1

所以我在存储输入到我的网站的用户名并让自己登录到网站时遇到问题。我可以登录(我看到这是因为“您已登录”消息。但是第二次单击链接转到 members.php 页面时,它返回回显“您尚未登录。”。为什么不是 $username 值被添加到 SESSION 中了吗?

这是我的4个代码。我还有第五个我所有的 MySQL 信息,我不想分享,但是,我的用户名是通过 MySQL 确认的,因为我收到了第一次登录验证。是的,我按照 YouTube 上的教程进行操作。

索引.php

<html>

    <form action='login.php' method='POST'>
    Username: <input type='username' name='username'><br>
    Password: <input type='password' name='password'><br>
    <input type='submit' name='button' value='Login'>
    </form>

 </html>

登录.php

<?php

    session_start();

    $password = $_POST['password'];
    $username = $_POST['username'];

    include ("connect.php");

if ($username && $password)
{
    // info is provided
    $queryget = mysql_query("SELECT * FROM login WHERE username='$username' AND password ='$password' ");
    $numrows = mysql_num_rows($queryget);
    if ($numrows != 0)
    {
        $_SESSION['username'] = $username;

        echo "You have been logged in. <a href='members.php'>Go to the members page</a>";
    }
    else echo "This password is wrong";
    include ("index.php");

}
else
{
    echo "Wrong password, try again!";
    include ("index.php");
}

?>

成员.php

<?php

session_start();
$username = $_SESSION['username'];

if ($username)
    {
    echo "Welcome $username | <a href='logout.php>Logout</a>'";
    }
else
    {
    echo "You are not logged in.";
    include ("index.php");

    }

?>

注销.php

<?php

session_start();
$username = $_SESSION['username'];

session_destroy();

echo "You have been logged out.";

?>
4

2 回答 2

0

查看您的代码后,您的 SQL 查询中可能存在错误。您正在执行以下操作来检查用户:

if($numrows!=0)...

但是,如果mysql_queryormysql_num_rows返回 false(如果有错误),那么这也将验证用户。

试试下面的代码login.php,看看会发生什么。

error_reporting(E_ALL);
ini_set('display_errors', '1');
session_start();

include ("connect.php");

$password = $_POST['password'];
$username = $_POST['username'];

$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

if ($username!='' && $password!='')
{
    // info is provided
    $queryget = mysql_query("SELECT * FROM login WHERE username='$username' AND password ='$password' ") or die(mysql_error());
    if(!$queryget){ echo 'An error occured: ' . mysql_error(); exit; }

    $numrows = mysql_num_rows($queryget);

    if ($numrows > 0)
    {
        $_SESSION['username'] = $username;

        echo "You have been logged in. <a href='members.php'>Go to the members page</a>";
        exit;
    } else {
        echo "The username or password is wrong";
       include ("index.php");
       exit;
    }
} else if($username=='') {
    echo "You need to specify a username, try again!";
    include ("index.php");
    exit;
} else if($password=='') { 
    echo "You need to specify a password, try again!";
    include("index.php");
    exit;
}
于 2013-06-01T12:25:39.437 回答
-1 
login.php:

<?php
 session_start();

    $password = $_POST['password'];
    $username = $_POST['username'];

    include ("connect.php");

if ($username && $password)
{
    // info is provided
    $queryget = mysql_query("SELECT * FROM login WHERE username='$username' AND password ='$password' ");
    $numrows = mysql_num_rows($queryget);
    $row=mysql_fetch_array($queryget);
    if ($numrows != 0)
    {
        $_SESSION['username'] = $row['username'];
        $_SESSION['logged']   = 1;

        echo "You have been logged in. <a href='members.php'>Go to the members page</a>";
    }
    else 
    {
    $_SESSION['logged']   = 0;
    echo "This password is wrong";
    include ("index.php");}

}
else
{
    echo "Wrong password, try again!";
    include ("index.php");
}

?>

member.php:
<?php 
session_start();
if($_SESSION['logged'])
{

 echo "Welcome $_SESSION['username'] | <a href='logout.php>Logout</a>'";
}

else { echo "您还没有登录。"; 包括(“index.php”);

}
?>
于 2013-06-01T11:56:05.483 回答