重定向太多,更改为准备好的语句后出现 SESSION 问题

问题描述 投票:0回答:1

我最近更改了 PHP 代码,以使用准备好的语句来保护我的应用程序。然而,我在登录页面上遇到了困难。我在登录时检查用户的“用户级别”,然后重定向到用户的相应页面。它在我的旧登录页面上运行良好:

登录.php

<?php
session_start();

if(isset($_SESSION['usr_id'])!="" && $_SESSION['userlevel']=="1") {
    header("Location: v1/ued/");
} else 
if(isset($_SESSION['usr_id'])!="" && $_SESSION['userlevel']=="2") {
    header("Location: v1/ced/");
}

include_once 'includes/database.php';

//Login
    if (isset($_POST['login'])) {

        $email = mysqli_real_escape_string($con, $_POST['user-name']);
        $password = mysqli_real_escape_string($con, $_POST['user-password']);
        $result = mysqli_query($con, "SELECT * FROM users WHERE idnumber = '" . $email. "' and password = '" . md5($password) . "'");

        if ($row = mysqli_fetch_array($result)) {
            $_SESSION['usr_id'] = $row['id'];
            $_SESSION['userlevel'] = $row['userlevel'];
            $_SESSION['idnumber'] = $row['idnumber'];

            if ($_SESSION['userlevel']=="1"){
                    $_SESSION['firstnames'] = $row['firstnames'];
                    $_SESSION['surname'] = $row['surname'];
                    header("Location: v1/level1/index.php");
            } 
            else
            if ($_SESSION['userlevel']=="2"){
                header("Location: v1/level2/index.php");
            }

        } else {
            $errormsg = "Incorrect Email or Password!!!";
        }
    }

?>

以及我的level1/index.php

<?php
    session_start();
    if(!isset($_SESSION['usr_id'])) {
        header("Location: ../../login.php");
    }
    if($_SESSION['userlevel']!=="1") {
        header("Location: ../../login.php");
    }
?>

我现在已更改我的 Login.php 页面以使用准备好的语句,如下所示:

<?php
session_start();

if(isset($_SESSION['usr_id'])!="" && $_SESSION['userlevel']=="1") {
    header("Location: v1/ued/");
} else 
if(isset($_SESSION['usr_id'])!="" && $_SESSION['userlevel']=="2") {
    header("Location: v1/ced/");
}

include_once 'includes/database.php';

if (isset($_POST['login'])) {
    $password = md5($_POST['user-password']);
    $email = $_POST['user-name'];

    if (mysqli_connect_errno()) {
        printf("Connect failed: %s\n", mysqli_connect_error());
        exit();
    }
    $stmt = $mysqli->prepare("SELECT * FROM users WHERE idnumber = ? and password = ?");
    $stmt->bind_param('ss', $email, $password);
    $stmt->execute();
    $result = $stmt->get_result();
        if ($row = $result->fetch_array()) 
        {
            $_SESSION['usr_id'] = $row['id'];
            $_SESSION['userlevel'] = $row['userlevel'];
            $_SESSION['idnumber'] = $row['idnumber'];
            $_SESSION['firstnames'] = $row['firstnames'];
            $_SESSION['surname'] = $row['surname'];
            if ($_SESSION['userlevel']=="1"){
                header("Location: v1/ued/");
            } 
            else
            if ($_SESSION['userlevel']=="2"){
                header("Location: v1/ced/");
            } 
        }       
}

?>

但现在我在 Chrome 上遇到错误 

ERR_TOO_MANY_REDIRECTS
。我似乎无法弄清楚问题出在哪里。

php mysql
1个回答
1
投票
if ($_SESSION['userlevel'] !== "1") {

回顾上面的行,-它应该是:

if ($_SESSION['userlevel'] != "1") {

所以,问题在于$_SESSION['userlevel']变量的

类型
(最有可能是
Integer
)和
"1"
值(
String

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.