-2

在我的页面上, http: //mackscript.netii.net/main_login.php 当我登录时,它让我进入错误的页面,我希望它让我进入指定的页面?nav_to 所以,我将其指定为?nav_to=shop.php. 但它重定向到login_success.php.

代码main_login.php

<html>
<head>
<title>Please login</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php" style="color:#B3B3B3;">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" class="field" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" class="field" id="mypassword"></td>
</tr>
<tr>
<td><a href="insert.php">Register</a></td>
<td><input type="submit" name="Submit" class="but" value="Login"></td>
<td><a href="contact.php">Forgot pass?</a></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</body>
</html>

checklogin.php 的代码(检查登录和重定向)(细节已被删除)

<?php
ob_end_flush(); 
define('DEBUG', TRUE);

ob_start();
$host=""; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name=""; // Database name 
$tbl_name=""; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 
$nav = $_GET['nav_to'];
$nav_to = (string)$nav;

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$mypass = md5($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypass'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypass and redirect to file "login_success.php"
$sql="SELECT credits FROM $tbl_name WHERE username='$myusername' and password='$mypass'";
$creds=mysql_query($sql);
$row = mysql_fetch_row($creds);
session_register("myusername");
session_register("mypass");
if(!empty($nav_to)){
header("location:$nav_to");
}
if(empty($nav_to)){ 
header("location:login_success.php?name=$myusername");
setcookie("valid", "true", time()+3600);
setcookie("creds", "$row[0]", time()+3600);
}

}else {
echo "Wrong Username or Password";
echo "<p><a href='main_login.php'>Back</a></p>";
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
</body>
</html>
4

2 回答 2

2

我认为那是因为 $nav_to 不在 $_GET 中!- 您表单中的方法是“发布”,但我看不到使用此名称的输入。

您应该添加以形成如下内容:

<input type="hidden" name="nav_to" value="<?php echo $_GET["nav_to"]; ?>" />
于 2013-10-07T10:07:55.557 回答
1

在您的 html 表单和 php 文件中使用 @Radeczek answare 替换以下代码

替换代码

if(!empty($nav_to)){
header("location:$nav_to");
}
if(empty($nav_to)){ 
header("location:login_success.php?name=$myusername");
setcookie("valid", "true", time()+3600);
setcookie("creds", "$row[0]", time()+3600);
}


if(!empty($nav_to)){
header("location:$nav_to");
exit();
}
if(empty($nav_to)){ 
header("location:login_success.php?name=$myusername");
setcookie("valid", "true", time()+3600);
setcookie("creds", "$row[0]", time()+3600);
exit();
}
于 2013-10-07T10:26:18.850 回答