0

对不起这个转储问题,但我只想知道如何在每个页面的顶部添加会话代码,以防止用户在每次移动到其他页面时登录。

这是登录表单

<?php

/**
 * @author 
 * @copyright 2012
 */
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html>
<head>
    <title>JQuery Form Example</title> 

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Customer Form Survey Login | Epic Pharma</title>
<link rel="stylesheet" media="screen" type="text/css" href="http://ebarea.com/test/new/style.css" />

</head>

<body>
<form name="myform" action="process.php" class="input" method="post">
<div id="wrapper">
    <h1 id="create-account">EPCI Pharma Survey</h1>
    <label>Name: <span>*</span></label>
    <input name="username" type="text" class="username" />
    <label>Password: <span>*</span></label>
    <input name="password" type="password" class="Passowrd" />
<div align="center">
    <input type="image" class="submit" src="http://ebarea.com/test/new/submit.png" value="Submit" />
    </form>
<!-- We will output the results from process.php here -->

</body>
</html>

这是process.php

<?php
session_start();
$host="localhost"; // Host name 
$username="ebarea_epic"; // Mysql username 
$password=",,,,"; // Mysql password 
$db_name="ebarea_epic"; // Database name 
$tbl_name="medicalrep"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$username=$_POST['username']; 
$password=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$num_results = mysql_num_rows($result);
$array = mysql_fetch_array($result);
$_SESSION['username']=$array['username'];
$_SESSION['password']=$array['password'];
$_SESSION['job_title']=$array['job_title'];

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row

if($count==1){

$_SESSION['username']=$_POST['username'];
$_SESSION['password']=$_POST['password'];

if ($array['job_title']=="user")
{ header ("location: userpage.php"); }
     else if ($array['job_title']=="admin")
{ header ("location: adminpage.php"); }
   } else {
  echo "Wrong user or password";
  }
?>

因此,当用户或移动到他的页面(userpage.php)或管理员移动到他的面板(adminpage.php)时,他将不会再次登录!

谢谢你:)

4

1 回答 1

2

session_start()在每个php页面的顶部添加。然后用于if(isset($_SESSION['blabla']))检查用户 id 是否已登录 用于session_destroy()将用户注销。

于 2012-05-01T12:00:27.433 回答