-1

我成功制作了登录代码...当用户登录时,登录时间写入数据库。

session_start();
    $query = mysql_query("SELECT * FROM users");
    $result = mysql_fetch_array($query);


    if(!empty($_POST['username']) && !empty($_POST['password'])){           
        $username = ($_POST['username']);
        $password = ($_POST['password']);           
        $username = stripslashes($username);
        $password = stripslashes($password);            
        $username = mysql_real_escape_string($username);
        $password = mysql_real_escape_string($password);            
        $_SESSION['username'] = $username;
        $_SESSION['password'] = $password;

$result = mysql_query("SELECT * FROM users WHERE username = '$username' AND status = '1'"); 
 if(mysql_num_rows($result) == 1) {
                mysql_query("INSERT INTO entry(id, username_id, entry_time) VALUES ('', 'bkrpan', NOW()) "); 
                header("Location: admin.php"); 
                exit; }

        $result = mysql_query("SELECT username FROM users WHERE username = '$username' AND password = '$password'");
            if(mysql_num_rows($result) == 1) {
                mysql_query("INSERT INTO entry(id, username_id, entry_time) VALUES ('', '$username', NOW()) "); 
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $password;
            header("Location: users.php");
            exit; }
            echo "Login failed! You will be redirected.";
            echo "<meta http-equiv=\"refresh\" content=\"2;URL=index.php\">";
            } 

    else {
        echo "Login failed! You will be redirected.";
        echo "<meta http-equiv=\"refresh\" content=\"2;URL=index.php\">";
    }

     session_destroy();

但是......现在我不知道如何制作注销代码。这是我做的东西,但它不起作用。

 <?php
 mysql_connect("localhost", "root", "") or die("cannot connect"); 
 mysql_select_db("zavrsni_rad") or die("cannot select DB");
 session_start();
 $username = $_SESSION['username'];
 $sql = "SELECT * FROM users WHERE username = ".$username." AND password = ".$password;
 $result = mysql_query($sql); 
 if(mysql_num_rows($result) == 1) {
$sql_2 = "INSERT INTO entry(username_id, entry_time) VALUES (".$username.", NOW()        )";
mysql_query($sql_2); 
 }
session_destroy();
 header("location: index.php");
 ?>
4

1 回答 1

1

您忘记了查询中的单引号,并且没有获得 $password 的值

$sql = "SELECT * FROM users WHERE username = '".$username."' AND password = '".$password."'";

$sql_2 = "INSERT INTO entry(username_id, entry_time) VALUES ('".$username."', NOW())";

为清晰起见更新

<?php
session_start();

// check that the session exists first
if(isset($_SESSION['username'])) {

    // you should put your db connection in a config.php file and use mysqli or PDO - what you're using is depreciated
    mysql_connect("localhost", "root", "") or die("cannot connect"); 
    mysql_select_db("zavrsni_rad") or die("cannot select DB");

    // don't think I'd store password in a session...
    // also, is username UNIQUE in your database?
    // also, also, ALWAYS escape (sanitize) your database input to prevent agains SQL injection

    $sql = "SELECT username, password 
    FROM 
        users 
    WHERE 
        username = '".mysql_real_escape_string($_SESSION['username'])."' 
    AND 
        password = '".mysql_real_escape_string($_SESSION['password'])."'";
    $result = mysql_query($sql) or die('sql: '.mysql_error()); 

    if(mysql_num_rows($result) > 0) {
        $sql_2 = "INSERT INTO entry(username_id, entry_time) VALUES ('".mysql_real_escape_string($_SESSION['username'])."', NOW())";
        mysql_query($sql_2) or die('sql2: '.mysql_error()); 

        session_destroy();
        header("location: index.php");
    } else {
        echo 'There was an error. You have not been logged out.';
    }
}
于 2013-09-06T18:00:52.827 回答