LoginAction.class.php的代码:...
class LoginAction extends GlobalAction { public function _initialize() {
parent::_initialize();
if (isset($_SESSION['uid']) && $_SESSION['uid'] && strtolower(ACTION_NAME) != 'logout') {
$this->redirect("Usercontent/index");
}
} /**
* 显示登陆界面
*/
public function index() {
$back = $_SERVER['HTTP_REFERER'];
if (!$back || strpos(strtolower($back), 'login') !== false || strpos(strtolower($back), 'register') !== false) {
$back = U('Usercontent/index');
}
$_SESSION['back'] = $back;
$this->display();
} /**
* 处理用户登陆
*/
public function login() {
$username = I("post.name", '', 'trim');
$password = I("pass", '', 'fix_pass');
$c_username = $_COOKIE['username'];
if ($c_username != $username) {
setcookie('username', $username);
}
$_SESSION['login_time'] = intval($_SESSION['login_time']) + 1;
if ($_SESSION['login_time'] > 3 && md5(I('verify', '', 'strtolower')) != $_SESSION['verify']) {
$this->forword('验证码错误!');
}
if (I("name") == null || I("pass") == null) {
$this->forword('用户名或密码不能为空');
}
$map["u_username|u_email|u_phone"] = $username;
$map["u_password"] = $password;
$user = M("user")->where($map)->find();
$this->doLogin($user);
} /**
* 执行登陆
*
* @param type $user
*/
public function doLogin($user) {
if (!empty($user)) {
if ($user['u_status'] != 1) {
$this->forword('用户已经被冻结');
}
//检查是否在异地登陆
if ($this->checkedRemoteLogin($user['id'])) {
$this->forword('请不要重复登陆!');
}
$this->bind($user['id']);
$logId = $this->logLogin($user);
$user['logId'] = $logId;
$this->setSession($user);
unset($_SESSION['login_time']);
unset($_SESSION['errorMsg']);
$back = $_SESSION['back'];
unset($_SESSION['back']);
if (!$back) {
$back = U('Usercontent/index');
}
if (strpos(strtolower($back), 'eintro') !== false) {
$back = U('Fund/asset');
}
if (!$back || strpos(strtolower($back), 'login') !== false || strpos(strtolower($back), 'register') !== false) {
$back = U('Usercontent/index');
}
header("Location:" . $back);
} else {
$this->forword('用户名或密码错误');
}
} /**
* 绑定第三方平台
*/
public function bind($uid) {
$status3 = true;
if ($_SESSION['thirdPartyUserId'] && !A('Register')->hasBind($_SESSION['thrid_party_type'])) {
$data['uid'] = $uid;
$data['third_party_id'] = $_SESSION['thirdPartyUserId'];
$data['type'] = $_SESSION['thrid_party_type'];
$status3 = M('third_party_bind')->add($data);
unset($_SESSION['thirdPartyUserId']);
unset($_SESSION['thrid_party_type']);
}
return $status3;
} /**
* 记录登陆日志
*
* @param array $user
* @return type
*/
protected function logLogin(array $user) {
$login = D('Login')->insertLogin($user);
return $login['insert_id'];
} /**
* 设置登陆SESSION
*
* @param type $user
*/
protected function setSession($user) {
$_SESSION["username"] = $user["u_username"];
$_SESSION["uid"] = $user["id"];
$_SESSION["login_time"] = time();
$_SESSION['online_time'] = time();
$_SESSION['logId'] = $user['logId'];
}
...
class LoginAction extends GlobalAction { public function _initialize() {
parent::_initialize();
if (isset($_SESSION['uid']) && $_SESSION['uid'] && strtolower(ACTION_NAME) != 'logout') {
$this->redirect("Usercontent/index");
}
} /**
* 显示登陆界面
*/
public function index() {
$back = $_SERVER['HTTP_REFERER'];
if (!$back || strpos(strtolower($back), 'login') !== false || strpos(strtolower($back), 'register') !== false) {
$back = U('Usercontent/index');
}
$_SESSION['back'] = $back;
$this->display();
} /**
* 处理用户登陆
*/
public function login() {
$username = I("post.name", '', 'trim');
$password = I("pass", '', 'fix_pass');
$c_username = $_COOKIE['username'];
if ($c_username != $username) {
setcookie('username', $username);
}
$_SESSION['login_time'] = intval($_SESSION['login_time']) + 1;
if ($_SESSION['login_time'] > 3 && md5(I('verify', '', 'strtolower')) != $_SESSION['verify']) {
$this->forword('验证码错误!');
}
if (I("name") == null || I("pass") == null) {
$this->forword('用户名或密码不能为空');
}
$map["u_username|u_email|u_phone"] = $username;
$map["u_password"] = $password;
$user = M("user")->where($map)->find();
$this->doLogin($user);
} /**
* 执行登陆
*
* @param type $user
*/
public function doLogin($user) {
if (!empty($user)) {
if ($user['u_status'] != 1) {
$this->forword('用户已经被冻结');
}
//检查是否在异地登陆
if ($this->checkedRemoteLogin($user['id'])) {
$this->forword('请不要重复登陆!');
}
$this->bind($user['id']);
$logId = $this->logLogin($user);
$user['logId'] = $logId;
$this->setSession($user);
unset($_SESSION['login_time']);
unset($_SESSION['errorMsg']);
$back = $_SESSION['back'];
unset($_SESSION['back']);
if (!$back) {
$back = U('Usercontent/index');
}
if (strpos(strtolower($back), 'eintro') !== false) {
$back = U('Fund/asset');
}
if (!$back || strpos(strtolower($back), 'login') !== false || strpos(strtolower($back), 'register') !== false) {
$back = U('Usercontent/index');
}
header("Location:" . $back);
} else {
$this->forword('用户名或密码错误');
}
} /**
* 绑定第三方平台
*/
public function bind($uid) {
$status3 = true;
if ($_SESSION['thirdPartyUserId'] && !A('Register')->hasBind($_SESSION['thrid_party_type'])) {
$data['uid'] = $uid;
$data['third_party_id'] = $_SESSION['thirdPartyUserId'];
$data['type'] = $_SESSION['thrid_party_type'];
$status3 = M('third_party_bind')->add($data);
unset($_SESSION['thirdPartyUserId']);
unset($_SESSION['thrid_party_type']);
}
return $status3;
} /**
* 记录登陆日志
*
* @param array $user
* @return type
*/
protected function logLogin(array $user) {
$login = D('Login')->insertLogin($user);
return $login['insert_id'];
} /**
* 设置登陆SESSION
*
* @param type $user
*/
protected function setSession($user) {
$_SESSION["username"] = $user["u_username"];
$_SESSION["uid"] = $user["id"];
$_SESSION["login_time"] = time();
$_SESSION['online_time'] = time();
$_SESSION['logId'] = $user['logId'];
}
...
嗯,为什么没生效呢? 别的伪静态有生效啊.htaccess文件:<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?/$1 [QSA,PT,L]
</IfModule>
服务器是LINUX+wdcp服务器/虚拟主机管理系统
header("Location:" . $back);
而$back = ‘/usercontent-index.html’
这个语句不知怎的在本地可以跳转,在网站上却不行
$this->redirect($strs[0]);
前面的代码: if (!$back) {
$back = U('Usercontent/index');
}
if (strpos(strtolower($back), 'eintro') !== false) {
$back = U('Fund/asset');
}
if (!$back || strpos(strtolower($back), 'login') !== false || strpos(strtolower($back), 'register') !== false) {
$back = U('Usercontent/index');
}
http://www.onloan.com.cn/usercontent-index.html
会转到
http://www.onloan.com.cn/login-index.html所以要么是登录程序有问题(无法确认是用户),要么是 session 失效
session.save_path = "/tmp"
/tmp的权限是drwxrwxrwt
我清空了/tmp目录,重启了服务器,还是不行。
$name['path'] = "/Runtime"; //thinkphp目录下
if(isset($name['path'])) session_save_path($name['path']);
这样写对吗?
跟踪结果,同样是SESSION为空protected function isLogin() {
if (!empty($_SESSION['username']) && !empty($_SESSION['uid'])) {
$this->updateOnlineTime();
return true;
} else {
return false;
}
} $fp = fopen('./qerr26.txt','w+');
fwrite($fp,'ok');
session_start();
$_SESSION['XXX'] ='123';
fwrite($fp,'SESSIONXXX: ',$_SESSION['XXX']);
fwrite($fp,'username: ',$_SESSION['username']);
fwrite($fp,'uid: ',$_SESSION['uid']);
fclose($fp);
结果是:
okSESSIONXXX: uid:
奇怪,username:没输出
$url = 'http://www.onloan.com.cn/usercontent-index.html';
print_r(get_headers($url));
echo file_get_contents($url);Array
(
[0] => HTTP/1.1 200 OK
[1] => Date: Sun, 05 Oct 2014 05:57:52 GMT
[2] => Content-Type: text/html
[3] => Content-Length: 265
[4] => Connection: close
[5] => Server: nginx/1.0.15
[6] => X-Powered-By: PHP/5.2.17p1
)
<head>
<meta property="qc:admins" content="147026777767647166375636" />
<meta property="qc:admins" content="4716300527622221636375" />
<meta property="qc:admins" content="471630043674556654" />
</head>
<meta http-equiv='Refresh' content='0;URL=/login-index.html'>
能支持 .htaccess 吗?
服务器支持 .htaccess我本地PHP版本是5.0,调试登录没问题
服务器PHP是5.2版本,那代码要怎么改呢?谢谢!
谢谢版主,
$map["u_username|u_email|u_phone"] = $username;
$map["u_password"] = $password;
$user = M("user")->where($map)->find();
$fp = fopen('./qerr28.txt','w+');
fwrite($fp,'username: ',$user["u_username"]);
fwrite($fp,'uid: ',$user["id"]);
fclose($fp);
本地和服务器qerr28.txt输出的内容都只有:
uid:这个M方法怎么进一步跟踪呢?
$map["u_password"] = $password;
$user = M("user")->where($map)->find();
$fp = fopen('./qerr28.txt','w+');
fwrite($fp,' username: ' . $user["u_username"]);
fwrite($fp,' uid: ' . $user["id"]);
fclose($fp);
本地和服务器qerr28.txt都输出:
$user: Array username: mikeccn uid: 4BaseAction.class.php中: protected function isLogin() {
//cjq add
$fp = fopen('./qerr26.txt','w+');
fwrite($fp,'ok');
$_SESSION['XXX'] ='123';
fwrite($fp,' SESSIONXXX: ' . $_SESSION['XXX']);
fwrite($fp,' username: ' . $_SESSION['username']);
fwrite($fp,' uid: ' . $_SESSION['uid']);
fclose($fp); 本地qerr26.txt输出:
ok SESSIONXXX: 123 username: mikeccn uid: 4
服务器qerr26.txt输出:
ok SESSIONXXX: 123 username: uid:
这是为什么呢?服务器跨页面SESSION丢失,这是什么导致的呢?(本地跨页面SESSION没丢失)
session.auto_start = 0 改成1就OK了,十分感谢!