2

我进行了login.php设置,以便每当登录成功时,它都会自动定向到profile.php. 但是,即使登录成功,每次我去profile.php时仍然说“您必须登录才能访问此页面”。为什么?

这是我的login.php

$email = $_POST['email-field'];
$password = $_POST['password-field'];

if ($email && $password)
{
    $connect = mysql_connect("xx", "xx", "xx") or die("Couldnt connect!");
    mysql_select_db(xx) or die("Couldnt find db");

    $query = mysql_query("SELECT * FROM users WHERE email = '$email'");

    $numrows = mysql_num_rows($query);

    if ($numrows != 0)
    {

        while ($row = mysql_fetch_assoc($query))
        {
            $email = $row['email'];
            $md5password = $row['password'];
        }

        if ($email == $email && $md5password == md5($password))
        {
            header("Location: profile.php");
            $_SESSION['email']==$email;
        }
        else
            echo "Incorrect password";
    }
    else
        die("That user doessnt exist!");
}
else
    die("Please enter a username and a password");

我的profile.php

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<?php 

include('get-info.php');

session_start();

if ($_SESSION['email'])
    echo "<a href=logout.php>Logout</a>";
else
    die("You must be logged in to access this page");


?>


<html>

    <head>

        <title>

            R-A | Profile

        </title>

        <link href='css.css' rel='stylesheet' type='text/css' />

    </head>

    <body class='body3' >

        <div class='logo-bar'>

            <div class='menu'>

                <img src='images/rateaway.png' class='logo-bar-img' />

                    <div class='menu-options'>

                        <a href='index.php' class='menu-links' >Home</a>

                        <a href='profile.php' class='menu-links' >Profile</a>

                        <a href='profile.php' class='menu-links' >Friends</a>

                    </div>

            </div>

        </div>

        <div class='profile-main-content' >

            <div class='profile-current-info'>

                <p class='profile-name'> <?php get_info('iran_mateu@yahoo.com', 'name'); ?> </p>

                <img src='<?php get_info('iran_mateu@yahoo.com', 'profilepic'); ?>' class='profile-pic'/>

                <p class='profile-dob' > Born: <?php get_info('iran_mateu@yahoo.com', 'dob'); ?> </p>

                <p class='profile-country' > Currently lives in: <?php get_info('iran_mateu@yahoo.com', 'country'); ?> </p>

                <p class='profile-gender' > Gender: <?php get_info('iran_mateu@yahoo.com', 'gender'); ?> </p>

            </div>

            <div class='profile-edit-info' >



            </div>

        </div>

    </body>
4

4 回答 4

2

您忘记开始会话了。在您要使用会话的每个页面上,您必须调用:

session_start();

还要确保在输出任何内容之前执行此操作,否则它将不起作用。

于 2012-06-07T01:21:07.603 回答
1

成功登录后,您没有写入会话。考虑这部分:

if ($email==$email&&$md5password==md5($password))
    {
        header("Location: profile.php");
        $_SESSION['email']==$email;
    }

您应该使用=而不是==. 既然你不是,你没有分配$email$_SESSION['email']. 您没有分配任何东西,只是进行比较(并丢弃其返回值)。所以应该是:

$_SESSION['email'] = $email;

此外,您应该添加session_start();到 login.php 的顶部,正如 minitech 在他的回答中所建议的那样。

于 2012-06-07T01:25:37.153 回答
0

此外,除非您有可靠的验证,不允许在您的注册页面上将多封电子邮件发送到您的数据库,否则您的查询应该是:

mysql_query("SELECT * FROM users WHERE email = '$email' LIMIT 1");

这将确保只检索一条记录(理论上应该始终如此) - 但如果确实设法检索了不止一条记录,它会破坏您的代码。

最后 ($email == $email... 嗯不确定你做对了,因为这总是正确的,因为你基本上只是检查它是否等于它自己(它总是会),我认为你很困惑,因为你实际上已经用数据库中的数据覆盖了您从 $_POST 获得的 $email 变量。因此,您应该将代码修改为:

while ($row = mysql_fetch_assoc($query))
{
   $db_email = $row['email'];
   $md5password = $row['password'];
}

if ( $email == $db_email && $md5password == md5($password) )
{
   // assign variables / do things BEFORE redirecting as there is a risk that
   // your session data may not get written in some circumstances
   $_SESSION['email'] = $email;
   header("Location: profile.php");
   // always good habit to make sure nothing else is done after the redirection
   die();
}

编辑:

还有一个提示:

这:

$email = $_POST['email-field'];
$password = $_POST['password-field'];

if ($email && $password)
{

会更好:

session_start();
if ( isset($_POST['email-field']) && isset($_POST['email-field']) )
{
    $email = $_POST['email-field'];
    $password = $_POST['password-field'];
    // add some validation to your $email and $password variables

如果您的 $_POST 变量实际上没有像原始代码中那样设置,则上述内容将有助于避免通知,您使用 $_POST 变量就好像它们已设置(它们可能没有设置)一样 - 再次只是一个好习惯。

于 2012-06-07T01:52:56.623 回答
0

需要此功能说明,

if ($email==$email&&$md5password==md5($password)) { header("位置:profile.php"); $_SESSION['email']==$email; }

作者:加亚兰布特

于 2014-09-02T07:33:25.097 回答