好的,基本上我有一个 login.php,它只包含这个表单和来自我的 mysql 数据库的连接:它连接到我的另一个文件 login_success.php,其中包含实现我的登录功能的代码主体。
<?php
include "header2.php";
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
<style type="text/css">
#title {
height: 200px;
width: 600px;
margin-top: 30px;
margin-right: auto;
margin-bottom: 10px;
margin-left: auto;
padding-top: 20px;
padding-right: 20px;
padding-bottom: 35px;
padding-left: 20px;
}
strong {
font-size: 28px;
font-family: Georgia, "Times New Roman", Times, serif;
font-weight: bolder;
color: #31CAF5;
}
#username, #password {
width: 80%;
height: 25px;
padding: 5px;
color: #999;
background-color: #FFF;
border: thin solid #CCC;
padding-top: 10px;
}
#login, #reset {
width: 70px;
height: 30px;
}
#error {
height: 20px;
color: #FFF;
font-size: 14px;
background-color: #FF3C3C;
padding-top: 5px;
padding-bottom: 5px;
font-family: Verdana, Geneva, sans-serif;
text-align: center;
}
</style>
</head>
<body>
<div id="title"> <strong>User Login</strong><br />
<hr noshade="noshade" />
<?php
include ('db_connect.php');
?>
<form id="form1" name="form1" method="post" action="login_success.php">
<table width="100%" border="0" cellpadding="5">
<tr>
<td width="16%"> <label for="username">Username</label></td>
<td width="3%">:</td>
<td width="81%"><input type="text" name="username" id="username" /></td>
</tr>
<tr>
<td> <label for="password">Password</label></td>
<td>:</td>
<td><input type="password" name="password" id="password" /></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> <input type="submit" name="login" id="login" value="Log In" />
<input type="reset" name="reset" id="reset" value="Reset" /></td>
</tr>
</table>
</form>
</div>
</body>
</html>
<?php
//endif;
include "footer.php" ?>
这里的代码是我的文件 login_success。这个想法是,当用户输入正确的登录凭据时,它会将它们启动到已登录的会话中。它旨在允许在数据库上散列的密码。但是,出于某种原因,即使不是保存在数据库中的登录凭据,这也会允许任何详细信息通过。
<?php
session_start();
//For cases where users are not logged in redirect back to login page.
include "conn.php";
include "header.php";
$username = $_POST['username'];
$password = $_POST['password'];
$password = md5($password);
//echo "password ".$password;
//echo "username ".$username;
$qry = "SELECT * FROM login WHERE username = '$username'";
$userlogin = mysqli_query($_SESSION['conn'],$qry);
$result = mysqli_fetch_array($userlogin);
if (strcmp($result['password'], $password)==0) {
$_SESSION["loggedIn"] = $username;
$_SESSION["message"] = "Logged In Successfully.";
header('Location: members.php');
}
else {
$_SESSION["message"] = "Log In Failed";
header('Location: login.php');
}
if(!isset($_SESSION["loggedIn"])){
header("Location: index.php");
exit;
}
echo '<h1> Congratulations '.$_SESSION['loggedIn'].'</h1> <br> <h2>You successfully logged in!</h2><br>
<h3><a href="logout.php">Logout</a> <a href="members.php">Continue</a></h3><br/><br/>';
include ("footer.php");?>