0

我正在创建一个受密码保护的网页。一切正常,但我的问题是,每当用户从我的网页复制网址并粘贴另一个浏览器时,该页面就会显示相同的数据(我有许多网页,所有页面都显示相关数据)。那不是我想要的。我希望它再次自动进入登录页面。我需要相同的会话过期脚本我的代码如下所示。

<?php



$host = ""; // Your host address to your     database on your server. Usually "localhost". Check with your hosting provider
$user = ""; // Your username you set up for this database on your server
$pass = ""; // Your password you set up for this database on your server
$db = ""; // The database name that you will be connecting to

// Connecting to the MySQL database
mysql_connect($host, $user, $pass);
mysql_select_db($db);


if (isset($_POST['username'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    // Query to check to see if the username and password supplied match the database records
    $sql = "SELECT * FROM users WHERE username='".$username."' AND     password='".$password."' LIMIT 1";
    $res = mysql_query($sql);
    // If login information is correct
    if (mysql_num_rows($res) == 1) 
    {
    header('Location: done.php');

}
    // If login information is invalid
    else {
    header('Location: error.php');

}
}

?>

谢谢 !

4

5 回答 5

1

为此,您需要使用 [ Session][1] 。一个例子是here。

用户输入登录凭据后不久

    if (valid credentials given) 
    {
      session_start();
      $_SESSION['data'] = "some data";

    }

然后在每个页面中你需要使用这两个语句。

session_start();
if($_SESSION['data'] is set and valid) {
   // go to the page
}
else {
   // go to login page
}

我建议您阅读有关如何使用会话的好教程。

于 2013-06-06T06:30:57.197 回答
0

您需要在页面开头检查可用的会话数据

<?PHP
session_start();

if (!$_SESSION['is_logged_in'] || $_SESSION['expires'] < time() ){
    header('Location: login.php');
    session_unset();
    session_destroy();
    exit;
}
else $_SESSION['expires'] = time() + 3600; //refresh the lifetime

然后在您登录期间,您将设置这些变量:

<?PHP
//Never sent unchecked data to mysql server
//creating md5 hashed to prevent from mysql injections
$username = md5(strtolower($_POST['username']));
$password = md5($_POST['password']);

$query = 'SELECT * FROM users WHERE MD5(LOWER(username)) = "'. $username .'" AND MD5(password) = "' . $password . '"';
 [...]
 if (mysql_num_rows($res) === 1){
     $_SESSION['is_logged_in'] = true;
     $_SESSION['expires'] = time() + 3600;   // 3600 seconds session lifetime
 }
于 2013-06-06T06:34:34.177 回答
0

每个需要登录用户的页面都必须单独检查用户是否有足够的权限(已经登录)。如果他没有足够的权限,则将他重定向到登录页面。

秘密页面.php

session_start();

// is user not yet logged-in?
if (!isset($_SESSION['userid']))
{
  // remember the requested url
  $_SESSION['loginTarget'] = $_SERVER['PHP_SELF'];

  // redirect to the login page
  header('Location: login.php', true, 303);
  exit;
}
else
{
  // already logged in
  echo 'hello user';
}

登录.php

session_start();

// user submitted the login input?
if ($_SERVER['REQUEST_METHOD'] === 'POST')
{
  ...
  // after checking username and login
  if ($usernameAndPasswordAreCorrect)
  {
    // remember the logged-in user
    $_SESSION['userid'] = $userId;

    // redirect to the target page
    header('Location: ' . $_SESSION['loginTarget'], true, 303);
    exit;
  }
}
...

这个脚本只是一个解释工作流的例子,不是一个有效的解决方案,它应该让你开始。还有很多其他事情要做,比如使用慢速密钥派生函数 ( BCrypt ) 散列密码、输入验证、防止 SQL 注入、设置默认登录目标......

于 2013-06-06T07:59:06.270 回答
0

尝试这个:

<?php
$host = ""; // Your host address to your     database on your server. Usually "localhost". Check with your hosting provider
$user = ""; // Your username you set up for this database on your server
$pass = ""; // Your password you set up for this database on your server
$db   = ""; // The database name that you will be connecting to
// Connecting to the MySQL database
mysql_connect($host, $user, $pass);
mysql_select_db($db);
if (isset($_POST['username'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    // Query to check to see if the username and password supplied match the database records
    $sql      = "SELECT * FROM users WHERE username='" . $username . "' AND     password='" . $password . "' LIMIT 1";
    $res      = mysql_query($sql);
    // If login information is correct
    if (mysql_num_rows($res) == 1) {
        // if user is valid then start session
        if (session_id() == '') {
            // session isn't started
            session_start();
            $_SESSION['user'] = true;
        }
        header('Location: done.php');
        die();
    }
    // If login information is invalid
    else {
        header('Location: error.php');
        die();
    }
}
// done.php
if (session_id() == '') {
    // session isn't started
    session_start();
    if ($_SESSION['user']) {
        // valid code
    } else {
        // redirect on login page
        header('Location: login.php');
        die();
    }
}
?>
于 2013-06-06T06:39:18.943 回答
0

这是一个完整的登录系统示例,它在会话中存储登录信息。尝试这个!

登录页面

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>

登录检查脚本

<?php

$host="localhost"; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

成功页面

<?php
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>

<html>
<body>
Login Successful
</body>
</html>

注销脚本

<?php 
session_start();
session_destroy();
?>
于 2013-06-06T06:43:34.353 回答