php - 会话问题

Question

我正面临会话代码的问题

这是登录代码：

<?php

/**
 * @author Mina Wilson
 * @copyright 2012
 * // EPCI Pharma Survey | Rights Reserved
 */

 // Inialize session
session_start();

// Check, if user is already login, then jump to secured page
if (isset($_SESSION['name'])) {
header('Location: login_process.php');
}
?>
<?php $login="login_process.php" ?>

<!DOCTYPE html>



<html>

<head>

<title>EPCI Pharma Survey</title>

<style>



html, body

{

    height: 100%;

}



body

{

    font: 12px 'Lucida Sans Unicode', 'Trebuchet MS', Arial, Helvetica;    

    margin: 0;

    background-color: #d9dee2;

    background-image: -webkit-gradient(linear, left top, left bottom, from(#ebeef2), to(#d9dee2));

    background-image: -webkit-linear-gradient(top, #ebeef2, #d9dee2);

    background-image: -moz-linear-gradient(top, #ebeef2, #d9dee2);

    background-image: -ms-linear-gradient(top, #ebeef2, #d9dee2);

    background-image: -o-linear-gradient(top, #ebeef2, #d9dee2);

    background-image: linear-gradient(top, #ebeef2, #d9dee2);    

}



/*--------------------*/



#login

{

    background-color: #fff;

    background-image: -webkit-gradient(linear, left top, left bottom, from(#fff), to(#eee));

    background-image: -webkit-linear-gradient(top, #fff, #eee);

    background-image: -moz-linear-gradient(top, #fff, #eee);

    background-image: -ms-linear-gradient(top, #fff, #eee);

    background-image: -o-linear-gradient(top, #fff, #eee);

    background-image: linear-gradient(top, #fff, #eee);  

    height: 240px;

    width: 400px;

    margin: -150px 0 0 -230px;

    padding: 30px;

    position: absolute;

    top: 50%;

    left: 50%;

    z-index: 0;

    -moz-border-radius: 3px;

    -webkit-border-radius: 3px;

    border-radius: 3px;  

    -webkit-box-shadow:

          0 0 2px rgba(0, 0, 0, 0.2),

          0 1px 1px rgba(0, 0, 0, .2),

          0 3px 0 #fff,

          0 4px 0 rgba(0, 0, 0, .2),

          0 6px 0 #fff,  

          0 7px 0 rgba(0, 0, 0, .2);

    -moz-box-shadow:

          0 0 2px rgba(0, 0, 0, 0.2),  

          1px 1px   0 rgba(0,   0,   0,   .1),

          3px 3px   0 rgba(255, 255, 255, 1),

          4px 4px   0 rgba(0,   0,   0,   .1),

          6px 6px   0 rgba(255, 255, 255, 1),  

          7px 7px   0 rgba(0,   0,   0,   .1);

    box-shadow:

          0 0 2px rgba(0, 0, 0, 0.2),  

          0 1px 1px rgba(0, 0, 0, .2),

          0 3px 0 #fff,

          0 4px 0 rgba(0, 0, 0, .2),

          0 6px 0 #fff,  

          0 7px 0 rgba(0, 0, 0, .2);

}



#login:before

{

    content: '';

    position: absolute;

    z-index: -1;

    border: 1px dashed #ccc;

    top: 5px;

    bottom: 5px;

    left: 5px;

    right: 5px;

    -moz-box-shadow: 0 0 0 1px #fff;

    -webkit-box-shadow: 0 0 0 1px #fff;

    box-shadow: 0 0 0 1px #fff;

}



/*--------------------*/



h1

{

    text-shadow: 0 1px 0 rgba(255, 255, 255, .7), 0px 2px 0 rgba(0, 0, 0, .5);

    text-transform: uppercase;

    text-align: center;

    color: #666;

    margin: 0 0 30px 0;

    letter-spacing: 4px;

    font: normal 26px/1 Verdana, Helvetica;

    position: relative;

}



h1:after, h1:before

{

    background-color: #777;

    content: "";

    height: 1px;

    position: absolute;

    top: 15px;

    width: 120px;   

}



h1:after

{ 

    background-image: -webkit-gradient(linear, left top, right top, from(#777), to(#fff));

    background-image: -webkit-linear-gradient(left, #777, #fff);

    background-image: -moz-linear-gradient(left, #777, #fff);

    background-image: -ms-linear-gradient(left, #777, #fff);

    background-image: -o-linear-gradient(left, #777, #fff);

    background-image: linear-gradient(left, #777, #fff);      

    right: 0;

}



h1:before

{

    background-image: -webkit-gradient(linear, right top, left top, from(#777), to(#fff));

    background-image: -webkit-linear-gradient(right, #777, #fff);

    background-image: -moz-linear-gradient(right, #777, #fff);

    background-image: -ms-linear-gradient(right, #777, #fff);

    background-image: -o-linear-gradient(right, #777, #fff);

    background-image: linear-gradient(right, #777, #fff);

    left: 0;

}



/*--------------------*/



fieldset

{

    border: 0;

    padding: 0;

    margin: 0;

}



/*--------------------*/



#inputs input

{

    background: #f1f1f1 url(http://www.red-team-design.com/wp-content/uploads/2011/09/login-sprite.png) no-repeat;

    padding: 15px 15px 15px 30px;

    margin: 0 0 10px 0;

    width: 353px; /* 353 + 2 + 45 = 400 */

    border: 1px solid #ccc;

    -moz-border-radius: 5px;

    -webkit-border-radius: 5px;

    border-radius: 5px;

    -moz-box-shadow: 0 1px 1px #ccc inset, 0 1px 0 #fff;

    -webkit-box-shadow: 0 1px 1px #ccc inset, 0 1px 0 #fff;

    box-shadow: 0 1px 1px #ccc inset, 0 1px 0 #fff;

}



#username

{

    background-position: 5px -2px !important;

}



#password

{

    background-position: 5px -52px !important;

}



#inputs input:focus

{

    background-color: #fff;

    border-color: #e8c291;

    outline: none;

    -moz-box-shadow: 0 0 0 1px #e8c291 inset;

    -webkit-box-shadow: 0 0 0 1px #e8c291 inset;

    box-shadow: 0 0 0 1px #e8c291 inset;

}



/*--------------------*/

#actions

{

    margin: 25px 0 0 0;

}



#submit

{       

    background-color: #ffb94b;

    background-image: -webkit-gradient(linear, left top, left bottom, from(#fddb6f), to(#ffb94b));

    background-image: -webkit-linear-gradient(top, #fddb6f, #ffb94b);

    background-image: -moz-linear-gradient(top, #fddb6f, #ffb94b);

    background-image: -ms-linear-gradient(top, #fddb6f, #ffb94b);

    background-image: -o-linear-gradient(top, #fddb6f, #ffb94b);

    background-image: linear-gradient(top, #fddb6f, #ffb94b);



    -moz-border-radius: 3px;

    -webkit-border-radius: 3px;

    border-radius: 3px;



    text-shadow: 0 1px 0 rgba(255,255,255,0.5);



     -moz-box-shadow: 0 0 1px rgba(0, 0, 0, 0.3), 0 1px 0 rgba(255, 255, 255, 0.3) inset;

     -webkit-box-shadow: 0 0 1px rgba(0, 0, 0, 0.3), 0 1px 0 rgba(255, 255, 255, 0.3) inset;

     box-shadow: 0 0 1px rgba(0, 0, 0, 0.3), 0 1px 0 rgba(255, 255, 255, 0.3) inset;    



    border-width: 1px;

    border-style: solid;

    border-color: #d69e31 #e3a037 #d5982d #e3a037;



    float: left;

    height: 35px;

    padding: 0;

    width: 120px;

    cursor: pointer;

    font: bold 15px Arial, Helvetica;

    color: #8f5a0a;

}



#submit:hover,#submit:focus

{       

    background-color: #fddb6f;

    background-image: -webkit-gradient(linear, left top, left bottom, from(#ffb94b), to(#fddb6f));

    background-image: -webkit-linear-gradient(top, #ffb94b, #fddb6f);

    background-image: -moz-linear-gradient(top, #ffb94b, #fddb6f);

    background-image: -ms-linear-gradient(top, #ffb94b, #fddb6f);

    background-image: -o-linear-gradient(top, #ffb94b, #fddb6f);

    background-image: linear-gradient(top, #ffb94b, #fddb6f);

}   



#submit:active

{       

    outline: none;



     -moz-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.5) inset;

     -webkit-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.5) inset;

     box-shadow: 0 1px 4px rgba(0, 0, 0, 0.5) inset;        

}



#submit::-moz-focus-inner

{

  border: none;

}



#actions a

{

    color: #3151A2;    

    float: right;

    line-height: 35px;

    margin-left: 10px;

}



/*--------------------*/



#back

{

    display: block;

    text-align: center;

    position: relative;

    top: 60px;

    color: #999;

}





</style>

</head>



<body>



<form action="<?php echo $login; ?>" class="input" method="post" id="login">

    <h1>EPCI Pharma Login</h1>

    <fieldset id="inputs">

        <input id="Name" name="name" type="text" placeholder="Name" autofocus required>   

        <input id="Password" name="password" type="password" placeholder="Password" required>

    </fieldset>

    <fieldset id="actions">

        <input type="submit" id="submit" value="Log in">

        <a href="">Forgot your password?</a><a href="">Register</a>

    </fieldset>

    <a href="#" id="back">Back to article...</a>

</form>






</body>

</html>

这是 login_process.php

<?php
session_start();
$host="localhost"; // Host name 
$username="ebarea_epic"; // Mysql username 
$password="..."; // Mysql password 
$db_name="ebarea_epic"; // Database name 
$tbl_name="medicalrep"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$name=$_POST['name']; 
$password=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$name = stripslashes($name);
$password = stripslashes($password);
$job_title= stripslashes ($job_title);
$name = mysql_real_escape_string($name);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE name='$name' and password='$password'";
$result=mysql_query($sql);
$num_results = mysql_num_rows($result);
$array = mysql_fetch_array($result);
$_SESSION['name']=$array['name'];
$_SESSION['password']=$array['password'];


// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row

if($count==1){

$_SESSION['name']=$_POST['name'];
$_SESSION['password']=$_POST['password'];


if ($array['job_title']=="user")
{ header ("location: userpage.php"); }
     else if ($array['job_title']=="admin")
{ header ("location: adminpage.php"); }
   }
       else if ($name=="ahmedkamal8989@Epci" && $password=="epcisurvey2012@ahmed")
{ header ("location: adminpage.php"); }

    else {
  echo "Wrong user or password";
  }
?>

如果用户和密码错误，它会显示“错误的用户和密码”，通过再次刷新登录表单，它会将我重定向到 login_process.php，并显示消息“错误的用户或密码”

我试图将回显更改为标题和登录表单的位置，但它导致了重定向循环

现在有什么问题！

Answer 1

您应该在每个表单发布后进行重定向。

在这种情况下，在 login_process.php 中，您应该设置一个会话变量，而不是回显“密码错误”：

$_SESSION['message'] = "Wrong password";

然后将它们重定向回登录页面，如下所示：

header("Location:/login.php", TRUE, 303);

在您的 login.php 页面上，您应该有如下内容：

<?php echo $_SESSION['message']; unset($_SESSION['message']); ?>

Answer 2

让我从您的 PHP 文件中的重要内容开始

// username and password sent from form 
$name=$_POST['name']; //Save the post in $name
$password=$_POST['password']; //Save the post in $password

$sql="SELECT * FROM $tbl_name WHERE name='$name' and password='$password'";
$result=mysql_query($sql);
$num_results = mysql_num_rows($result);
$array = mysql_fetch_array($result);


$_SESSION['name']=$array['name']; //OK you save the name in SESSION without knowing if the user has submitted the right login information
$_SESSION['password']=$array['password']; //OK you save the password in SESSION without knowing if the user has submitted the right login information


// Mysql_num_row is counting table row
$count=mysql_num_rows($result); //count always has to be 1 else failed login information

if($count==1){

$_SESSION['name']=$_POST['name']; //WHAT!?! override the SESSION with the post? without escaping?
$_SESSION['password']=$_POST['password']; //Same here!?!?!

//Now you decide the job_title
if ($array['job_title']=="user")
{ header ("location: userpage.php"); }
     else if ($array['job_title']=="admin")
{ header ("location: adminpage.php"); }
   }
       else if ($name=="ahmedkamal8989@Epci" && $password=="epcisurvey2012@ahmed")
{ header ("location: adminpage.php"); }

    else {
  echo "Wrong user or password";
  }
?>

所以我像这样在上面制作了这段代码

<?php
session_start();
$host="localhost"; // Host name 
$username="ebarea_epic"; // Mysql username 
$password="..."; // Mysql password 
$db_name="ebarea_epic"; // Database name 
$tbl_name="medicalrep"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$name=mysql_real_escape_string($_POST['name']); 
$password=mysql_real_escape_string($_POST['password']);

$sql="SELECT `job_title` FROM $tbl_name WHERE name='$name' and password='$password' LIMIT 1";
$result = mysql_query($sql);
$num_results = mysql_num_rows($result);

if($num_results ==1)
{

$_SESSION['name']=$name;
$_SESSION['password']=$password;
$_SESSION['job_title']=$result[0];


switch($result[0])
{
   case 'user':
      $direct = 'userpage';
   break;

   case 'admin':
      $direct = 'adminpage';
   break;

   default:
      if ($name=="ahmedkamal8989@Epci" && $password=="epcisurvey2012@ahmed")
      {
          $direct = 'adminpage';
      }
      else
      {
          echo 'Wrong user or password';
          die();
      }
   break;
}

header('location: '.$direct.'.php');
die();

?>

我没有对此进行测试，但我希望您可以自己修复错误；）