1

您好,我已经为我的网站 dubleeble.com 制作了一个登录系统,由于某种原因,当您登录时,它只会让您在一个页面上登录,但当您移动到另一个页面时,它会让您退出!我该如何解决?

这是我使用的代码:

<?php
session_start();
$username = $_POST['user'];
$password = $_POST['pass'];

if($username&&$password) {
    $connect = mysql_connect("host", "user","pass") or die("Could't Connect!");
    mysql_select_db("db");

    $query = mysql_query("SELECT * FROM users WHERE username='$username'");

    $numrows = mysql_num_rows($query);

    if($numrows!=0) 
    {
        while ($row = mysql_fetch_assoc($query)) {
            $dbusername = $row['username'];
            $dbpassword = $row['password'];
        }

        if($username==$dbusername&&$password==$dbpassword) {

            $_SESSION['username']=$username;            
            header('Location: ' . $_SERVER['HTTP_REFERER']);
        }
        else
        header('Location:http://dubleeble.com/php/login/incorrect.php');
    }

    else
    header('Location:http://dubleeble.com/php/login/incorrect.php');


}

else
header('Location: ' . $_SERVER['HTTP_REFERER']);
?>
4

1 回答 1

0

笔记:

  • 'loged' 拼写为记录...
  • 您应该使用某种类型的密码加密,而不仅仅是存储您应该使用的文本值
  • 像我一样使用 mysql_real_escape_string 来确保 sql 注入是不可能的

  • 确保在使用会话变量的每个页面上都调用 session_start()

    $username = $_POST['user'];
$password = $_POST['pass'];

if(isset($username) && isset($password)) {
    $connect = mysql_connect("host", "user","pass") or die("Could't Connect!");
    mysql_select_db("db");

    $row= mysql_fetch_assoc("SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."'");
    $numrows = mysql_num_rows($row);

    if($numrows > 0) {
        if($username == $row['username'] && $password == $row['password']) {

            session_start();
            $_SESSION['username'] = $username;            
            header('Location: ' . $_SERVER['HTTP_REFERER']);
        }
        else
        header('Location:http://dubleeble.com/php/login/incorrect.php');
    }
    else
    header('Location:http://dubleeble.com/php/login/incorrect.php');
}
else
header('Location: ' . $_SERVER['HTTP_REFERER']);
于 2012-07-11T22:20:57.117 回答