編集履歴

質問編集履歴

aaa

2020/10/20 16:07

投稿

kamomesaaaaan

スコア0

title CHANGED Viewed

File without changes

body CHANGED Viewed

@@ -1,247 +1,156 @@
 ### 前提・実現したいこと
-PHPを使ったログイン機能と投稿フォームを作成しています。
-$_SESSION['id']を用いたログイン機能を作りたいのですが、
-ページ遷移の過程で$_SESSIONの中身がNULLになってしまい、
-思うような挙動になりません。
-どのような原因が考えられるでしょうか？
+```ini
+[Session]
+; Handler used to store/retrieve data.
+session.save_handler = files
+; Argument passed to save_handler.  In the case of files, this is the path
+; where data files are stored. Note: Windows users have to change this
+; variable in order to use PHP's session functions.
-不明
+;
+; As of PHP 4.0.1, you can define the path as:
+;
+;     session.save_path = "N;/path"
+;
+; where N is an integer.  Instead of storing all the session files in
+; /path, what this will do is use subdirectories N-levels deep, and
+; store the session data in those directories.  This is useful if you
+; or your OS have problems with lots of files in one directory, and is
+; a more efficient layout for servers that handle lots of sessions.
+;
+; NOTE 1: PHP will not create this directory structure automatically.
+;         You can use the script in the ext/session dir for that purpose.
+; NOTE 2: See the section on garbage collection below if you choose to
+;         use subdirectories for session storage
+;
+; The file storage module creates files using mode 600 by default.
+; You can change that by using
+;
+;     session.save_path = "N;MODE;/path"
+;
+; where MODE is the octal representation of the mode. Note that this
+; does not overwrite the process's umask.
+;session.save_path = "/tmp"
-```
-なし $_SESSION['id']がNULLになることによる強制リダイレクトの発生
+; Whether to use cookies.
-```
+session.use_cookies = 1
+;session.cookie_secure =
+; This option enables administrators to make their users invulnerable to
+; attacks which involve passing session ids in URLs; defaults to 0.
+; session.use_only_cookies = 1
-### 該当のソースコード
+; Name of the session (used as cookie name).
-●login.php
+session.name = PHPSESSID
+; Initialize session on request startup.
+session.auto_start = 1
-```
-<?php
+; Lifetime in seconds of cookie or, if 0, until browser is restarted.
-  session_start();  // セッション開始
+session.cookie_lifetime = 0
-  if (isset($_SESSION['id'])){
+; The path for which the cookie is valid.
-    // セッションにユーザIDがある=ログインしている
-    // トップページに遷移する
-    header('Location: write.php');
+session.cookie_path = /
-  } else if (isset($_POST['name']) && isset($_POST['password'])){
-    // ログインしていないがユーザ名とパスワードが送信されたとき
-    // データベースに接続
-    $dsn = 'mysql:host=localhost;dbname=db;charset=utf8';
+; The domain for which the cookie is valid.
-    $user = 'root';
+session.cookie_domain =
-    $password = 'root';
-    try {
+; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
-      $db = new PDO($dsn, $user, $password);
+session.cookie_httponly =
-      // プリペアドステートメントを作成
-      $stmt = $db->prepare(
-        "SELECT * FROM table WHERE name=:name AND pass=:pass"
+; Handler used to serialize data.  php is the standard serializer of PHP.
-      );
+session.serialize_handler = php
-      // パラメータを割り当て
-      $stmt->bindParam(':name', $_POST['name'], PDO::PARAM_STR);
+; Define the probability that the 'garbage collection' process is started
+; on every session initialization.
-      $stmt->bindParam(':pass', $_POST['password'], PDO::PARAM_STR);
+; The probability is calculated by using gc_probability/gc_divisor,
+; e.g. 1/100 means there is a 1% chance that the GC process starts
+; on each request.
-      //クエリの実行
-      $stmt->execute();
+session.gc_probability = 1
+session.gc_divisor     = 1000
-      if ($row = $stmt->fetch()){
+; After this number of seconds, stored data will be seen as 'garbage' and
-        // ユーザが存在していたので、セッションにユーザIDをセット
-        $_SESSION['id'] = $row['name'];
+; cleaned up by the garbage collection process.
-        // セッションID再作成
-        session_regenerate_id(true);
+session.gc_maxlifetime = 1440
-        header('Location: write.php');
-        exit();
-      } else {
-        // 1レコードも取得できなかったとき
-        // ユーザ名・パスワードが間違っている可能性あり
-        // もう一度ログインフォームを表示
-        header('Location: login.php');
-        exit();
-      }
-    } catch(PDOException $e){
-      die('エラー：' . $e->getMessage());
-    }
+; NOTE: If you are using the subdirectory option for storing session files
+;       (see session.save_path above), then garbage collection does *not*
+;       happen automatically.  You will need to do your own garbage
+;       collection through a shell script, cron entry, or some other method.
-  } else {
+;       For example, the following script would is the equivalent of
+;       setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
-    // ログインしていない場合はログインフォームを表示する
+;          cd /path/to/sessions; find -cmin +24 | xargs rm
-?>
-<html>
-<head>
-<meta charset="UTF-8">
-    <title>ログイン認証画面</title>
-</head>
-<body>
-  <div>
-    <div>
-      <h1>ログイン認証をしてください。</h1>
-      <form>
-        <p>ユーザー名<input type="text" name="name"></p>
-        <p>パスワード<input type="password" name="password"></p>
-        <input type="submit" value="ログイン" />
+; PHP 4.2 and less have an undocumented feature/bug that allows you to
+; to initialize a session variable in the global scope, albeit register_globals
+; is disabled.  PHP 4.3 and later will warn you, if this feature is used.
-    </form>
+; You can disable the feature and the warning separately. At this time,
-    </div>
-  </div>
-</body>
+; the warning is only displayed, if bug_compat_42 is enabled.
-</html>
-<?php } ?>
-```
+session.bug_compat_42 = 0
+session.bug_compat_warn = 1
+; Check HTTP Referer to invalidate externally stored URLs containing ids.
+; HTTP_REFERER has to contain this substring for the session to be
+; considered as valid.
-●write.php
+session.referer_check =
-```
-<?php
+; How many bytes to read from the file.
-      session_start();
+session.entropy_length = 0
-       if (!isset($_SESSION['id'])){
-         header('Location: login.php');
-           exit();
-      }
-?>
-<?php
-$mode = 'input';
-$errmessage = array();
-if( isset($_POST['back']) && $_POST['back'] ){
-	// 何もしない
-} else if( isset($_POST['confirm']) && $_POST['confirm'] ){
-	// 確認画面
-	if( !$_POST['text'] ) {
-		$errmessage[] = "本文を入力してください";
-	} else if( mb_strlen($_POST['text']) > 42 ){
+; Specified here to create the session id.
-		$errmessage[] = "本文は42文字以内で入力してください。";
+session.entropy_file =
-	}
-	$_SESSION['text']	= htmlspecialchars($_POST['text'], ENT_QUOTES);
-	if( !$_POST['status'] ){
+;session.entropy_length = 16
-		$errmessage[] = "公開ステータスを選択してください";
-  }
-	$_SESSION['status'] = htmlspecialchars(intval($_POST['status']), ENT_QUOTES);
-	if( $errmessage ){
-		$mode = 'input';
-	} else {
-	  $token = bin2hex(random_bytes(32));
-	  $_SESSION['token']  = $token;
-		$mode = 'confirm';
-	}
-} else if( isset($_POST['send']) && $_POST['send'] ){
-	// 送信ボタンを押したとき
-  if( !$_POST['token'] || !$_SESSION['token']){
-	  $errmessage[] = '不正な処理が行われました';
-	  $_SESSION     = array();
-	  $mode         = 'input';
-  } else if($_POST['token'] != $_SESSION['token'] ){
-    $errmessage[] = '不正な処理が行われました!';
-    $_SESSION     = array();
-    $mode         = 'input';
-  } else {
-	  $message = "投稿を完了しました。";
-	  $_SESSION = array();
-	  $mode     = 'send';
-  }
-} else {
-	$_SESSION = array();
-}
-?>
-<!DOCTYPE html>
-<html lang="ja">
-<head>
-  <meta charset="utf-8">
-  <title>投稿フォーム</title>
-</head>
-<body>
-<div>
-  <div>
-<?php if( $mode == 'input' ){ ?>
+;session.entropy_file = /dev/urandom
-  <!-- 入力画面 -->
-<?php
-  if( $errmessage ){
-  echo '<div class="alert-danger" role="alert">';                             echo implode('<br>', $errmessage );
-		echo '</div>';
-	}
-  ?>
-  <form action="./write.php" method="post">
-    <h2>NEWSに表示する文章を更新してください。</h2>
-      <textarea name="text"></textarea>
-    <div>
-      <h2>ステータスを選択してください。</h2>
-      <div>
-          <input id="displayButton" type="radio" value="1" name="status" checked></input>
-            <input  id="hideButton" type="radio" value="2" name="status"></input>
-      </div>
-    </div>
-    <?php
-    $_SESSION['token'] = sha1(uniqid(mt_rand(), true));
-    ?>
-    <input type="hidden" name="token" value="<?php echo $_SESSION['token'];?>">
- <input type="submit" name="confirm" value="確認">
+; Set to {nocache,private,public,} to determine HTTP caching aspects
+; or leave this empty to avoid sending anti-caching headers.
+session.cache_limiter = nocache
-  </form>
-  </div>
-</div>
-<?php } else if( $mode == 'confirm' ){ ?>
+; Document expires after n minutes.
-  <!-- 確認画面 -->
+session.cache_expire = 180
+; trans sid support is disabled by default.
+; Use of trans sid may risk your users security.
+; Use this option with caution.
+; - User may send URL contains active session ID
+;   to other person via. email/irc/etc.
+; - URL that contains active session ID may be stored
+;   in publically accessible computer.
+; - User may access your site with the same session ID
+;   always using URL stored in browser's history or bookmarks.
+session.use_trans_sid = 0
+; Select a hash function
+; 0: MD5   (128 bits)
+; 1: SHA-1 (160 bits)
+session.hash_function = 0
+; Define how many bits are stored in each character when converting
+; the binary hash data to something readable.
+;
+; 4 bits: 0-9, a-f
+; 5 bits: 0-9, a-v
+; 6 bits: 0-9, a-z, A-Z, "-", ","
+session.hash_bits_per_character = 5
+; The URL rewriter will look for URLs in a defined set of HTML tags.
+; form/fieldset are special; if you include them here, the rewriter will
+; add a hidden <input> field with the info which is otherwise appended
+; to URLs.  If you want XHTML conformity, remove the form entry.
+; Note that all valid entries require a "=", even if no value follows.
+url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
+session.save_path="C:\MAMP\bin\php\sessions\"
-  <?php var_dump($_SESSION['id']);?>
-  <form action="./write.php" method="post">
-    <input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
-    <h4>本文内容</h4>  <p><?php echo nl2br($_SESSION['text']) ?><br></p>
-  <?php  if($_SESSION['status'] == 1) {
-    echo "<h4>表示ステータス</h4><p>本文を公開する。</p>";
-  } elseif ($_SESSION['status'] == 2) {
-    echo "<h4>表示ステータス</h4><p>本文を非公開にする。</p>";
-  }
-  ?>
-  <div>
-      <input type="submit" name="back" value="戻る" />TOPに戻る
-      <input type="submit" name="send" value="送信" />送信する。
-  </div>
-  </form>
-<?php } else { ?>
-  <!-- 完了画面 -->
-  <?php var_dump($_SESSION['id']);?>
-　<a href="write.php">更新しました。</a>
-<?php } ?>
-</body>
-</html>
 ```
 ### 試したこと

2020/10/20 16:07

投稿

kamomesaaaaan

スコア0

title CHANGED Viewed

File without changes

body CHANGED Viewed

@@ -20,6 +20,8 @@
 ### 該当のソースコード
 ●login.php
+```
 <?php
   session_start();  // セッション開始
@@ -91,13 +93,10 @@
 </body>
 </html>
 <?php } ?>
 ```
-●write.php
+●write.php
-```ここに言語を入力
 ```
 <?php

2020/10/20 13:42

投稿

kamomesaaaaan

スコア0

title CHANGED Viewed

File without changes

body CHANGED Viewed

@@ -98,6 +98,8 @@
 ●write.php
 ```ここに言語を入力
+```
 <?php
       session_start();
        if (!isset($_SESSION['id'])){
@@ -240,7 +242,6 @@
 </body>
 </html>
-```
 ```

2020/10/20 13:41

投稿

kamomesaaaaan

スコア0

title CHANGED Viewed

File without changes

body CHANGED Viewed

@@ -15,11 +15,11 @@
 なし $_SESSION['id']がNULLになることによる強制リダイレクトの発生
 ```
 ### 該当のソースコード
+●login.php
-```PHP
-●login.php
-```ここに言語を入力
 <?php
   session_start();  // セッション開始
@@ -240,6 +240,7 @@
 </body>
 </html>
+```
 ```

2020/10/20 13:39

投稿

kamomesaaaaan

スコア0

title CHANGED Viewed

File without changes

body CHANGED Viewed

@@ -19,6 +19,7 @@
 ```PHP
 ●login.php
+```ここに言語を入力
 <?php
   session_start();  // セッション開始
@@ -92,10 +93,11 @@
 <?php } ?>
+```
 ●write.php
+```ここに言語を入力
 <?php
       session_start();
        if (!isset($_SESSION['id'])){
@@ -239,6 +241,7 @@
 </html>
+```
 ### 試したこと