質問編集履歴
5
aaa
title
CHANGED
File without changes
|
body
CHANGED
@@ -1,247 +1,156 @@
|
|
1
1
|
### 前提・実現したいこと
|
2
2
|
|
3
|
-
PHPを使ったログイン機能と投稿フォームを作成しています。
|
4
3
|
|
5
|
-
$_SESSION['id']を用いたログイン機能を作りたいのですが、
|
6
|
-
ページ遷移の過程で$_SESSIONの中身がNULLになってしまい、
|
7
|
-
思うような挙動になりません。
|
8
4
|
|
9
|
-
|
5
|
+
```ini
|
10
6
|
|
7
|
+
[Session]
|
8
|
+
; Handler used to store/retrieve data.
|
9
|
+
session.save_handler = files
|
11
10
|
|
11
|
+
; Argument passed to save_handler. In the case of files, this is the path
|
12
|
+
; where data files are stored. Note: Windows users have to change this
|
13
|
+
; variable in order to use PHP's session functions.
|
12
|
-
|
14
|
+
;
|
15
|
+
; As of PHP 4.0.1, you can define the path as:
|
16
|
+
;
|
17
|
+
; session.save_path = "N;/path"
|
18
|
+
;
|
19
|
+
; where N is an integer. Instead of storing all the session files in
|
20
|
+
; /path, what this will do is use subdirectories N-levels deep, and
|
21
|
+
; store the session data in those directories. This is useful if you
|
22
|
+
; or your OS have problems with lots of files in one directory, and is
|
23
|
+
; a more efficient layout for servers that handle lots of sessions.
|
24
|
+
;
|
25
|
+
; NOTE 1: PHP will not create this directory structure automatically.
|
26
|
+
; You can use the script in the ext/session dir for that purpose.
|
27
|
+
; NOTE 2: See the section on garbage collection below if you choose to
|
28
|
+
; use subdirectories for session storage
|
29
|
+
;
|
30
|
+
; The file storage module creates files using mode 600 by default.
|
31
|
+
; You can change that by using
|
32
|
+
;
|
33
|
+
; session.save_path = "N;MODE;/path"
|
34
|
+
;
|
35
|
+
; where MODE is the octal representation of the mode. Note that this
|
36
|
+
; does not overwrite the process's umask.
|
37
|
+
;session.save_path = "/tmp"
|
13
38
|
|
14
|
-
```
|
15
|
-
|
39
|
+
; Whether to use cookies.
|
16
|
-
|
40
|
+
session.use_cookies = 1
|
17
41
|
|
42
|
+
;session.cookie_secure =
|
18
43
|
|
44
|
+
; This option enables administrators to make their users invulnerable to
|
45
|
+
; attacks which involve passing session ids in URLs; defaults to 0.
|
46
|
+
; session.use_only_cookies = 1
|
19
47
|
|
20
|
-
|
48
|
+
; Name of the session (used as cookie name).
|
21
|
-
|
49
|
+
session.name = PHPSESSID
|
22
50
|
|
51
|
+
; Initialize session on request startup.
|
52
|
+
session.auto_start = 1
|
23
53
|
|
24
|
-
```
|
25
|
-
|
54
|
+
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
|
26
|
-
|
55
|
+
session.cookie_lifetime = 0
|
27
56
|
|
28
|
-
|
57
|
+
; The path for which the cookie is valid.
|
29
|
-
// セッションにユーザIDがある=ログインしている
|
30
|
-
// トップページに遷移する
|
31
|
-
|
58
|
+
session.cookie_path = /
|
32
|
-
} else if (isset($_POST['name']) && isset($_POST['password'])){
|
33
|
-
// ログインしていないがユーザ名とパスワードが送信されたとき
|
34
59
|
|
35
|
-
// データベースに接続
|
36
|
-
|
60
|
+
; The domain for which the cookie is valid.
|
37
|
-
|
61
|
+
session.cookie_domain =
|
38
|
-
$password = 'root';
|
39
62
|
|
40
|
-
|
63
|
+
; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
|
41
|
-
|
64
|
+
session.cookie_httponly =
|
42
65
|
|
43
|
-
// プリペアドステートメントを作成
|
44
|
-
$stmt = $db->prepare(
|
45
|
-
|
66
|
+
; Handler used to serialize data. php is the standard serializer of PHP.
|
46
|
-
|
67
|
+
session.serialize_handler = php
|
47
68
|
|
48
|
-
// パラメータを割り当て
|
49
|
-
|
69
|
+
; Define the probability that the 'garbage collection' process is started
|
70
|
+
; on every session initialization.
|
50
|
-
|
71
|
+
; The probability is calculated by using gc_probability/gc_divisor,
|
72
|
+
; e.g. 1/100 means there is a 1% chance that the GC process starts
|
73
|
+
; on each request.
|
51
74
|
|
52
|
-
//クエリの実行
|
53
|
-
|
75
|
+
session.gc_probability = 1
|
76
|
+
session.gc_divisor = 1000
|
54
77
|
|
55
|
-
|
78
|
+
; After this number of seconds, stored data will be seen as 'garbage' and
|
56
|
-
// ユーザが存在していたので、セッションにユーザIDをセット
|
57
|
-
|
79
|
+
; cleaned up by the garbage collection process.
|
58
|
-
// セッションID再作成
|
59
|
-
|
80
|
+
session.gc_maxlifetime = 1440
|
60
|
-
header('Location: write.php');
|
61
|
-
exit();
|
62
|
-
} else {
|
63
|
-
// 1レコードも取得できなかったとき
|
64
|
-
// ユーザ名・パスワードが間違っている可能性あり
|
65
|
-
// もう一度ログインフォームを表示
|
66
|
-
header('Location: login.php');
|
67
|
-
exit();
|
68
|
-
}
|
69
|
-
} catch(PDOException $e){
|
70
|
-
die('エラー:' . $e->getMessage());
|
71
|
-
}
|
72
81
|
|
82
|
+
; NOTE: If you are using the subdirectory option for storing session files
|
83
|
+
; (see session.save_path above), then garbage collection does *not*
|
84
|
+
; happen automatically. You will need to do your own garbage
|
85
|
+
; collection through a shell script, cron entry, or some other method.
|
73
|
-
|
86
|
+
; For example, the following script would is the equivalent of
|
87
|
+
; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
|
74
|
-
|
88
|
+
; cd /path/to/sessions; find -cmin +24 | xargs rm
|
75
|
-
?>
|
76
89
|
|
77
|
-
<html>
|
78
|
-
<head>
|
79
|
-
<meta charset="UTF-8">
|
80
|
-
<title>ログイン認証画面</title>
|
81
|
-
</head>
|
82
|
-
<body>
|
83
|
-
<div>
|
84
|
-
<div>
|
85
|
-
<h1>ログイン認証をしてください。</h1>
|
86
|
-
<form>
|
87
|
-
<p>ユーザー名<input type="text" name="name"></p>
|
88
|
-
<p>パスワード<input type="password" name="password"></p>
|
89
|
-
|
90
|
+
; PHP 4.2 and less have an undocumented feature/bug that allows you to
|
91
|
+
; to initialize a session variable in the global scope, albeit register_globals
|
92
|
+
; is disabled. PHP 4.3 and later will warn you, if this feature is used.
|
90
|
-
|
93
|
+
; You can disable the feature and the warning separately. At this time,
|
91
|
-
</div>
|
92
|
-
</div>
|
93
|
-
|
94
|
+
; the warning is only displayed, if bug_compat_42 is enabled.
|
94
|
-
</html>
|
95
|
-
<?php } ?>
|
96
|
-
```
|
97
95
|
|
96
|
+
session.bug_compat_42 = 0
|
97
|
+
session.bug_compat_warn = 1
|
98
98
|
|
99
|
+
; Check HTTP Referer to invalidate externally stored URLs containing ids.
|
100
|
+
; HTTP_REFERER has to contain this substring for the session to be
|
101
|
+
; considered as valid.
|
99
|
-
|
102
|
+
session.referer_check =
|
100
103
|
|
101
|
-
```
|
102
|
-
|
104
|
+
; How many bytes to read from the file.
|
103
|
-
|
105
|
+
session.entropy_length = 0
|
104
|
-
if (!isset($_SESSION['id'])){
|
105
|
-
header('Location: login.php');
|
106
|
-
exit();
|
107
|
-
}
|
108
|
-
?>
|
109
106
|
|
110
|
-
<?php
|
111
|
-
$mode = 'input';
|
112
|
-
$errmessage = array();
|
113
|
-
if( isset($_POST['back']) && $_POST['back'] ){
|
114
|
-
// 何もしない
|
115
|
-
} else if( isset($_POST['confirm']) && $_POST['confirm'] ){
|
116
|
-
// 確認画面
|
117
|
-
if( !$_POST['text'] ) {
|
118
|
-
$errmessage[] = "本文を入力してください";
|
119
|
-
|
107
|
+
; Specified here to create the session id.
|
120
|
-
|
108
|
+
session.entropy_file =
|
121
|
-
}
|
122
|
-
$_SESSION['text'] = htmlspecialchars($_POST['text'], ENT_QUOTES);
|
123
109
|
|
124
|
-
|
110
|
+
;session.entropy_length = 16
|
125
|
-
$errmessage[] = "公開ステータスを選択してください";
|
126
|
-
}
|
127
111
|
|
128
|
-
$_SESSION['status'] = htmlspecialchars(intval($_POST['status']), ENT_QUOTES);
|
129
|
-
if( $errmessage ){
|
130
|
-
$mode = 'input';
|
131
|
-
} else {
|
132
|
-
$token = bin2hex(random_bytes(32));
|
133
|
-
$_SESSION['token'] = $token;
|
134
|
-
$mode = 'confirm';
|
135
|
-
}
|
136
|
-
} else if( isset($_POST['send']) && $_POST['send'] ){
|
137
|
-
// 送信ボタンを押したとき
|
138
|
-
if( !$_POST['token'] || !$_SESSION['token']){
|
139
|
-
$errmessage[] = '不正な処理が行われました';
|
140
|
-
$_SESSION = array();
|
141
|
-
$mode = 'input';
|
142
|
-
} else if($_POST['token'] != $_SESSION['token'] ){
|
143
|
-
$errmessage[] = '不正な処理が行われました!';
|
144
|
-
$_SESSION = array();
|
145
|
-
$mode = 'input';
|
146
|
-
} else {
|
147
|
-
$message = "投稿を完了しました。";
|
148
|
-
$_SESSION = array();
|
149
|
-
$mode = 'send';
|
150
|
-
}
|
151
|
-
} else {
|
152
|
-
$_SESSION = array();
|
153
|
-
}
|
154
|
-
?>
|
155
|
-
<!DOCTYPE html>
|
156
|
-
<html lang="ja">
|
157
|
-
<head>
|
158
|
-
<meta charset="utf-8">
|
159
|
-
<title>投稿フォーム</title>
|
160
|
-
</head>
|
161
|
-
<body>
|
162
|
-
<div>
|
163
|
-
<div>
|
164
|
-
|
112
|
+
;session.entropy_file = /dev/urandom
|
165
|
-
<!-- 入力画面 -->
|
166
|
-
|
167
|
-
<?php
|
168
|
-
if( $errmessage ){
|
169
|
-
echo '<div class="alert-danger" role="alert">'; echo implode('<br>', $errmessage );
|
170
|
-
echo '</div>';
|
171
|
-
}
|
172
|
-
?>
|
173
|
-
<form action="./write.php" method="post">
|
174
|
-
<h2>NEWSに表示する文章を更新してください。</h2>
|
175
|
-
<textarea name="text"></textarea>
|
176
|
-
<div>
|
177
|
-
<h2>ステータスを選択してください。</h2>
|
178
|
-
<div>
|
179
|
-
|
180
|
-
<input id="displayButton" type="radio" value="1" name="status" checked></input>
|
181
|
-
<input id="hideButton" type="radio" value="2" name="status"></input>
|
182
|
-
</div>
|
183
|
-
</div>
|
184
|
-
<?php
|
185
|
-
$_SESSION['token'] = sha1(uniqid(mt_rand(), true));
|
186
|
-
?>
|
187
|
-
<input type="hidden" name="token" value="<?php echo $_SESSION['token'];?>">
|
188
|
-
|
189
|
-
<input type="submit" name="confirm" value="確認">
|
190
113
|
|
114
|
+
; Set to {nocache,private,public,} to determine HTTP caching aspects
|
115
|
+
; or leave this empty to avoid sending anti-caching headers.
|
116
|
+
session.cache_limiter = nocache
|
191
117
|
|
192
|
-
</form>
|
193
|
-
</div>
|
194
|
-
</div>
|
195
|
-
|
118
|
+
; Document expires after n minutes.
|
196
|
-
|
119
|
+
session.cache_expire = 180
|
197
120
|
|
121
|
+
; trans sid support is disabled by default.
|
122
|
+
; Use of trans sid may risk your users security.
|
123
|
+
; Use this option with caution.
|
124
|
+
; - User may send URL contains active session ID
|
125
|
+
; to other person via. email/irc/etc.
|
126
|
+
; - URL that contains active session ID may be stored
|
127
|
+
; in publically accessible computer.
|
128
|
+
; - User may access your site with the same session ID
|
129
|
+
; always using URL stored in browser's history or bookmarks.
|
130
|
+
session.use_trans_sid = 0
|
198
131
|
|
132
|
+
; Select a hash function
|
133
|
+
; 0: MD5 (128 bits)
|
134
|
+
; 1: SHA-1 (160 bits)
|
135
|
+
session.hash_function = 0
|
199
136
|
|
137
|
+
; Define how many bits are stored in each character when converting
|
138
|
+
; the binary hash data to something readable.
|
139
|
+
;
|
140
|
+
; 4 bits: 0-9, a-f
|
141
|
+
; 5 bits: 0-9, a-v
|
142
|
+
; 6 bits: 0-9, a-z, A-Z, "-", ","
|
143
|
+
session.hash_bits_per_character = 5
|
200
144
|
|
145
|
+
; The URL rewriter will look for URLs in a defined set of HTML tags.
|
146
|
+
; form/fieldset are special; if you include them here, the rewriter will
|
147
|
+
; add a hidden <input> field with the info which is otherwise appended
|
148
|
+
; to URLs. If you want XHTML conformity, remove the form entry.
|
149
|
+
; Note that all valid entries require a "=", even if no value follows.
|
150
|
+
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
|
151
|
+
session.save_path="C:\MAMP\bin\php\sessions\"
|
201
152
|
|
202
|
-
<?php var_dump($_SESSION['id']);?>
|
203
153
|
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
<form action="./write.php" method="post">
|
211
|
-
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
|
212
|
-
<h4>本文内容</h4> <p><?php echo nl2br($_SESSION['text']) ?><br></p>
|
213
|
-
<?php if($_SESSION['status'] == 1) {
|
214
|
-
echo "<h4>表示ステータス</h4><p>本文を公開する。</p>";
|
215
|
-
} elseif ($_SESSION['status'] == 2) {
|
216
|
-
echo "<h4>表示ステータス</h4><p>本文を非公開にする。</p>";
|
217
|
-
}
|
218
|
-
?>
|
219
|
-
|
220
|
-
<div>
|
221
|
-
|
222
|
-
<input type="submit" name="back" value="戻る" />TOPに戻る
|
223
|
-
<input type="submit" name="send" value="送信" />送信する。
|
224
|
-
</div>
|
225
|
-
</form>
|
226
|
-
<?php } else { ?>
|
227
|
-
<!-- 完了画面 -->
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
|
232
|
-
|
233
|
-
|
234
|
-
<?php var_dump($_SESSION['id']);?>
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
<a href="write.php">更新しました。</a>
|
239
|
-
|
240
|
-
<?php } ?>
|
241
|
-
</body>
|
242
|
-
</html>
|
243
|
-
|
244
|
-
|
245
154
|
```
|
246
155
|
|
247
156
|
### 試したこと
|
4
q
title
CHANGED
File without changes
|
body
CHANGED
@@ -20,6 +20,8 @@
|
|
20
20
|
### 該当のソースコード
|
21
21
|
●login.php
|
22
22
|
|
23
|
+
|
24
|
+
```
|
23
25
|
<?php
|
24
26
|
session_start(); // セッション開始
|
25
27
|
|
@@ -91,13 +93,10 @@
|
|
91
93
|
</body>
|
92
94
|
</html>
|
93
95
|
<?php } ?>
|
94
|
-
|
95
|
-
|
96
96
|
```
|
97
97
|
|
98
98
|
|
99
|
-
●write.php
|
99
|
+
●write.php
|
100
|
-
```ここに言語を入力
|
101
100
|
|
102
101
|
```
|
103
102
|
<?php
|
3
a
title
CHANGED
File without changes
|
body
CHANGED
@@ -98,6 +98,8 @@
|
|
98
98
|
|
99
99
|
●write.php
|
100
100
|
```ここに言語を入力
|
101
|
+
|
102
|
+
```
|
101
103
|
<?php
|
102
104
|
session_start();
|
103
105
|
if (!isset($_SESSION['id'])){
|
@@ -240,7 +242,6 @@
|
|
240
242
|
</body>
|
241
243
|
</html>
|
242
244
|
|
243
|
-
```
|
244
245
|
|
245
246
|
```
|
246
247
|
|
2
a
title
CHANGED
File without changes
|
body
CHANGED
@@ -15,11 +15,11 @@
|
|
15
15
|
なし $_SESSION['id']がNULLになることによる強制リダイレクトの発生
|
16
16
|
```
|
17
17
|
|
18
|
+
|
19
|
+
|
18
20
|
### 該当のソースコード
|
21
|
+
●login.php
|
19
22
|
|
20
|
-
```PHP
|
21
|
-
●login.php
|
22
|
-
```ここに言語を入力
|
23
23
|
<?php
|
24
24
|
session_start(); // セッション開始
|
25
25
|
|
@@ -240,6 +240,7 @@
|
|
240
240
|
</body>
|
241
241
|
</html>
|
242
242
|
|
243
|
+
```
|
243
244
|
|
244
245
|
```
|
245
246
|
|
1
a
title
CHANGED
File without changes
|
body
CHANGED
@@ -19,6 +19,7 @@
|
|
19
19
|
|
20
20
|
```PHP
|
21
21
|
●login.php
|
22
|
+
```ここに言語を入力
|
22
23
|
<?php
|
23
24
|
session_start(); // セッション開始
|
24
25
|
|
@@ -92,10 +93,11 @@
|
|
92
93
|
<?php } ?>
|
93
94
|
|
94
95
|
|
96
|
+
```
|
95
97
|
|
96
98
|
|
97
99
|
●write.php
|
98
|
-
|
100
|
+
```ここに言語を入力
|
99
101
|
<?php
|
100
102
|
session_start();
|
101
103
|
if (!isset($_SESSION['id'])){
|
@@ -239,6 +241,7 @@
|
|
239
241
|
</html>
|
240
242
|
|
241
243
|
|
244
|
+
```
|
242
245
|
|
243
246
|
### 試したこと
|
244
247
|
|