编辑:分配工作。请不要提及外部库或处理安全问题的复杂程序。
我想实现一个非常基本的登录页面,将用户的用户名和密码与存储在数据库中的用户名和密码(使用 MySql)进行比较,然后重定向到仅对登录用户可用的另一个网页。我看过这两个教程:
http://frozenade.wordpress.com/2007/11/24/how-to-create-login-page-in-php-and-mysql-with-session/
http://www.phpro.org/tutorials/Basic-Login-Authentication-with-PHP-and-MySQL.html
我已经尝试使用这两种技术。第二个一直给我服务器错误,第一个给我登录页面,并且没有返回任何错误,但是当按下提交按钮时,它什么也没做。我几乎逐字逐句地遵循它,只更改文件名和一些数据库列名以适应我预先存在的东西,但无济于事。这个登录页面让我非常头疼,我真的很想把它排除在外,现在就完成。
登录页面
<?php
// Inialize session
session_start();
// Check, if user is already login, then jump to secured page
if (isset($_SESSION['username'])) {
header('Location: RecordEvents.php');
}
?>
...跳过所有不必要的部分
<h1>Login</h1>
<?php
if(!empty($errorMessage))
{
echo("<p>There was a problem with your login:</p>\n");
echo("<ul>" . $errorMessage . "</ul>\n");
}
?>
<form action="loginscript.php" method="post">
Username:
<input type="text" name="username" /> </br>
Password:
<input type="password" name="password" /> </br>
<p>
<!--the submit button with an altered value. once selected the validation script will run-->
<input type="submit" name="login" value="Allons-y!" />
</p>
</form>
CONFIG.INC (我一开始尝试将文件命名为 .php ,但这并没有什么区别。)
<?php
$hostname = 'localhost';
$dbname = 'clubresults';
$username = 'newuser';
$password = 'password';
// Let's connect to host
mysql_connect($hostname, $username, $password) or DIE('Connection to host is failed, perhaps the service is down!');
// Select the database
mysql_select_db($dbname) or DIE('Database name is not available!');
?>
登录脚本.PHP
<?php
// Inialize session
session_start();
// Include database connection settings
include('Inlcude\config.inc');
// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM admin_passwords WHERE (Username = '" . mysql_real_escape_string($_POST['username']) . "') and (Password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')");
// Check username and password match
if (mysql_num_rows($login) == 1) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
header('Location: RecordEvents.php');
}
else {
// Jump to login page
header('Location: Login.php');
}
?>
记录.PHP
<?php
// Inialize session
session_start();
// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username'])) {
header('Location: Login.php');
}
Include ('Include\eventscript.php');
?>
……呜呜呜
<?php
if(!empty($errorMessage))
{
echo("<p>There was an error with your form:</p>\n");
echo("<ul>" . $errorMessage . "</ul>\n");
}
?>
<form action="RecordEvents.php" method="post">
Name: <input type="text" name="EventName" value="<?php print $varEventname;?>" /> </br>
Date: <input type="text" name="EventDate" placeholder="yyyy-mm-dd hh:mm:ss" value="<?php print $varEventdate;?>" /> </br>
Location: <input type="text" name="Location" value="<?php print $varLocation;?>" /> </br>
<p>
<!--the submit button with an altered value. once selected the validation script will run-->
<input type="submit" name="formSubmit" value="Allons-y!" />
<!--the reset button to empty the form and start again-->
<input type="reset" name="formReset" value="Try Again" />
</p>
</form>
数据库称为 clubresults,我使用的表是 admin_passwords,列名是:用户名、密码。
谁能发现我明显犯的错误?