我正在尝试设置会话信息,如果用户成功登录,但值未设置或设置为空白。我在每个页面的顶部都有session_start();,包括登录处理程序和所有受保护的页面。我错过了什么吗?
$qry= "SELECT * FROM members WHERE username='$username';";
$result=mysql_query($qry);
$rows=mysql_fetch_object($result);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
if($rows->authlevel == "admin") { //if it's not an admin no need to check password
if($password = $rows->password) {
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['username'];
$_SESSION['SESS_FIRST_NAME'] = $member['username'];
$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
$_SESSION['SESS_LAST_NAME'] = $member['username'];
session_write_close();
header("location: admin_index.php");
exit();
} else {
header("location: login-failed.php"); //change for bad password etc.
}
} else {
header("location: login-failed.php"); //change for invalid user level ( you do not
}
} else {
header("location: login-failed.php");
}
} else {
die("Query failed"); //change for username not found, or unknown username
}
?>
注意:是的,我知道,我应该使用MYSQLi或PDO,但我稍后会实现。这主要是出于学习目的,所以我最终会到达那里。
答案 0 :(得分:1)
如果要分配true-ish值,则if($password = $rows->password) {
为true。 您需要比较“==”而不是分配“=”。
if($password == $rows->password) {
编辑: 下一个问题是你在顶部提取一个对象
$rows=mysql_fetch_object($result);
然后稍后从同一个$result获取下一行作为关联数组 - 并且下一行为空(结果中只有一行)。
$member = mysql_fetch_assoc($result);
相反,您应该从已有的$row对象设置会话变量。
$_SESSION['SESS_MEMBER_ID'] = $row->username;
$_SESSION['SESS_FIRST_NAME'] = $row->username;
$_SESSION['SESS_FIRST_NAME'] = $row->firstname;
$_SESSION['SESS_LAST_NAME'] = $row->username;