php 循环重定向,php - 登录重定向时出现无限循环 - 堆栈内存溢出

我有一个通常对我有用的登录脚本，但是在检查存储的登录cookie后，有时会进入重定向的无限循环。 浏览器将报告如下内容：“ Firefox已检测到服务器正在以永远无法完成的方式重定向对该地址的请求。” 其他人也报告了此问题。 以下是登录过程的关键元素。 我想知道是否有人可以看到此过程/脚本的问题所在。

谢谢，

缺口

首先在每个受保护页面的顶部 ：

session_start();

$_SESSION['url'] = $_SERVER['REQUEST_URI'];

require('login/config.php');

require('login/functions.php');

if (allow_access(Users) != "yes")

{

include ('login/check_login.php');

exit;

}

?>

然后在check_login.php中 ：

session_start();

//check to see if the user already has an open session

if (($_SESSION[user_name] != "") && ($_SESSION[password] != ""))

{

header("Location:$_SESSION[redirect]");

exit;

}

$lr_user = $_COOKIE['lr_user'];

$lr_pass = $_COOKIE['lr_pass'];

//check to see if cookies have been set previously

if(($lr_user != "") && ($lr_pass != ""))

{

header("Location:/login/redirect.php");

exit;

}

//if neither is true, redirect to login

header("Location:/login/login.php");

?>

然后，在redirect.php中：

session_start();

//require the functions file

require ("config.php");

require ("functions.php");

$lr_user = $_COOKIE['lr_user'];

$lr_pass = $_COOKIE['lr_pass'];

//check to see if cookies are already set, remember me

if ((!$lr_user) || (!$lr_pass))

{

$username = $_POST[username];

$password = $_POST[password];

}else{

$username = $lr_user;

$password = $lr_pass;

}

//sets cookies to remember this computer if the user asks to

if ($_POST[remember] == "Yes")

{

setcookie("lr_user", $username, $duration, "/", $domain);

setcookie("lr_pass", $password, $duration, "/", $domain);

}

//sets session variables

sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $username, $password);

if(isset($_SESSION['url']))

$_SESSION[redirect] = $_SESSION['url']; // holds url for last page visited.

else

$_SESSION[redirect] = "/index.php"; // default page for

//redirects the user

header("Location:$_SESSION[redirect]");

?>

functions.php

//function to get the date

function last_login()

{

$date = gmdate("Y-m-d");

return $date;

}

//function that sets the session variable

function sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $username, $password)

{

//make connection to dbase

$connection = @mysql_connect($server, $dbusername, $dbpassword)

or die(mysql_error());

$db = @mysql_select_db($db_name,$connection)

or die(mysql_error());

$sql = "SELECT * FROM $table_name WHERE username = '$username' and password = password('$password')";

$result = @mysql_query($sql, $connection) or die(mysql_error());

//get the number of rows in the result set

$num = mysql_num_rows($result);

//set session variables if there is a match

if ($num != 0)

{

while ($sql = mysql_fetch_object($result))

{

$_SESSION[first_name] = $sql -> firstname;

$_SESSION[last_name] = $sql -> lastname;

$_SESSION[user_name] = $sql -> username;

$_SESSION[password] = $sql -> password;

$_SESSION[group1] = $sql -> group1;

$_SESSION[group2] = $sql -> group2;

$_SESSION[group3] = $sql -> group3;

$_SESSION[pchange] = $sql -> pchange;

$_SESSION[email] = $sql -> email;

$_SESSION[redirect] = $sql -> redirect;

$_SESSION[verified] = $sql -> verified;

$_SESSION[last_login] = $sql -> last_login;

}

}else{

$_SESSION[redirect] = "$base_dir/errorlogin.php";

}

}

//functions that will determine if access is allowed

function allow_access($group)

{

if ($_SESSION[group1] == "$group" || $_SESSION[group2] == "$group" || $_SESSION[group3] == "$group" ||

$_SESSION[group1] == "Administrators" || $_SESSION[group2] == "Administrators" || $_SESSION[group3] == "Administrators" ||

$_SESSION[user_name] == "$group")

{

$allowed = "yes";

}else{

$allowed = "no";

}

return $allowed;

}

//function to check the length of the requested password

function password_check($min_pass, $max_pass, $pass)

{

$valid = "yes";

if ($min_pass > strlen($pass) || $max_pass < strlen($pass))

{

$valid = "no";

}

return $valid;

}

?>

config.php

//set up the names of the database and table

$db_name ="";

$table_name ="authorize";

//connect to the server and select the database

$server = "localhost";

$dbusername = "";

$dbpassword = "*";

//domain information

$domain = "";

//Change to "0" to turn off the login log

$log_login = "1";

//base_dir is the location of the files, ie http://www.yourdomain/login

$base_dir = "";

//length of time the cookie is good for - 7 is the days and 24 is the hours

//if you would like the time to be short, say 1 hour, change to 60*60*1

$duration = time()+60*60*24*365*10;

//the site administrator\'s email address

$adminemail = "";

//sets the time to EST

$zone=3600*00;

//do you want the verify the new user through email if the user registers themselves?

//yes = "0" : no = "1"

$verify = "0";

//default redirect, this is the URL that all self-registered users will be redirected to

$default_url = "";

//minimum and maximum password lengths

$min_pass = 8;

$max_pass = 15;

$num_groups = 0+2;

$group_array = array("Users","Administrators");

?>