teratail header banner
teratail header banner
質問するログイン新規登録

質問編集履歴

5

aaa

2020/10/20 16:07

投稿

kamomesaaaaan
kamomesaaaaan

スコア0

title CHANGED
File without changes
body CHANGED
@@ -1,247 +1,156 @@
1
1
  ### 前提・実現したいこと
2
2
 
3
- PHPを使ったログイン機能と投稿フォームを作成しています。
4
3
 
5
- $_SESSION['id']を用いたログイン機能を作りたいのですが、
6
- ページ遷移の過程で$_SESSIONの中身がNULLになってしまい、
7
- 思うような挙動になりません。
8
4
 
9
- どのような原因が考えられるでしょうか?
5
+ ```ini
10
6
 
7
+ [Session]
8
+ ; Handler used to store/retrieve data.
9
+ session.save_handler = files
11
10
 
11
+ ; Argument passed to save_handler. In the case of files, this is the path
12
+ ; where data files are stored. Note: Windows users have to change this
13
+ ; variable in order to use PHP's session functions.
12
- 不明
14
+ ;
15
+ ; As of PHP 4.0.1, you can define the path as:
16
+ ;
17
+ ; session.save_path = "N;/path"
18
+ ;
19
+ ; where N is an integer. Instead of storing all the session files in
20
+ ; /path, what this will do is use subdirectories N-levels deep, and
21
+ ; store the session data in those directories. This is useful if you
22
+ ; or your OS have problems with lots of files in one directory, and is
23
+ ; a more efficient layout for servers that handle lots of sessions.
24
+ ;
25
+ ; NOTE 1: PHP will not create this directory structure automatically.
26
+ ; You can use the script in the ext/session dir for that purpose.
27
+ ; NOTE 2: See the section on garbage collection below if you choose to
28
+ ; use subdirectories for session storage
29
+ ;
30
+ ; The file storage module creates files using mode 600 by default.
31
+ ; You can change that by using
32
+ ;
33
+ ; session.save_path = "N;MODE;/path"
34
+ ;
35
+ ; where MODE is the octal representation of the mode. Note that this
36
+ ; does not overwrite the process's umask.
37
+ ;session.save_path = "/tmp"
13
38
 
14
- ```
15
- なし $_SESSION['id']がNULLになることによる強制リダイレクトの発生
39
+ ; Whether to use cookies.
16
- ```
40
+ session.use_cookies = 1
17
41
 
42
+ ;session.cookie_secure =
18
43
 
44
+ ; This option enables administrators to make their users invulnerable to
45
+ ; attacks which involve passing session ids in URLs; defaults to 0.
46
+ ; session.use_only_cookies = 1
19
47
 
20
- ### 該当のソースコード
48
+ ; Name of the session (used as cookie name).
21
- ●login.php
49
+ session.name = PHPSESSID
22
50
 
51
+ ; Initialize session on request startup.
52
+ session.auto_start = 1
23
53
 
24
- ```
25
- <?php
54
+ ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
26
- session_start(); // セッション開始
55
+ session.cookie_lifetime = 0
27
56
 
28
- if (isset($_SESSION['id'])){
57
+ ; The path for which the cookie is valid.
29
- // セッションにユーザIDがある=ログインしている
30
- // トップページに遷移する
31
- header('Location: write.php');
58
+ session.cookie_path = /
32
- } else if (isset($_POST['name']) && isset($_POST['password'])){
33
- // ログインしていないがユーザ名とパスワードが送信されたとき
34
59
 
35
- // データベースに接続
36
- $dsn = 'mysql:host=localhost;dbname=db;charset=utf8';
60
+ ; The domain for which the cookie is valid.
37
- $user = 'root';
61
+ session.cookie_domain =
38
- $password = 'root';
39
62
 
40
- try {
63
+ ; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
41
- $db = new PDO($dsn, $user, $password);
64
+ session.cookie_httponly =
42
65
 
43
- // プリペアドステートメントを作成
44
- $stmt = $db->prepare(
45
- "SELECT * FROM table WHERE name=:name AND pass=:pass"
66
+ ; Handler used to serialize data. php is the standard serializer of PHP.
46
- );
67
+ session.serialize_handler = php
47
68
 
48
- // パラメータを割り当て
49
- $stmt->bindParam(':name', $_POST['name'], PDO::PARAM_STR);
69
+ ; Define the probability that the 'garbage collection' process is started
70
+ ; on every session initialization.
50
- $stmt->bindParam(':pass', $_POST['password'], PDO::PARAM_STR);
71
+ ; The probability is calculated by using gc_probability/gc_divisor,
72
+ ; e.g. 1/100 means there is a 1% chance that the GC process starts
73
+ ; on each request.
51
74
 
52
- //クエリの実行
53
- $stmt->execute();
75
+ session.gc_probability = 1
76
+ session.gc_divisor = 1000
54
77
 
55
- if ($row = $stmt->fetch()){
78
+ ; After this number of seconds, stored data will be seen as 'garbage' and
56
- // ユーザが存在していたので、セッションにユーザIDをセット
57
- $_SESSION['id'] = $row['name'];
79
+ ; cleaned up by the garbage collection process.
58
- // セッションID再作成
59
- session_regenerate_id(true);
80
+ session.gc_maxlifetime = 1440
60
- header('Location: write.php');
61
- exit();
62
- } else {
63
- // 1レコードも取得できなかったとき
64
- // ユーザ名・パスワードが間違っている可能性あり
65
- // もう一度ログインフォームを表示
66
- header('Location: login.php');
67
- exit();
68
- }
69
- } catch(PDOException $e){
70
- die('エラー:' . $e->getMessage());
71
- }
72
81
 
82
+ ; NOTE: If you are using the subdirectory option for storing session files
83
+ ; (see session.save_path above), then garbage collection does *not*
84
+ ; happen automatically. You will need to do your own garbage
85
+ ; collection through a shell script, cron entry, or some other method.
73
- } else {
86
+ ; For example, the following script would is the equivalent of
87
+ ; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
74
- // ログインしていない場合はログインフォームを表示する
88
+ ; cd /path/to/sessions; find -cmin +24 | xargs rm
75
- ?>
76
89
 
77
- <html>
78
- <head>
79
- <meta charset="UTF-8">
80
- <title>ログイン認証画面</title>
81
- </head>
82
- <body>
83
- <div>
84
- <div>
85
- <h1>ログイン認証をしてください。</h1>
86
- <form>
87
- <p>ユーザー名<input type="text" name="name"></p>
88
- <p>パスワード<input type="password" name="password"></p>
89
- <input type="submit" value="ログイン" />
90
+ ; PHP 4.2 and less have an undocumented feature/bug that allows you to
91
+ ; to initialize a session variable in the global scope, albeit register_globals
92
+ ; is disabled. PHP 4.3 and later will warn you, if this feature is used.
90
- </form>
93
+ ; You can disable the feature and the warning separately. At this time,
91
- </div>
92
- </div>
93
- </body>
94
+ ; the warning is only displayed, if bug_compat_42 is enabled.
94
- </html>
95
- <?php } ?>
96
- ```
97
95
 
96
+ session.bug_compat_42 = 0
97
+ session.bug_compat_warn = 1
98
98
 
99
+ ; Check HTTP Referer to invalidate externally stored URLs containing ids.
100
+ ; HTTP_REFERER has to contain this substring for the session to be
101
+ ; considered as valid.
99
- ●write.php
102
+ session.referer_check =
100
103
 
101
- ```
102
- <?php
104
+ ; How many bytes to read from the file.
103
- session_start();
105
+ session.entropy_length = 0
104
- if (!isset($_SESSION['id'])){
105
- header('Location: login.php');
106
- exit();
107
- }
108
- ?>
109
106
 
110
- <?php
111
- $mode = 'input';
112
- $errmessage = array();
113
- if( isset($_POST['back']) && $_POST['back'] ){
114
- // 何もしない
115
- } else if( isset($_POST['confirm']) && $_POST['confirm'] ){
116
- // 確認画面
117
- if( !$_POST['text'] ) {
118
- $errmessage[] = "本文を入力してください";
119
- } else if( mb_strlen($_POST['text']) > 42 ){
107
+ ; Specified here to create the session id.
120
- $errmessage[] = "本文は42文字以内で入力してください。";
108
+ session.entropy_file =
121
- }
122
- $_SESSION['text'] = htmlspecialchars($_POST['text'], ENT_QUOTES);
123
109
 
124
- if( !$_POST['status'] ){
110
+ ;session.entropy_length = 16
125
- $errmessage[] = "公開ステータスを選択してください";
126
- }
127
111
 
128
- $_SESSION['status'] = htmlspecialchars(intval($_POST['status']), ENT_QUOTES);
129
- if( $errmessage ){
130
- $mode = 'input';
131
- } else {
132
- $token = bin2hex(random_bytes(32));
133
- $_SESSION['token'] = $token;
134
- $mode = 'confirm';
135
- }
136
- } else if( isset($_POST['send']) && $_POST['send'] ){
137
- // 送信ボタンを押したとき
138
- if( !$_POST['token'] || !$_SESSION['token']){
139
- $errmessage[] = '不正な処理が行われました';
140
- $_SESSION = array();
141
- $mode = 'input';
142
- } else if($_POST['token'] != $_SESSION['token'] ){
143
- $errmessage[] = '不正な処理が行われました!';
144
- $_SESSION = array();
145
- $mode = 'input';
146
- } else {
147
- $message = "投稿を完了しました。";
148
- $_SESSION = array();
149
- $mode = 'send';
150
- }
151
- } else {
152
- $_SESSION = array();
153
- }
154
- ?>
155
- <!DOCTYPE html>
156
- <html lang="ja">
157
- <head>
158
- <meta charset="utf-8">
159
- <title>投稿フォーム</title>
160
- </head>
161
- <body>
162
- <div>
163
- <div>
164
- <?php if( $mode == 'input' ){ ?>
112
+ ;session.entropy_file = /dev/urandom
165
- <!-- 入力画面 -->
166
-
167
- <?php
168
- if( $errmessage ){
169
- echo '<div class="alert-danger" role="alert">'; echo implode('<br>', $errmessage );
170
- echo '</div>';
171
- }
172
- ?>
173
- <form action="./write.php" method="post">
174
- <h2>NEWSに表示する文章を更新してください。</h2>
175
- <textarea name="text"></textarea>
176
- <div>
177
- <h2>ステータスを選択してください。</h2>
178
- <div>
179
-
180
- <input id="displayButton" type="radio" value="1" name="status" checked></input>
181
- <input id="hideButton" type="radio" value="2" name="status"></input>
182
- </div>
183
- </div>
184
- <?php
185
- $_SESSION['token'] = sha1(uniqid(mt_rand(), true));
186
- ?>
187
- <input type="hidden" name="token" value="<?php echo $_SESSION['token'];?>">
188
-
189
- <input type="submit" name="confirm" value="確認">
190
113
 
114
+ ; Set to {nocache,private,public,} to determine HTTP caching aspects
115
+ ; or leave this empty to avoid sending anti-caching headers.
116
+ session.cache_limiter = nocache
191
117
 
192
- </form>
193
- </div>
194
- </div>
195
- <?php } else if( $mode == 'confirm' ){ ?>
118
+ ; Document expires after n minutes.
196
- <!-- 確認画面 -->
119
+ session.cache_expire = 180
197
120
 
121
+ ; trans sid support is disabled by default.
122
+ ; Use of trans sid may risk your users security.
123
+ ; Use this option with caution.
124
+ ; - User may send URL contains active session ID
125
+ ; to other person via. email/irc/etc.
126
+ ; - URL that contains active session ID may be stored
127
+ ; in publically accessible computer.
128
+ ; - User may access your site with the same session ID
129
+ ; always using URL stored in browser's history or bookmarks.
130
+ session.use_trans_sid = 0
198
131
 
132
+ ; Select a hash function
133
+ ; 0: MD5 (128 bits)
134
+ ; 1: SHA-1 (160 bits)
135
+ session.hash_function = 0
199
136
 
137
+ ; Define how many bits are stored in each character when converting
138
+ ; the binary hash data to something readable.
139
+ ;
140
+ ; 4 bits: 0-9, a-f
141
+ ; 5 bits: 0-9, a-v
142
+ ; 6 bits: 0-9, a-z, A-Z, "-", ","
143
+ session.hash_bits_per_character = 5
200
144
 
145
+ ; The URL rewriter will look for URLs in a defined set of HTML tags.
146
+ ; form/fieldset are special; if you include them here, the rewriter will
147
+ ; add a hidden <input> field with the info which is otherwise appended
148
+ ; to URLs. If you want XHTML conformity, remove the form entry.
149
+ ; Note that all valid entries require a "=", even if no value follows.
150
+ url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
151
+ session.save_path="C:\MAMP\bin\php\sessions\"
201
152
 
202
- <?php var_dump($_SESSION['id']);?>
203
153
 
204
-
205
-
206
-
207
-
208
-
209
-
210
- <form action="./write.php" method="post">
211
- <input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
212
- <h4>本文内容</h4> <p><?php echo nl2br($_SESSION['text']) ?><br></p>
213
- <?php if($_SESSION['status'] == 1) {
214
- echo "<h4>表示ステータス</h4><p>本文を公開する。</p>";
215
- } elseif ($_SESSION['status'] == 2) {
216
- echo "<h4>表示ステータス</h4><p>本文を非公開にする。</p>";
217
- }
218
- ?>
219
-
220
- <div>
221
-
222
- <input type="submit" name="back" value="戻る" />TOPに戻る
223
- <input type="submit" name="send" value="送信" />送信する。
224
- </div>
225
- </form>
226
- <?php } else { ?>
227
- <!-- 完了画面 -->
228
-
229
-
230
-
231
-
232
-
233
-
234
- <?php var_dump($_SESSION['id']);?>
235
-
236
-
237
-
238
-  <a href="write.php">更新しました。</a>
239
-
240
- <?php } ?>
241
- </body>
242
- </html>
243
-
244
-
245
154
  ```
246
155
 
247
156
  ### 試したこと

4

q

2020/10/20 16:07

投稿

kamomesaaaaan
kamomesaaaaan

スコア0

title CHANGED
File without changes
body CHANGED
@@ -20,6 +20,8 @@
20
20
  ### 該当のソースコード
21
21
  ●login.php
22
22
 
23
+
24
+ ```
23
25
  <?php
24
26
  session_start(); // セッション開始
25
27
 
@@ -91,13 +93,10 @@
91
93
  </body>
92
94
  </html>
93
95
  <?php } ?>
94
-
95
-
96
96
  ```
97
97
 
98
98
 
99
- ●write.php
99
+ ●write.php
100
- ```ここに言語を入力
101
100
 
102
101
  ```
103
102
  <?php

3

a

2020/10/20 13:42

投稿

kamomesaaaaan
kamomesaaaaan

スコア0

title CHANGED
File without changes
body CHANGED
@@ -98,6 +98,8 @@
98
98
 
99
99
  ●write.php
100
100
  ```ここに言語を入力
101
+
102
+ ```
101
103
  <?php
102
104
  session_start();
103
105
  if (!isset($_SESSION['id'])){
@@ -240,7 +242,6 @@
240
242
  </body>
241
243
  </html>
242
244
 
243
- ```
244
245
 
245
246
  ```
246
247
 

2

a

2020/10/20 13:41

投稿

kamomesaaaaan
kamomesaaaaan

スコア0

title CHANGED
File without changes
body CHANGED
@@ -15,11 +15,11 @@
15
15
  なし $_SESSION['id']がNULLになることによる強制リダイレクトの発生
16
16
  ```
17
17
 
18
+
19
+
18
20
  ### 該当のソースコード
21
+ ●login.php
19
22
 
20
- ```PHP
21
- ●login.php
22
- ```ここに言語を入力
23
23
  <?php
24
24
  session_start(); // セッション開始
25
25
 
@@ -240,6 +240,7 @@
240
240
  </body>
241
241
  </html>
242
242
 
243
+ ```
243
244
 
244
245
  ```
245
246
 

1

a

2020/10/20 13:39

投稿

kamomesaaaaan
kamomesaaaaan

スコア0

title CHANGED
File without changes
body CHANGED
@@ -19,6 +19,7 @@
19
19
 
20
20
  ```PHP
21
21
  ●login.php
22
+ ```ここに言語を入力
22
23
  <?php
23
24
  session_start(); // セッション開始
24
25
 
@@ -92,10 +93,11 @@
92
93
  <?php } ?>
93
94
 
94
95
 
96
+ ```
95
97
 
96
98
 
97
99
  ●write.php
98
-
100
+ ```ここに言語を入力
99
101
  <?php
100
102
  session_start();
101
103
  if (!isset($_SESSION['id'])){
@@ -239,6 +241,7 @@
239
241
  </html>
240
242
 
241
243
 
244
+ ```
242
245
 
243
246
  ### 試したこと
244
247