PDO会话存储
PDO会话存储
提问于 2016-02-04 12:44:36
我使用PDO来构建这个简单的登录/注册/注销系统。我正在尝试添加一个会话,这样没有登录的用户就不能导航到home.php,但即使我添加了session_start()并使用$_SESSION['user_email'] = $email_log存储了电子邮件。
我仍然在没有登录的情况下导航到home.php。
登录代码:
if (isset($_POST['submit_log']) == 1) {
$stmt_lg = $conn->prepare("SELECT id, email, password FROM user WHERE email = :email_log AND password = :password_log");
$stmt_lg->bindParam(":email_log", $email_log);
$stmt_lg->bindParam(":password_log", $password_log);
$stmt_lg->execute();
$user = $stmt_lg->fetch(PDO::FETCH_ASSOC);
if ($user === false) {
echo "<script>alert('Username or password is incorrect.');</script>";
} else {
$_SESSION['user_email'] = $user['email_log'];
$_SESSION['logged_in'] = time();
header('Location: home.php');
exit;
}
}home.php:
$sess = $_SESSION['user_email'];
$sess_ch = $conn->prepare("SELECT email FROM user WHERE email = :user_email");
$sess_ch->bindParam(":user_email", $sess);
$sess_ch->execute();
$ses = $sess_ch->setFetchMode(PDO::FETCH_ASSOC);
if ($ses === 1) {
echo "<script>window.location.href = 'index.php';</script>";
}logout.php:
<?php
if (isset($_POST['logout'])) {
unset($_SESSION['user_email']);
$_SESSION = array();
session_destroy();
header("Location: index.php");
}
?>index.php:
<?php
session_start();
$servername = "localhost";
$username = "root";
$password = "";
$name = $_POST['name'];
$email = $_POST['email'];
$pass = $_POST['password'];
$pass2 = $_POST['password2'];
$email_log = $_POST['email_log'];
$password_log = $_POST['password_log'];
try {
$conn = new PDO("mysql:host=$servername;dbname=program", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo "<script>alert('Connected successfully');</script>";
if (isset($_POST['submit']) == 1) {
$stmt_ch = $conn->prepare("SELECT email FROM user WHERE email = :email");
$stmt_ch->bindParam(":email", $email);
$stmt_ch->execute();
if ($stmt_ch->rowCount() === 1) {
echo "<script>alert('Username already taken.');</script>";
} else {
$stmt_re = $conn->prepare("INSERT INTO user (name, email, password) VALUES (:name, :email, :password)");
$stmt_re->bindParam(":name", $name);
$stmt_re->bindParam(":email", $email);
$stmt_re->bindParam(":password", $pass);
$stmt_re->execute();
echo "<script>alert('Account was successfully registerd.');</script>";
}
}
if (isset($_POST['submit_log']) == 1) {
$stmt_lg = $conn->prepare("SELECT id, email, password FROM user WHERE email = :email_log AND password = :password_log");
$stmt_lg->bindParam(":email_log", $email_log);
$stmt_lg->bindParam(":password_log", $password_log);
$stmt_lg->execute();
$user = $stmt_lg->fetch(PDO::FETCH_ASSOC);
if ($user === false) {
echo "<script>alert('Username or password is incorrect.');</script>";
} else {
$_SESSION['user_email'] = $user['email_log'];
$_SESSION['logged_in'] = time();
header('Location: home.php');
exit;
}
}
} catch(PDOException $e) {
echo "Connection failed: " . $e->getMessage();
}
?>回答 2
Stack Overflow用户
发布于 2016-02-04 12:48:20
删除这部分代码,因为$ses将在失败时返回true和false,而且您只需要检查会话变量是否已设置。
if ($ses === 1) {
echo "<script>window.location.href = 'index.php';</script>";
}如果未设置$_SESSION['user_email'],请在顶部检查您的home.php,如果未设置,请重定向到其他页面
session_start();
if(!isset($_SESSION['user_email'])){
//Redirect to other page since the user_email is not set
//Let just say you will redirect to index.php file
header("Location: index.php");
}Stack Overflow用户
发布于 2016-02-04 12:49:03
这是不正确的:$ses = $sess_ch->setFetchMode(PDO::FETCH_ASSOC); as setFetchMode返回一个布尔值。因此,如果使用var_dump($ses);,您很可能会发现该$ses === true与1不相同;因此if语句返回false。
取而代之的是:
$ses = $sess_ch->fetch();
if(!$ses){ header('Location: index.php'); }编辑澄清:我说的是在home.php中
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/35192678
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号