

我的index.php的开始

 session_start();       
 if($_SESSION['logged_in'] == false) {
     $random_number = rand(1,100000);                                                       
     session_id($random_number);
     session_id['email'] = '';
 }

当我的index.php结束时

while the very end of my index.php

<?php
session_write_close();        // Session code ends here!
?>

在会话代码开始之后，我就通过以下方式对用户密码进行验证了

I have right after the very beginning of the session code the validation process of user's password by

 $dbconn = pg_connect("host=localhost port=5432 dbname=masi user=masi password=123");
 $result = pg_prepare($dbconn, "query22", "SELECT passhash_md5 FROM users
         WHERE email=$1;");

 $passhash_md5 = pg_execute($dbconn, "query22", array($_REQUEST['email']));     
 // users from registration/login form
 if ($passhash_md5 == md5($_REQUEST['password'])) {
     $_SESSION['logged_in'] = true;
     $_SESSION['email'] = $_REQUEST['email'];
     $_SESSION['passhash_md5'] = md5($_REQUEST['password']);
 }

 // this may be unnecessary if the passhash_md5 cannot be changed by the user 
 $passhash_md5_2 = pg_execute($dbconn, "query22", array($_SESSION['email']));  
 // users staying in the site
 if ($passhash_md5_2 == $_SESSION['passhash_md5'])) {
     $_SESSION['logged_in'] = true;
 }  

该代码连续为我生成随机会话，因此不会为该用户保存任何用户数据. 在我的代码中，我在登录/注册处理程序后将每个$_REQUEST替换为$_SESSION，因为$_REQUEST不包含$ _SESSION-仍然是同样的问题，并且在注册/登录后我无法在首页中看到用户名.

The code generates me continuously random sessions such that no user's data is being saved for the user. I replaced each $_REQUEST after the login/registration handlers by $_SESSION in my code, since $_REQUEST does not include $_SESSION - still the same problem and I cannot see the username in the homepage after registration/login.

推荐答案

您的代码如下:

                             -- content cut --
</html>
<?php
session_regenerate_id(true);               // Session code ends here!
session_write_close();
?>

在调用session_regenerate_id之前，您肯定有一些输出(实际上是页面的全部内容)；因此是错误.

You definitly have some output (the whole content of your page, actually) before session_regenerate_id is called ; hence the error.

问题不在于空行"或空格:而是与输出有关；并输出 HTML ;-)

The problem is not with "empty lines" or spaces : it is with output ; and HTML is output ;-)

与对session_start的调用一样，对session_regenerate_id的调用应在脚本开始之前完成，然后再将任何内容发送到浏览器.
因此，在这里，在index.php顶部"的块中.

Like the call to session_start, the call to session_regenerate_id should be done at the beginning of the script, before anything is sent to the browser.
So, here, in the block at the "top" of your index.php.

更多想法.

顺便说一句?我不确定您是否真的需要调用 session_write_close ；我相信我可能从未使用过该功能，而且，还引用了doc:

BTW? I'm not sure you actually need to call session_write_close ; I've probably never used that function, I believe... And, quoting the doc :

会话数据通常存储在 您的脚本已终止，但没有 需要调用session_write_close()

Session data is usually stored after your script terminated without the need to call session_write_close()

您可能需要自己调用此函数的唯一情况是，如果您要进行长计算:

The only case you might need to call this function yourself is if you are doing long calculations :

会话数据被锁定以防止 并发只写一个脚本 随时进行会话操作.什么时候 将框架集与会话一起使用 您将体验帧加载 由于此锁定，一个接一个.你 可以减少加载所有文件所需的时间 通过将会话结束为以下帧 所有会话更改后 变量已完成.

session data is locked to prevent concurrent writes only one script may operate on a session at any time. When using framesets together with sessions you will experience the frames loading one by one due to this locking. You can reduce the time needed to load all the frames by ending the session as soon as all changes to session variables are done.

但这似乎不是您的情况，因为您在脚本末尾调用此代码.

But this doesn't seem to be your case, as you are calling this at the end of your script.

因此，您可以尝试删除对该函数的(无用吗?)调用...

So, you could try removing the (useless ?) call to that function...

而且，关于 session_regenerate_id :您真的需要在每个页面上调用此函数吗?

And, about session_regenerate_id : do you really need to call this function on each page ?

我想，永远不要调用它足以使您的站点正常工作...即使出于用户安全方面的考虑，即使您希望在用户登录时调用它(如果我没记错的话，只要用户的权限级别更改)

I suppose never calling it would be enough for your site to work... Even if you might want to call it when the user logs in, for security precautions (If I remember correctly, it's nice to call this function whenever the privileges level of a user changes)

与 session_id 一样，顺便说一句:您真的需要在每个页面上调用此函数吗?

Same about session_id, btw : do you really need to call this function on each page ?

这篇关于在PHP中通过Sessions设置登录系统的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！