基本的に、アカウントの顧客が適切な詳細を入力することで Web サイトにログインできるようにする次の Web サイトがあります。
すでに入力されているログイン値と同一の別のログインページを作成しました:こちら
基本的に次のコードを追加しました。
$(document).ready(function(){
$('#btn-login').click();
});
これは、2 番目のリンクに移動したときにゲストとして自動的にログインするためです。問題なく動作しますが、ゲストとしてログアウトし、2 番目のリンクから再度ログインしようとすると、最初のリンク (login.php) にリダイレクトされます。値。
これを行うためのより良い方法はありますか、またはこれが起こらないようにする方法はありますか?
リダイレクトを削除すると、ログアウトしてから自動ログイン リンクに移動しようとすると、ページに移動し、すべての詳細が入力されますが、自動的にログインしません。
どんな助けでも大歓迎です。
ログインについては、以下のコードを参照してください (session-controller.php)
<?php
require_once("controllers/server.filter.php");
require_once('models/server.php');
require_once("models/useraccount.php");
require_once("models/sql.php");
class SessionController {
private static $login_status;
private static $redirect_url;
public static $form_action;
## Getters ##
private static function get_loginstatus() {return self::$login_status;}
## Setters ##
private static function set_loginstatus($in_str) {self::$login_status = $in_str;}
## Functions ##
public static function validate_user() {
UserAccount::set_username($_REQUEST['txt-username']);
UserAccount::set_password($_REQUEST['txt-password']);
$pdo = new SQL();
$dbh = $pdo->connect(Database::$serverIP, Database::$serverPort, Database::$dbName, Database::$user, Database::$pass);
try {
// Does user exist?
$query = "SELECT COUNT(UserName) FROM tblusers WHERE UserName = :in_username";
$stmt = $dbh->prepare($query);
$param = Filter::san_str_html(UserAccount::get_username());
$stmt->bindParam(':in_username', $param, PDO::PARAM_STR);
$stmt->execute();
$number_of_rows = $stmt->fetchColumn();
$stmt->closeCursor();
if ($number_of_rows <= 0) {
self::set_loginstatus("The user does not exist in our database, please try again.");
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
} else {
// User verified, check password...
self::verify_password();
}
}
catch (PDOException $pe) {
die("Error: " .$pe->getMessage());
}
$pdo = null;
}
private static function verify_password() {
$pdo = new SQL();
$dbh = $pdo->connect(Database::$serverIP, Database::$serverPort, Database::$dbName, Database::$user, Database::$pass);
try {
// Does the password given match the password held?
$query = "SELECT COUNT(*) FROM tblusers WHERE UserName = :in_username AND Password = :in_password";
$stmt = $dbh->prepare($query);
$param1 = UserAccount::get_password();
$param2 = Filter::san_str_html(UserAccount::get_username());
$stmt->bindParam(':in_username', $param2, PDO::PARAM_STR);
$stmt->bindParam(':in_password', $param1, PDO::PARAM_STR);
$stmt->execute();
$number_of_rows = $stmt->fetchColumn();
}
catch (PDOException $pe) {
die("Error: " .$pe->getMessage());
}
$pdo = null;
if ($number_of_rows == 1) {
$_SESSION['username'] = UserAccount::get_username();
// Begin verification..
self::set_useraccount(true);
} else {
self::set_loginstatus("Verification failed! Password incorrect, please try again.");
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
}
}
private static function verify_account() {
// Account types: 9 = Disabled, 0 = Normal/Restricted, 1 = Administrative
if (UserAccount::get_accounttype() == 9) {
self::set_loginstatus("Verification failed! This account has been disabled."); ## Account disabled
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
} else
// User login types: 9 = Disabled, 0 = Normal/Restricted, 1 = Administrative
if (UserAccount::get_usertype() == 9) {
self::set_loginstatus("Verification failed! This login has been disabled."); ## User login disabled
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
} else {
// Set redirect url here
if (UserAccount::get_accounttype() == 1) {
self::$redirect_url = 'controlpanel.php';
}
if (UserAccount::get_accounttype() == 0 && UserAccount::get_usertype() == 1) {
self::$redirect_url = 'controlpanel.php';
}
if (UserAccount::get_accounttype() == 0 && UserAccount::get_usertype() == 0) {
self::$redirect_url = 'newbooking.php';
}
// All ok, set user and account properties
return true;
}
}
public static function set_useraccount($redirect_bool) {
// If username session is set...
if (isset($_SESSION['username'])) {
UserAccount::set_username($_SESSION['username']);
// Query Database for the rest of the data
$pdo = new SQL();
$dbh = $pdo->connect(Database::$serverIP, Database::$serverPort, Database::$dbName, Database::$user, Database::$pass);
try {
$query = "SELECT AccountName
FROM tblusers
WHERE UserName = :in_username";
$stmt = $dbh->prepare($query);
$param1 = UserAccount::get_username();
$stmt->bindParam(':in_username', $param1, PDO::PARAM_STR);
$stmt->execute();
// Parse
$row = $stmt->fetch(PDO::FETCH_BOTH);
$stmt->closeCursor();
}
catch (PDOException $pe) {
die("Error: " .$pe->getMessage());
}
UserAccount::set_accountname($row['AccountName']);
try {
$query = "SELECT a.Id, a.AccountName, a.AccountNumber, a.AccountEmail, a.AccountTel,
a.AccountContact, a.AccountType, a.PaymentType, u.UserName,
u.FullName, u.UserEmail, u.UserTel, u.UserType
FROM tblaccounts a JOIN tblusers u
ON a.AccountName = u.AccountName
WHERE a.AccountName = :in_accname
AND u.UserName = :in_username";
$stmt = $dbh->prepare($query);
$param2 = UserAccount::get_accountname();
$param3 = UserAccount::get_username();
$stmt->bindParam(':in_accname', $param2, PDO::PARAM_STR);
$stmt->bindParam(':in_username', $param3, PDO::PARAM_STR);
$stmt->execute();
// Parse
$row = $stmt->fetch(PDO::FETCH_BOTH);
}
catch (PDOException $pe) {
die("Error: " .$pe->getMessage());
}
// Set properties and sessions variables
UserAccount::set_id($row['Id']);
UserAccount::set_accountname($row['AccountName']);
UserAccount::set_accountnumber($row['AccountNumber']);
UserAccount::set_accountemail($row['AccountEmail']);
UserAccount::set_fullname($row['FullName']);
UserAccount::set_accounttel($row['AccountTel']);
UserAccount::set_accountcontact($row['AccountContact']);
UserAccount::set_accounttype((int)$row['AccountType']);
UserAccount::set_paymenttype((int)$row['PaymentType']);
UserAccount::set_useremail($row['UserEmail']);
UserAccount::set_usertel($row['UserTel']);
UserAccount::set_usertype((int)$row['UserType']);
if (self::verify_account()) {
switch (UserAccount::get_paymenttype()) {
case 0:
$_SESSION['ua-paymenttype-asstr'] = 'Credit/Debit Card';
self::$form_action = 'addressdetails.php';
break;
case 1:
$_SESSION['ua-paymenttype-asstr'] = 'Account';
self::$form_action = 'makebooking.php';
break;
case 2:
$_SESSION['ua-paymenttype-asstr'] = 'Cash';
self::$form_action = 'makebooking.php';
break;
}
switch (UserAccount::get_usertype()) {
case 9:
$_SESSION['ua-usertype-asstr'] = 'Disabled/Suspended';
break;
case 0:
$_SESSION['ua-usertype-asstr'] = 'Standard';
break;
case 1:
$_SESSION['ua-usertype-asstr'] = 'Account Administrator';
break;
}
switch (UserAccount::get_accounttype()) {
case 9:
$_SESSION['ua-accounttype-asstr'] = 'Disabled/Suspended';
break;
case 0:
$_SESSION['ua-accounttype-asstr'] = ' ';
break;
case 1:
$_SESSION['ua-accounttype-asstr'] = '(SA)';
break;
}
// Redirect
if ($redirect_bool) {
self::redirect(true);
}
}
} else {
self::set_loginstatus("Pre-requisite failure! Browser not supporting cookies!");
$_SESSION['login-status'] = self::get_loginstatus();
self::redirect(false);
}
}
private static function redirect($auth_bool) {
//parent::set_sessionstate(true); ## Set session to active -- persistance to DB
//self::$determine_session_type(); ## Set session type -- persistance to DB
if ($auth_bool == true) {
$doc_root = $_SERVER['DOCUMENT_ROOT'];
self::set_loginstatus('');
$_SESSION['login-status'] = self::get_loginstatus();
header("Location: ".self::$redirect_url);
} else {
header("Location: login.php");
}
}
}
?>