0 
<?php

    $userid = $_POST["userid"];
    $pword = $_POST["pword"];

    # session

    session_start();

    # check that session is valid and set

    if(!isset($_SESSION['login']))
    {
        header('Location: login.php');
    }

    # check that the required values have been entered
    $testin1 = ($userid);
    $testin2 = ($pword);

    if($testin1 == "") 
    {
        print "<hr><h1> No Username Entered, Please return to the Login page</h1></hr>";
    }
    elseif ($testin2 == "") 
    {
        print "<hr><h1> No Password Entered, Please return to the Login page</h1></hr>";
    }

    # Connect to database

    $connect = mysql_connect ("localhost","root") or die("Error Connecting to SQLServer"); 
    $db = mysql_select_db ("test");

    # query  

      $query = mysql_query ("select username from login where username = '$userid' and pword = '$pword';");

    if($query === FALSE) 
    {
        die(mysql_error());
    }

    $result = mysql_fetch_array($query);
    $record = $result['username'] ;

    if ($record != null) 
    # check if session is operational, if so redirect the user to the correct page    
    {
        $_SESSION['login'] = true;
        header( 'Location: index.php' ) ;
    }
    else if ($record == null) 
    {
        header( 'Location: login.php' );
    }
?>

有谁知道这在哪里不起作用?它似乎是“无错误”,但不断将我重定向回 l​​ogin.php 页面,而不是 index.php 页面。任何帮助都会很棒,因为我是 PHP 的相对新手。

谢谢

4

3 回答 3

2

您正在使用mysql_fetch_array(). 为了通过您需要使用的键访问结果mysql_fetch_assoc().

$result = mysql_fetch_assoc($query);
  $record = $result['username'] ;

请记住,最好使用 mysql_real_escape_string() 转义任何用户输入。

于 2012-09-11T08:59:00.147 回答
0

问题似乎出在您的会话中,请检查 $_SESSION['login'] 是否已设置,因为您正在检查 !isset() 然后您将重定向到 login.php 页面。只需通过调试代码来验证会话变量

于 2012-09-11T09:01:18.977 回答
0

看起来您可能会在输出之前向用户输出数据header()。你有<HR>s 和输出(我知道只有在出现错误时才会这样),但如果你正在使用它们,你很可能<HTML>在代码上方有类似的东西。

如果是这种情况,则没有其他标题将起作用。

(作为答案发布太久无法发表评论 - 可能是问题所在。

试试这个代码:

<?php

    session_start();
    $userid = $_POST["userid"];
    $pword = $_POST["pword"];

    // check that the required values have been entered
    $testin1 = ($userid);
    $testin2 = ($pword);

    if($testin1 == "") 
    {
        print "<hr><h1> No Username Entered, Please return to the Login page</h1></hr>";
    }

    if ($testin2 == "") 
    {
        print "<hr><h1> No Password Entered, Please return to the Login page</h1></hr>";
    }

    // Connect to database

    $connect = mysql_connect ("localhost","root") or die("Error Connecting to SQLServer"); 
    $db = mysql_select_db ("test");

    // query  

      $query = mysql_query ("select username from login where username = '$userid' and pword = '$pword';");

    if($query === FALSE) 
    {
        die(mysql_error());
    }

    $result = mysql_fetch_array($query);
    $record = $result['username'] ;

    if ($record != null) 
    // check if session is operational, if so redirect the user to the correct page    
    {
        $_SESSION['login'] = true;
        header( 'Location: index.php' ) ;
    }
    else if ($record == null) 
    {
        header( 'Location: login.php' );
    }
?>

我浏览并移动了一些东西,并稍微修改了逻辑。

于 2012-09-11T09:01:43.493 回答