php mysql + ошибки сеансов

Question

Я создаю веб-сайт, содержащий страницу входа в систему, страницу профиля и страницу выхода. Я использую сеансы, но у меня проблема с работой с сеансами, и я не могу понять, что такое ошибка или где ее исправить.

Ошибки я получаю в profile.php **(("you need to be loged in to view profiles"))line 8** кого есть идеи или решение плз тел мне

login.php

<?php 

require_once('for members/scripts/global.php'); 

$message = ""; 
if(isset($_POST['email'])){ 

    $email = $_POST['email']; 
    $pass = $_POST['pass']; 


    //error handeling 
    if((!$email)||(!$pass)){ 
    $message = "please insert both fields"; 

    }else{ 
    // secure data 
    $email = mysql_real_escape_string($email); 
    $pass = sha1($pass); 
    $query = mysql_query("SELECT * FROM members WHERE email='$email'AND password='$pass'LIMIT 1")or die(mysql_error()); 
    $count_query = mysql_num_rows($query); 
    if($count_query == 0){ 
    $message = "the information was incorrect!"; 
    }else{ 
    //start the sessions 
    $_SESSION['pass']=$pass; 
    while($row = mysql_fetch_array($query)){ 
     $username = $row['username']; 
     $id = $row['id']; 

    } 
    $_SESSION['username'] = $username; 
    $_SESSION['id'] = $id; 

    /* to create a cookie on the HDD OF THE user 
    if($remember == "yes"){ 
    //create the cookies 
    setcookie("id_cookie", $id, time()+60*60*24*100,"/"); 
    setcookie("pass_cookie", $pass, time()+60*60*24*100,"/"); 
    } 
    */ 

    header("Location:profile.php"); 
    } 
    } 

} 





?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title></title> 
<link href="style/stylesheet.css"rel="stylesheet" type="text/css"/> 
</head> 

<body> 



<div class="container center"> 

<p><?php print("$message") ?></p> 
<form action="login.php" method="post"> 
<input type="text" name="email" placeholder="Email Adress" /><br /> 

<input type="password" name="pass" placeholder="Password" /><br /> 

<input type="submit" name="login" value="Login" /> 

<a href="register.php"><strong> Register</strong></a> 

</form> 
</div> 

</body> 
</html> 

profile.php

<?php 
ob_start(); 
session_start(); 

require_once('for members/scripts/global.php'); 

if($logged == 0){ 
echo("you need to be loged in to view profiles"); 
exit(); 
} 
if(isset($_GET['id'])){ 
$id=$_GET['id']; 
$id= preg_replace("#[^0-9]#","",$id); 

}else{ 
$id=$_SESSION['id']; 
} 
//collect member information 
$query = mysql_query("SELECT * FROM members WHERE id='$id'LIMIT 1") or die("could not collect user information "); 
$count_mem = mysql_num_rows($query); 
if($count_mem == 0){ 
echo("the user does not exit"); 
exit(); 

} 
while($row = mysql_fetch_array($query)){ 
    $username = $row['username']; 
    $fname = $row['firstname']; 
    $lname = $row['lastname']; 
    $profile_id= $row['id']; 

    if($session_id == $profile_id){ 
    $owner = true; 
    }else{ 
    $owner = false; 

    } 

} 



?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title><?php print("$fname"); ?> <?php print("$lname"); ?>'s profile</title> 
<link href="style/stylesheet.css" type="text/css"/> 
</head> 

<body> 
<div class="container center"> 
<h1><?php print("$username"); ?></h1> 
<?php 
if($owner == true){ 
    header("Location: profile.php"); 
?> 
<!-- 
<a href="#">edit profile</a><br /> 
<a href="#">account settings</a><br /> 
--> 
<?php 
}else{ 
    header("Location: index.php"); 
?> 
<!-- 
<a href="#">private message</a><br /> 
<a href="#">add as friend</a><br /> 
--> 
<?php 
} 
?> 
</div> 
</body> 
</html> 
<?php flush(); ?> 

logout.php

<?php 
session_start(); 

session_destroy(); 
/* 
if(isset($_COOKIE['id_cookie'])){ 

setcookie("id_cookie", "", time()-50000,"/"); 

setcookie("pass_cookie", "", time()-50000,"/"); 

} 
*/ 
if(isset($_SESSION['username'])){ 
echo("we could not log out try again!"); 
exit(); 
}else{ 
header("Location: home.php"); 

} 

?> 

global.php

<?php 
if(!isset($_SESSION)) 
{ 
session_start(); 
} 

require_once('connect.php'); 


//checking if sessions are set 

if(isset($_SESSION['username'])){ 
$session_username = $_SESSION['username']; 
$session_pass = $_SESSION['pass']; 
$session_id = $_SESSION['id']; 

//check if the member exist 
$query = mysql_query("SELECT * FROM members WHERE id='$session_id' AND password='$session_pass'LIMIT 1")or die("could not "); 
$count_count = mysql_num_rows($query); 
if($count_count == 0){ 
//loged in stuff here 
$logged = 1; 

while($row = mysql_fetch_array($query)){ 
    $session_username = $row['username']; 
    } 
    //create sessions 
$_SESSION['username'] = $session_username; 
$_SESSION['id'] = $session_id; 
$_SESSION['pass'] = $session_pass; 


}else{ 
header("Location: logout.php"); 
exit(); 
} 



} 
$logged = 0; 
/* 
elseif(isset($_COOKIE['id_cookie'])){ 
    $session_id = $_COOKIE['id_cookie']; 
    $session_pass = $_COOKIE['pass_cookie']; 

$query = mysql_query("SELECT * FROM members WHERE id='$session_id' AND password='$session_pass'LIMIT 1")or die("could not "); 
$count_count = mysql_num_rows($query); 
if($count_count > 0){ 


//loged in stuff here 
$logged = 1; 
}else{ 
header("Location: logout.php"); 
exit(); 
} 
//if user is not log in 

} 
*/ 

?> 

Answer 1

Вы используете $_SESSION без надлежащего запуска сеанса с линией session_start() на странице login.php.

Answer 2

Есть несколько вещей, которые могут быть ошибочными в том, что вы написали. Предположим, что $logged == 0 определен в global.php. Является ли это началом сеанса в нем (т. Е. У вас есть session_start() в global.php)?

Насколько я вижу, $logged может быть любым, и таким образом вы получите сообщение об ошибке. Запуск сеанса в logging.php также должен быть исправлен, если не в global.php.

ok. Возьмите все из global.php. Если вы хотите оставить только session_start(), но удалите его из login.php и profile.php.

Тогда вам нужно переместить sql-запрос, который проверяет пароль и имя пользователя на базу данных на login.php вместо global.php и имеет это как это.

//check if the member exist 
$query = mysql_query("SELECT * FROM members WHERE id='$session_id' AND password='$session_pass'LIMIT 1")or die("could not "); 
$count_count = mysql_num_rows($query); 
if($count_count == 0){ 
//loged in stuff here 
$logged = 1; 
header("Location: profile.php"); 

while($row = mysql_fetch_array($query)){ 
    $session_username = $row['username']; 
    } 
    //create sessions 
$_SESSION['username'] = $session_username; 
$_SESSION['id'] = $session_id; 
$_SESSION['pass'] = $session_pass; 


}else{ 
$logged = 0; 
header("Location: logout.php"); 
exit(); 
} 

вам не нужно их в login.php (замените их с приведенным выше кодом)

$message = ""; 
if(isset($_POST['email'])){ 

    $email = $_POST['email']; 
    $pass = $_POST['pass']; 


    //error handeling 
    if((!$email)||(!$pass)){ 
    $message = "please insert both fields"; 

    }else{ 
    // secure data 
    $email = mysql_real_escape_string($email); 
    $pass = sha1($pass); 
    $query = mysql_query("SELECT * FROM members WHERE email='$email'AND password='$pass'LIMIT 1")or die(mysql_error()); 
    $count_query = mysql_num_rows($query); 
    if($count_query == 0){ 
    $message = "the information was incorrect!"; 
    }else{ 
    //start the sessions 
    $_SESSION['pass']=$pass; 
    while($row = mysql_fetch_array($query)){ 
     $username = $row['username']; 
     $id = $row['id']; 

    } 
    $_SESSION['username'] = $username; 
    $_SESSION['id'] = $id;