-1

这是 login.php 的登录名:

<?php
     session_start();
     $username = $_POST['username'];
     $password = $_POST['password'];  
     include 'includes/connect.php';

     $username = mysqli_real_escape_string( $con, $username );
     $query = "SELECT password, salt FROM member WHERE username = '$username';";

     $result = mysqli_query( $con, $query );

    if ( mysqli_num_rows( $result ) == 0 ) { // User not found. So, redirect to login_form again.
       header('Location: login.html');
    }

    $userData = mysqli_fetch_array($result, MYSQL_ASSOC);
    $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );

    if ( $hash != $userData['password'] ) {
       header('Location: login.html');
    } else { // Redirect to home page after successful login.
       $_SESSION['username'] = $userData['username'];
       header('Location: stats.php');
    }
?>

这是 stats.php 的脚本

<?php 
   session_start();
   if ( !isset( $_SESSION['username'] ) ) {
       header("Location:register.html");
   }
?>

我试图让这个页面只有在您登录时才能访问,但是任何人都可以访问 stats.php。

4

1 回答 1

0

在您的注册页面中,添加:

<?php 
   session_start();
   if ( isset( $_SESSION['username'] ) ) {
       header("Location:stats.php");
   }
?>
于 2013-09-12T07:15:54.643 回答