我已经创建了一个会员登录页面,现在我正在处理一个受限制的“会员专用部分”。我对 mySQL 还很陌生,实际上我也在尝试自学。我的问题与授权刚刚登录的人有关,以允许他们进入该受限部分。反之亦然,如果他们没有登录,他们应该无法访问它或发现错误。以下是我从登录页面获得的代码以及受限部分的代码......
echo "Welcome."; //Successful
echo "<br>";
echo "<a href='thankspage.html'> Click here </a> to continue to the Member Page."; // creates a link to go to.
$sql = " INSERT INTO Login (loginName,loginTime)
VALUES ('$username', NOW() ) "; // creates the login time.
$result = $mysqli->query($sql) or die ($mysqli->error); // shoots an error if i did something wrong.
$_SESSION[‘logname’] = $userlogin;
$_SESSION[‘auth’]=”yes”;
以下是信息部分的代码:
if ($_SESSION[‘auth’] != “yes”)
{
header("Location: membership.php");
exit();
}
$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE)
or die("Failed to connect");
$sql = "SELECT firstName,lastName FROM Member
WHERE loginName=’{$_SESSION['logname']}’ ";
$result = $mysqli->query($sql) or die($mysqli->error);
我的主要问题是,无论我是否登录,我都可以访问此页面......变量$_SESSION['auth']不是全局变量吗?