我正在尝试从登录脚本传递一个会话变量以显示一个欢迎 [用户名] 按摩,目前它没有通过它 - 有什么想法吗?我对 PHP 很陌生,因此非常感谢您的所有评论。
代码如下。
<?php
ob_start(); // Start output buffering
session_start(); //must call session_start before using any $_SESSION variables
$_SESSION['username'] = $username;
function validateUser()
{
session_regenerate_id (); //this is a security measure
$_SESSION['valid'] = 1;
$_SESSION['username'] = $username;
}
$username = isset($_POST['username'])?$_POST['username']:'';
$password = isset($_POST['password'])?$_POST['password']:'';
//connect to the database here
$hostname_PropSuite = "localhost";
$database_PropSuite = "propsuite";
$username_PropSuite = "root";
$password_PropSuite = "root";
$PropSuite = mysql_pconnect($hostname_PropSuite, $username_PropSuite, $password_PropSuite) or trigger_error(mysql_error(),E_USER_ERROR);
mysql_select_db($database_PropSuite, $PropSuite);
$username = mysql_real_escape_string($username);
$query = "SELECT password, salt FROM admin_users WHERE username = '$username';";
$result = mysql_query($query) or die(mysql_error());
if(mysql_num_rows($result) < 1) //no such user exists
{
header('Location: http://localhost/PropSuite/index.php?login=fail');
die();
}
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
if($hash != $userData['password']) //incorrect password
{
header('Location: http://localhost/PropSuite/index.php?login=fail');
die();
}
else
{
validateUser(); //sets the session data for this user
}
//redirect to another page or display "login success" message
header('Location: http://localhost/PropSuite/main');
die();
//redirect to another page or display "login success" message
?>