所以我正在为 PHP & MySQL 实践建立一个网站,并且我正在尝试建立一个会员系统。应该发生的是用户进入登录页面并使用注册的用户名和密码登录(在注册过程中有效),然后页面将刷新并将它们带到“成员”区域。这是我的代码:
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username'])) {
echo "<h1>Member Area</h1>";
echo "<p>Thanks for logging in! You are <b>" . $_SESSION['Username'] . "</b> and your email address is <b>" . $_SESSION['EmailAddress'] . "</b>.</p>";
} elseif(!empty($_POST['username']) && !empty($_POST['password'])) {
$username = mysql_real_escape_string($_POST['username']);
$password = md5(md5(mysql_real_escape_string($_POST['password'])));
$checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
if(mysql_num_rows($checklogin) == 1) {
$row = mysql_fetch_array($checklogin);
$email = $row['EmailAddress'];
$_SESSION['Username'] = $username;
$_SESSION['EmailAddress'] = $email;
$_SESSION['LoggedIn'] = 1;
echo "<center>";
echo "<h1>Success</h1>";
echo "<p>We are now redirecting you to the member area.</p>";
echo "<meta http-equiv='refresh' content='2;login.php' />";
echo "</center>";
} else {
echo "<h1>Error</h1>";
echo "<p>Sorry, your account could not be found. Please <a href=\"login.php\">click here to try again</a>.</p>";
}
} else {
echo "<center>";
echo "<h1>Login</h1>";
echo "<p>Thanks for visiting! Please either login below, or <a href=\"register.php\">click here to register</a>.</p>";
echo "<form method=\"post\" action=\"login.php\" name=\"loginform\" id=\"loginform\">";
echo "<label for=\"username\">Username:</label><input type=\"text\" name=\"username\" id=\"username\" /><br />";
echo "<label for=\"password\">Password:</label><input type=\"password\" name=\"password\" id=\"password\" /><br /> ";
echo "<input type=\"submit\" name=\"login\" id=\"login\" value=\"Login\" />";
echo "</form>";
echo "</center>";
}
?>
所以基本上,页面加载并检查用户是否已经登录,如果已经登录,它会加载成员区域。如果没有,它会检查用户是否正在尝试登录,如果没有,它会显示登录表单。我的问题是,每次我或其他人尝试登录时,页面都会重新加载,但不是将它们带到“会员”区域,而是将它们带回登录表单......另外,在顶部文件我有一行是:
<?php include "base.php"; ?>
并且在 base.php 文件中我有一个session_start(),但也许这无关紧要?有什么建议么?谢谢。
编辑:注册用户的代码在不同的 php 文件中。同样,base.php 文件session_start();包含在文档的顶部: if(!empty($_POST['username']) && !empty($_POST['password'])) {
$username = mysql_real_escape_string($ _POST['用户名']);
$password = md5(md5(mysql_real_escape_string($_POST['password'])));
$email = mysql_real_escape_string($_POST['email']);
$checkusername = mysql_query("SELECT * FROM users WHERE Username = '".$username."'");
if(mysql_num_rows($checkusername) == 1) {
echo "<h1>Error</h1>";
echo "<p>Sorry, that username is taken. Please go back and try again.</p>";
} else {
$registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('".$username."', '".$password."', '".$email."')");
if($registerquery) {
echo "<h1>Success</h1>";
echo "<p>Your account was successfully created. Please <a href=\"login.php\">click here to login</a>.</p>";
} else {
echo "<h1>Error</h1>";
echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
}
}
} else {
echo "<h1>Register</h1>";
echo "<p>Please enter your details below to register.</p> ";
echo "<form method=\"post\" action=\"register.php\" name=\"registerform\" id=\"registerform\">";
echo " <label for=\"username\">Username:</label><input type=\"text\" name=\"username\" id=\"username\" /><br /> ";
echo " <label for=\"password\">Password:</label><input type=\"password\" name=\"password\" id=\"password\" /><br /> ";
echo " <label for=\"email\">Email Address:</label><input type=\"text\" name=\"email\" id=\"email\" /><br />";
echo " <input type=\"submit\" name=\"register\" id=\"register\" value=\"Register\" />";
echo "</form>";
}
?>