检查 PHP 会话 - ISSET($会话 - 不工作
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13533296/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
CHECK PHP SESSION - ISSET($SESSION - IS NOT WORKING
提问by Henry Aspden
This is in my page, and it should check that a user is logged in on http://carbonyzed.co.uk/Websites/Jason/sites/2/test/login_success.php
这是在我的页面中,它应该检查用户是否登录 http://carbonyzed.co.uk/Websites/Jason/sites/2/test/login_success.php
but anybody can assess it, not just those logged in
但任何人都可以评估它,而不仅仅是那些登录的人
<?php
session_start();
if( isset($_SESSION["myusername"]) ){
header("location:main_login.html");
}
?>
I have tried
我试过了
if( isset($_SESSION["myusername"]) ){
if( isset($_SESSION["myusername"]) ){
and
和
if( isset($_SESSION[$myusername]) ){
if( isset($_SESSION[$myusername]) ){
LOGIN CODEperhaps a session isn't being created?
登录代码也许没有创建会话?
<?php
ob_start();
$host="ClubEvents.db.9606426.hostedresource.com"; // Host name
$username="ClubEventsRead"; // Mysql username
$password="Pa55word!"; // Mysql password
$db_name="ClubEvents"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
回答by MrCode
Add the NOT operator !to the if statement. Also don't forget to add exit()after your header. The locationheader is telling the browser to redirect, but an attacker could view your page and simply ignore the locationheader, thus bypassing your authentication system becuase your PHP code would continue to execute.
将 NOT 运算符添加!到 if 语句。也不要忘记exit()在标题后添加。该location头告诉浏览器重定向,但攻击者可以查看您的网页,只要忽略location头部,从而绕过验证系统监守你的PHP代码将继续执行。
if( !isset($_SESSION["myusername"]) ){
header("location:main_login.html");
exit();
}
Furthermore, you aren't calling session_start()in the login code that you posted, therefore the session is not accessible.
此外,您没有调用session_start()您发布的登录代码,因此无法访问会话。
回答by cryptic ツ
<?php
session_start();
if (!isset($_SESSION['myusername']))
{
header('Location: main_login.html');
}
?>
You need to negate the check.
你需要否定支票。
回答by Cain?
You can also use:
您还可以使用:
<?php
session_start();
if (empty($_SESSION['myusername'])) {
header('Location: main_login.html');
}
?>
