Codeigniter 应用程序错误:即使未选中记住我,也会记住登录凭据
Codeigniter app bug: login credential are remembered even if remember me is not checked
我正在使用 newspaper/blogging application 使用 CodeIgniter 3.1.8 和 Twitter Bootstrap 4。该应用程序当然有一个 登录和注册 系统。
我目前正在努力为登录表单添加“记住我”功能。
在application\views\auth\login.php我有:
<?php echo form_open(base_url('login/login')); ?>
<div class="form-group <?php if(form_error('email')) echo 'has-error';?>">
<input type="text" name="email" id="email" value="<?php if(isset($_COOKIE['userEmail'])) { echo $_COOKIE['userEmail']; } ?>" class="form-control" placeholder="Email">
<?php if(form_error('email')) echo form_error('email'); ?>
</div>
<div class="form-group <?php if(form_error('password')) echo 'has-error';?>">
<input type="password" name="password" id="password" value="<?php if(isset($_COOKIE['userPassword'])) { echo $_COOKIE['userPassword']; } ?>" class="form-control" placeholder="Password">
<?php if(form_error('password')) echo form_error('password'); ?>
</div>
<div class="form-group remember-me">
<input type="checkbox" name="remember_me" value="true" id="remember_me">
<span class="text text-muted">Remember me</span>
</div>
<div class="form-group">
<input type="submit" value="Login" class="btn btn-block btn-md btn-success">
</div>
<?php echo form_close(); ?>
在控制器(application\controllers\Login.php)中,我有:
public function login() {
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error-message">', '</p>');
if ($this->form_validation->run()) {
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password);
// If we find a user
if ($current_user) {
// If the user found is active
if ($current_user->active == 1) {
$this->session->set_userdata(
array(
'user_id' => $current_user->id,
'user_email' => $current_user->email,
'user_avatar' => $current_user->avatar,
'user_first_name' => $current_user->first_name,
'user_is_admin' => $current_user->is_admin,
'user_active' => $current_user->active,
'is_logged_in' => TRUE
)
);
// Remember me
if (!empty($this->input->post('remember_me'))) {
setcookie ('userEmail', $email, time() + (7 * 24 * 3600));
setcookie ('userPassword', $password, time() + (7 * 24 * 3600));
} else {
setcookie ('userEmail', '');
setcookie ('userPassword','');
}
// After login, display flash message
$this->session->set_flashdata('user_signin', 'You have signed in');
//and redirect to the posts page
redirect('/dashboard');
} else {
// If the user found is NOT active
$this->session->set_flashdata("login_failure_activation", "Your account has not been activated yet.");
redirect('login');
}
} else {
// If we do NOT find a user
$this->session->set_flashdata("login_failure_incorrect", "Incorrect email or password.");
redirect('login');
}
}
else {
$this->index();
}
}
问题
由于我无法发现的原因,即使未选中 remember_me 复选框,登录凭据仍会被记住。
更新
我去application\config\config.php替换了$config['sess_expiration'] = 7200 width:
$config['sess_expiration'] = 0;
因此,记忆不再发生。
我的错误在哪里?
在您的身份验证检查脚本中也检查 cookie 过期时间,一旦过期清除会话变量。
您正在使用 Chrome 进行测试吗?我认为 Chrome 无论如何都会记住登录状态(关闭并重新打开浏览器后您仍然登录),而其他浏览器,如 Firefox,将在重新打开时丢失 cookie。
您也可以在这里进行测试:https://demo.fleio.com/
setcookie('userEmail', $email, 0, "/");
我正在使用 newspaper/blogging application 使用 CodeIgniter 3.1.8 和 Twitter Bootstrap 4。该应用程序当然有一个 登录和注册 系统。
我目前正在努力为登录表单添加“记住我”功能。
在application\views\auth\login.php我有:
<?php echo form_open(base_url('login/login')); ?>
<div class="form-group <?php if(form_error('email')) echo 'has-error';?>">
<input type="text" name="email" id="email" value="<?php if(isset($_COOKIE['userEmail'])) { echo $_COOKIE['userEmail']; } ?>" class="form-control" placeholder="Email">
<?php if(form_error('email')) echo form_error('email'); ?>
</div>
<div class="form-group <?php if(form_error('password')) echo 'has-error';?>">
<input type="password" name="password" id="password" value="<?php if(isset($_COOKIE['userPassword'])) { echo $_COOKIE['userPassword']; } ?>" class="form-control" placeholder="Password">
<?php if(form_error('password')) echo form_error('password'); ?>
</div>
<div class="form-group remember-me">
<input type="checkbox" name="remember_me" value="true" id="remember_me">
<span class="text text-muted">Remember me</span>
</div>
<div class="form-group">
<input type="submit" value="Login" class="btn btn-block btn-md btn-success">
</div>
<?php echo form_close(); ?>
在控制器(application\controllers\Login.php)中,我有:
public function login() {
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error-message">', '</p>');
if ($this->form_validation->run()) {
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password);
// If we find a user
if ($current_user) {
// If the user found is active
if ($current_user->active == 1) {
$this->session->set_userdata(
array(
'user_id' => $current_user->id,
'user_email' => $current_user->email,
'user_avatar' => $current_user->avatar,
'user_first_name' => $current_user->first_name,
'user_is_admin' => $current_user->is_admin,
'user_active' => $current_user->active,
'is_logged_in' => TRUE
)
);
// Remember me
if (!empty($this->input->post('remember_me'))) {
setcookie ('userEmail', $email, time() + (7 * 24 * 3600));
setcookie ('userPassword', $password, time() + (7 * 24 * 3600));
} else {
setcookie ('userEmail', '');
setcookie ('userPassword','');
}
// After login, display flash message
$this->session->set_flashdata('user_signin', 'You have signed in');
//and redirect to the posts page
redirect('/dashboard');
} else {
// If the user found is NOT active
$this->session->set_flashdata("login_failure_activation", "Your account has not been activated yet.");
redirect('login');
}
} else {
// If we do NOT find a user
$this->session->set_flashdata("login_failure_incorrect", "Incorrect email or password.");
redirect('login');
}
}
else {
$this->index();
}
}
问题
由于我无法发现的原因,即使未选中 remember_me 复选框,登录凭据仍会被记住。
更新
我去application\config\config.php替换了$config['sess_expiration'] = 7200 width:
$config['sess_expiration'] = 0;
因此,记忆不再发生。
我的错误在哪里?
在您的身份验证检查脚本中也检查 cookie 过期时间,一旦过期清除会话变量。
您正在使用 Chrome 进行测试吗?我认为 Chrome 无论如何都会记住登录状态(关闭并重新打开浏览器后您仍然登录),而其他浏览器,如 Firefox,将在重新打开时丢失 cookie。
您也可以在这里进行测试:https://demo.fleio.com/
setcookie('userEmail', $email, 0, "/");