0

ログイン ページ、プロファイル ページ、およびログアウト ページを含む Web サイトを作成しています。セッションを使用していますが、セッションの処理に問題があり、エラーの内容や修正箇所がわかりません。

私が得るエラーは、profile.php にあります。**(("you need to be loged in to view profiles"))line 8** だれでもアイデアまたは解決策を持っています plz tel me

login.php

<?php 

 require_once('for members/scripts/global.php'); 

$message = "";
if(isset($_POST['email'])){

  $email = $_POST['email'];
  $pass = $_POST['pass'];


  //error handeling
  if((!$email)||(!$pass)){
  $message = "please insert both fields";

  }else{
   // secure data
   $email = mysql_real_escape_string($email);
   $pass = sha1($pass);
   $query = mysql_query("SELECT * FROM members WHERE email='$email'AND password='$pass'LIMIT 1")or die(mysql_error());
   $count_query = mysql_num_rows($query);
   if($count_query == 0){
   $message = "the information was incorrect!";
   }else{
   //start the sessions
   $_SESSION['pass']=$pass;
   while($row = mysql_fetch_array($query)){
       $username = $row['username'];
       $id = $row['id'];

    }
    $_SESSION['username'] = $username;
    $_SESSION['id'] = $id;

    /* to create a cookie on the HDD OF THE user 
    if($remember == "yes"){
    //create the cookies
    setcookie("id_cookie", $id, time()+60*60*24*100,"/");
    setcookie("pass_cookie", $pass, time()+60*60*24*100,"/");
    }
    */

     header("Location:profile.php");
   }
  }

}





?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link href="style/stylesheet.css"rel="stylesheet" type="text/css"/>
</head>

<body>



<div class="container center"> 

<p><?php print("$message") ?></p>
<form action="login.php" method="post">
<input type="text" name="email" placeholder="Email Adress" /><br />

<input type="password" name="pass" placeholder="Password" /><br />

<input type="submit" name="login" value="Login" />

 <a href="register.php"><strong> Register</strong></a>

</form>
</div>

</body>
</html>

profile.php

<?php  
ob_start();
session_start();

require_once('for members/scripts/global.php'); 

if($logged == 0){
 echo("you need to be loged in to view profiles");
 exit();
}
if(isset($_GET['id'])){
 $id=$_GET['id'];
 $id= preg_replace("#[^0-9]#","",$id);

}else{
$id=$_SESSION['id'];
}
//collect member information
$query = mysql_query("SELECT * FROM members WHERE id='$id'LIMIT 1") or die("could not collect user information ");
$count_mem = mysql_num_rows($query);
if($count_mem == 0){
 echo("the user does not exit");
 exit();

}
while($row = mysql_fetch_array($query)){
  $username = $row['username'];
  $fname = $row['firstname'];
  $lname = $row['lastname'];
  $profile_id= $row['id'];

  if($session_id == $profile_id){
  $owner = true;
  }else{
   $owner = false;

  }

}



?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php print("$fname"); ?> <?php print("$lname"); ?>'s profile</title>
<link href="style/stylesheet.css" type="text/css"/>
</head>

<body>
<div class="container center"> 
<h1><?php print("$username"); ?></h1>
<?php
if($owner == true ){
    header("Location: profile.php");
?>
<!--
<a href="#">edit profile</a><br />
<a href="#">account settings</a><br />
-->
<?php
}else{
    header("Location: index.php");
?>
<!--
<a href="#">private message</a><br />
<a href="#">add as friend</a><br />
--> 
<?php
}
?>
</div>
</body>
</html>
<?php flush(); ?>

logout.php

<?php
session_start();

session_destroy();
/*
if(isset($_COOKIE['id_cookie'])){

setcookie("id_cookie", "", time()-50000,"/");

setcookie("pass_cookie", "", time()-50000,"/");

}
*/
if(isset($_SESSION['username'])){ 
echo("we could not log out try again!");
exit();
}else{
 header("Location: home.php");

}

?>

グローバル.php

<?php
if(!isset($_SESSION))
{
session_start();
} 

require_once('connect.php'); 


//checking if sessions are set

if(isset($_SESSION['username'])){
 $session_username = $_SESSION['username'];
 $session_pass = $_SESSION['pass'];
 $session_id = $_SESSION['id'];

 //check if the member exist
 $query = mysql_query("SELECT * FROM members WHERE id='$session_id' AND password='$session_pass'LIMIT 1")or die("could not ");
$count_count = mysql_num_rows($query);
if($count_count == 0){
//loged in stuff here
$logged = 1;

 while($row = mysql_fetch_array($query)){
     $session_username = $row['username'];
  }
  //create sessions
$_SESSION['username'] = $session_username;
$_SESSION['id'] = $session_id;
$_SESSION['pass'] = $session_pass;


}else{
 header("Location: logout.php");
exit();
}



}
$logged = 0;
/*
elseif(isset($_COOKIE['id_cookie'])){
    $session_id = $_COOKIE['id_cookie'];
    $session_pass = $_COOKIE['pass_cookie'];

 $query = mysql_query("SELECT * FROM members WHERE id='$session_id' AND password='$session_pass'LIMIT 1")or die("could not ");
$count_count = mysql_num_rows($query);
if($count_count > 0){


//loged in stuff here
$logged = 1;
}else{
 header("Location: logout.php");
exit();
 }
 //if user is not log in

}
*/

?>
4

2 に答える 2

0

login.php ページの$_SESSION行でセッションを適切に開始せずに使用しています。session_start()

于 2013-02-26T18:14:11.060 に答える
0

あなたが書いたものに間違っている可能性があることがいくつかあります。これ$logged == 0は global.php で定義されていると思います。その中でセッションも開始していますか (つまり、session_start()global.php にあるのですか)?

私が見る限り、$logged何でもかまいませんので、エラーが発生します。global.php にない場合は、logging.php でセッションを開始することも修正する必要があります。

わかった。global.php からすべてを取り出します。session_start() だけを残したい場合は、login.php と profile.php から削除してください。

次に、データベースに対してパスワードとユーザー名をチェックする sql クエリを、global.php ではなく login.php に移動して、このようにする必要があります。

 //check if the member exist
 $query = mysql_query("SELECT * FROM members WHERE id='$session_id' AND   password='$session_pass'LIMIT 1")or die("could not ");
$count_count = mysql_num_rows($query);
if($count_count == 0){
//loged in stuff here
$logged = 1;
header("Location: profile.php");

 while($row = mysql_fetch_array($query)){
     $session_username = $row['username'];
  }
  //create sessions
$_SESSION['username'] = $session_username;
$_SESSION['id'] = $session_id;
$_SESSION['pass'] = $session_pass;


}else{
 $logged = 0;
 header("Location: logout.php");
exit();
}

これらは login.php では必要ありません (上記のコードに置き換えてください)。

$message = "";
if(isset($_POST['email'])){

  $email = $_POST['email'];
  $pass = $_POST['pass'];


  //error handeling
  if((!$email)||(!$pass)){
  $message = "please insert both fields";

  }else{
   // secure data
   $email = mysql_real_escape_string($email);
   $pass = sha1($pass);
   $query = mysql_query("SELECT * FROM members WHERE email='$email'AND password='$pass'LIMIT 1")or die(mysql_error());
   $count_query = mysql_num_rows($query);
   if($count_query == 0){
   $message = "the information was incorrect!";
   }else{
   //start the sessions
   $_SESSION['pass']=$pass;
   while($row = mysql_fetch_array($query)){
       $username = $row['username'];
       $id = $row['id'];

    }
    $_SESSION['username'] = $username;
    $_SESSION['id'] = $id;
于 2013-02-26T18:48:09.187 に答える