2

许多人可能会使用 PHP mySQL 函数作为网站的登录部分

我正在尝试使用此代码;

在每个内容页面上 - 检查是否登录(在每个内容页面的标题中)

<?php
session_start();
if(! isset($_SESSION["myusername"]) ){
header("location:main_login.php");
}
?>
<html>
<body>
Page Content Here
</body>
</html>

登录脚本(由我的 main_login.php 页面引用)

<?php

ob_start();
$host="ClubEvents.db.9606426.hostedresource.com"; // Host name 
$username="ClubEventsRead"; // Mysql username 
$password="Pa55word!"; // Mysql password 
$db_name="ClubEvents"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>

注销代码

<?
session_start();
session_destroy();

header("location:main_login.php");
exit();
?>

MAIN_LOGIN.php

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<?php
phpinfo()
?>

但是有些东西不起作用,页面 login_success.php 应该只有在登录时才能访问,所以要么注销不起作用,要么 login_success.php 检查不起作用。但我不知道该怎么说,我都试着和他们一起玩了,还是没有进一步的前进

问候

亨利

4

4 回答 4

1

  • session_register()弃用从 PHP 4.1.0 开始,首选使用 $_SESSION

    $_SESSION["myusername"] = $myusername;

  • 尝试session_destroy()代替session_unset().

  • 您的 IF 语句也是错误的:

    更改isset($_SESSION[$myusername]isset($_SESSION["myusername"]

这就是我管理登录的方式:

<?php session_start();

    require_once('../header.php');

    $sql = "SELECT ID, username, FROM users WHERE username='$_POST[username]' AND password='$_POST[password]'";
    $result = query($sql);

    //If nothing is returned from the DB then the credentials are wrong.
    if (!$row = mysql_fetch_array($result)) {
        header( 'Location: ../index.php' );
        die();
    }
    else {
        $user= $row;
    }

    //All user values ( id_user, username, password, firstname, lastname, avatar ) are saved in $_SESSION for later use.
    $_SESSION['ID'] = $user['ID'];                  
    $_SESSION['username'] = $user['username'];
    //This variable is used later to verify if a used is still logged in and proceed with loading a profile.
    $_SESSION['isLoggedIn'] = 1;

    header( 'Location: ../index.php' );
?>

这就是我管理注销的方式:

<?php session_start();

    require_once('../header.php');

    //Session data is destroyed so as to prevent the user from accessing any profiles after disconnection.
    session_destroy(); 
    mysql_close($connection);

    header( 'Location: ../index.php' );
?>

这就是我根据用户是否登录来管理页面内容的方式。

<?php session_start();

    echo "Page Content";

    if (@$_SESSION['isLoggedIn'] != 1) {
        showLogin();
    }
    else {
        showHome();
    }
?>
于 2012-11-23T14:20:00.150 回答
1

我从来没有遇到过以下问题:

unset($_SESSION[$myusername]);

这里的好处是您只清除登录会话,并且可以根据需要在会话中自由存储其他信息,因为session_destroy()将清除所有会话数据。

编辑:查看您的代码,如果设置了用户名会话,它总是将用户发送到登录页面。

改变:

<?php
session_start();
if( isset($_SESSION[$myusername]) ){
header("location:main_login.php");
}
?>

到(注意 isset 之前的 !)。您只想在未设置会话时重定向到登录页面。

<?php
session_start();
if(! isset($_SESSION[$myusername]) ){
header("location:main_login.php");
}
?>

评论摘要:

Session[$myusername]更改为Session['myusername']并且isset检查更改为!isset。这确定了会话一开始就没有设置。

于 2012-11-23T14:21:56.980 回答
0

尝试session_destroy();必须帮助..

手册: http: //php.net/manual/en/function.session-destroy.php

于 2012-11-23T14:20:31.803 回答
0

您的注销代码应如下所示:

<?php
session_start();
$_SESSION = array();
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
        setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}
session_destroy();
header("Location: main_login.php"); exit;
?>

区分大小写

于 2014-03-22T13:20:20.073 回答