使用AJAX / jQuery设置$_SESSION | PHP会话不起作用？

发布时间：2020-12-16 02:51:26 所属栏目：百科来源：网络整理

导读：我正在为我的网站编写一个登录脚本.我编写了登录脚本,并通过jQuery通过 AJAX调用将表单绑定到它. 这是表单调用的php： ?PHP # Make sure form data was passed to the script IF (isset($_POST) isset($_POST['username']) isset($_POST['password'])){ # Co

我正在为我的网站编写一个登录脚本.我编写了登录脚本,并通过jQuery通过 AJAX调用将表单绑定到它.

这是表单调用的php：

<?PHP   
    # Make sure form data was passed to the script
    IF (isset($_POST) && isset($_POST['username']) && isset($_POST['password'])){
        # Connect to the database
        REQUIRE('../../../../my_db.php');

        # Define variables
        $given_username = $_POST['username'];
        $given_password = $_POST['password'];
        $hashed_password = md5($given_password);
        $matched_username = "";
        $matched_password = "";


        # See if there is matching info in the database
        $sql = 'SELECT username,pass FROM users WHERE username="'.$given_username.'" AND pass = "'.$hashed_password.'"';
        $result = mysql_query($sql);
        WHILE($row = mysql_fetch_assoc($result)){
            $matched_username = $row['username'];
            $matched_password = $row['pass'];
        };


        # If there was a match
        IF ($matched_username != "" && $matched_password != ""){

            # Double check the values match
            IF ($given_username == $matched_username && $hashed_password == $matched_password){

                # If there is only one result returned
                $session_sql = 'SELECT * FROM users WHERE username="'.$matched_username.'" AND pass = "'.$matched_password.'"';
                $session_result = mysql_query($session_sql);
                IF(count(mysql_fetch_assoc($session_result)) != 0  &&  count(mysql_fetch_assoc($session_result)) < 2){

                    # If they do,start a session
                    if(!isset($_SESSION)) {
                     session_start();
                     session_regenerate_id();
                    };

                    # Set our session values
                    WHILE($session_row = mysql_fetch_assoc($session_result)){
                        $_SESSION['id'] = $session_row['id'];
                        $_SESSION['last_login'] = $session_row['last_login'];
                        $_SESSION['username'] = $session_row['username'];
                        $_SESSION['signup_date'] = $session_row['signup_date']; 
                    };

                    # Set users last login date and time to this login
                    $update_sql = 'UPDATE users SET last_login = NOW WHERE username="'.$matched_username.'" AND pass = "'.$matched_password.'"';
                    $update = mysql_query($update_sql);

                    echo json_encode(array("success"=>"user logged in","session"=>$_SESSION));
                }ELSE 
                    echo json_encode(array("error"=>"More than one user with the same information.  What did you do?!"));
            }ELSE
                echo json_encode(array("error"=>"invalid login provided"));
        }ELSE
            echo json_encode(array("error"=>"invalid login provided"));
    }ELSE
        echo json_encode(array("error"=>"you must supply a username and password"));
?>

但是如果我做console.log(result.session)我得到[],这让我觉得通过ajax设置会话变量是不可行的,或者会话本身不能正常工作.

我没有从这段代码中得到任何错误.

有人能指出我正确的方向吗？

我不认为我可以访问php.ini,但我记得很久以前你必须设置会话在一个文件中运行,但对于我的生活我找不到一个例子.

解决方法

确保在脚本的开头有session_start().如果在进入session_start()之前发出任何通知或任何内容,那么您将收到如下错误：

Warning: session_start(): Cannot send session cookie – headers already sent by (output started at…

此外,您的脚本对SQL注入是开放的.确保您正确地转义用户名和密码！注意：您最好的选择是使用prepared statements.

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!