我遇到会话代码的麻烦
这是登录代码:
<?php
/**
* @author Mina Wilson
* @copyright 2012
* // EPCI Pharma Survey | Rights Reserved
*/
// Inialize session
session_start();
// Check, if user is already login, then jump to secured page
if (isset($_SESSION['name'])) {
header('Location: login_process.php');
}
?>
<?php $login="login_process.php" ?>
<!DOCTYPE html>
<html>
<head>
<title>EPCI Pharma Survey</title>
<style>
html, body
{
height: 100%;
}
body
{
font: 12px 'Lucida Sans Unicode', 'Trebuchet MS', Arial, Helvetica;
margin: 0;
background-color: #d9dee2;
background-image: -webkit-gradient(linear, left top, left bottom, from(#ebeef2), to(#d9dee2));
background-image: -webkit-linear-gradient(top, #ebeef2, #d9dee2);
background-image: -moz-linear-gradient(top, #ebeef2, #d9dee2);
background-image: -ms-linear-gradient(top, #ebeef2, #d9dee2);
background-image: -o-linear-gradient(top, #ebeef2, #d9dee2);
background-image: linear-gradient(top, #ebeef2, #d9dee2);
}
/*--------------------*/
#login
{
background-color: #fff;
background-image: -webkit-gradient(linear, left top, left bottom, from(#fff), to(#eee));
background-image: -webkit-linear-gradient(top, #fff, #eee);
background-image: -moz-linear-gradient(top, #fff, #eee);
background-image: -ms-linear-gradient(top, #fff, #eee);
background-image: -o-linear-gradient(top, #fff, #eee);
background-image: linear-gradient(top, #fff, #eee);
height: 240px;
width: 400px;
margin: -150px 0 0 -230px;
padding: 30px;
position: absolute;
top: 50%;
left: 50%;
z-index: 0;
-moz-border-radius: 3px;
-webkit-border-radius: 3px;
border-radius: 3px;
-webkit-box-shadow:
0 0 2px rgba(0, 0, 0, 0.2),
0 1px 1px rgba(0, 0, 0, .2),
0 3px 0 #fff,
0 4px 0 rgba(0, 0, 0, .2),
0 6px 0 #fff,
0 7px 0 rgba(0, 0, 0, .2);
-moz-box-shadow:
0 0 2px rgba(0, 0, 0, 0.2),
1px 1px 0 rgba(0, 0, 0, .1),
3px 3px 0 rgba(255, 255, 255, 1),
4px 4px 0 rgba(0, 0, 0, .1),
6px 6px 0 rgba(255, 255, 255, 1),
7px 7px 0 rgba(0, 0, 0, .1);
box-shadow:
0 0 2px rgba(0, 0, 0, 0.2),
0 1px 1px rgba(0, 0, 0, .2),
0 3px 0 #fff,
0 4px 0 rgba(0, 0, 0, .2),
0 6px 0 #fff,
0 7px 0 rgba(0, 0, 0, .2);
}
#login:before
{
content: '';
position: absolute;
z-index: -1;
border: 1px dashed #ccc;
top: 5px;
bottom: 5px;
left: 5px;
right: 5px;
-moz-box-shadow: 0 0 0 1px #fff;
-webkit-box-shadow: 0 0 0 1px #fff;
box-shadow: 0 0 0 1px #fff;
}
/*--------------------*/
h1
{
text-shadow: 0 1px 0 rgba(255, 255, 255, .7), 0px 2px 0 rgba(0, 0, 0, .5);
text-transform: uppercase;
text-align: center;
color: #666;
margin: 0 0 30px 0;
letter-spacing: 4px;
font: normal 26px/1 Verdana, Helvetica;
position: relative;
}
h1:after, h1:before
{
background-color: #777;
content: "";
height: 1px;
position: absolute;
top: 15px;
width: 120px;
}
h1:after
{
background-image: -webkit-gradient(linear, left top, right top, from(#777), to(#fff));
background-image: -webkit-linear-gradient(left, #777, #fff);
background-image: -moz-linear-gradient(left, #777, #fff);
background-image: -ms-linear-gradient(left, #777, #fff);
background-image: -o-linear-gradient(left, #777, #fff);
background-image: linear-gradient(left, #777, #fff);
right: 0;
}
h1:before
{
background-image: -webkit-gradient(linear, right top, left top, from(#777), to(#fff));
background-image: -webkit-linear-gradient(right, #777, #fff);
background-image: -moz-linear-gradient(right, #777, #fff);
background-image: -ms-linear-gradient(right, #777, #fff);
background-image: -o-linear-gradient(right, #777, #fff);
background-image: linear-gradient(right, #777, #fff);
left: 0;
}
/*--------------------*/
fieldset
{
border: 0;
padding: 0;
margin: 0;
}
/*--------------------*/
#inputs input
{
background: #f1f1f1 url(http://www.red-team-design.com/wp-content/uploads/2011/09/login-sprite.png) no-repeat;
padding: 15px 15px 15px 30px;
margin: 0 0 10px 0;
width: 353px; /* 353 + 2 + 45 = 400 */
border: 1px solid #ccc;
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
border-radius: 5px;
-moz-box-shadow: 0 1px 1px #ccc inset, 0 1px 0 #fff;
-webkit-box-shadow: 0 1px 1px #ccc inset, 0 1px 0 #fff;
box-shadow: 0 1px 1px #ccc inset, 0 1px 0 #fff;
}
#username
{
background-position: 5px -2px !important;
}
#password
{
background-position: 5px -52px !important;
}
#inputs input:focus
{
background-color: #fff;
border-color: #e8c291;
outline: none;
-moz-box-shadow: 0 0 0 1px #e8c291 inset;
-webkit-box-shadow: 0 0 0 1px #e8c291 inset;
box-shadow: 0 0 0 1px #e8c291 inset;
}
/*--------------------*/
#actions
{
margin: 25px 0 0 0;
}
#submit
{
background-color: #ffb94b;
background-image: -webkit-gradient(linear, left top, left bottom, from(#fddb6f), to(#ffb94b));
background-image: -webkit-linear-gradient(top, #fddb6f, #ffb94b);
background-image: -moz-linear-gradient(top, #fddb6f, #ffb94b);
background-image: -ms-linear-gradient(top, #fddb6f, #ffb94b);
background-image: -o-linear-gradient(top, #fddb6f, #ffb94b);
background-image: linear-gradient(top, #fddb6f, #ffb94b);
-moz-border-radius: 3px;
-webkit-border-radius: 3px;
border-radius: 3px;
text-shadow: 0 1px 0 rgba(255,255,255,0.5);
-moz-box-shadow: 0 0 1px rgba(0, 0, 0, 0.3), 0 1px 0 rgba(255, 255, 255, 0.3) inset;
-webkit-box-shadow: 0 0 1px rgba(0, 0, 0, 0.3), 0 1px 0 rgba(255, 255, 255, 0.3) inset;
box-shadow: 0 0 1px rgba(0, 0, 0, 0.3), 0 1px 0 rgba(255, 255, 255, 0.3) inset;
border-width: 1px;
border-style: solid;
border-color: #d69e31 #e3a037 #d5982d #e3a037;
float: left;
height: 35px;
padding: 0;
width: 120px;
cursor: pointer;
font: bold 15px Arial, Helvetica;
color: #8f5a0a;
}
#submit:hover,#submit:focus
{
background-color: #fddb6f;
background-image: -webkit-gradient(linear, left top, left bottom, from(#ffb94b), to(#fddb6f));
background-image: -webkit-linear-gradient(top, #ffb94b, #fddb6f);
background-image: -moz-linear-gradient(top, #ffb94b, #fddb6f);
background-image: -ms-linear-gradient(top, #ffb94b, #fddb6f);
background-image: -o-linear-gradient(top, #ffb94b, #fddb6f);
background-image: linear-gradient(top, #ffb94b, #fddb6f);
}
#submit:active
{
outline: none;
-moz-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.5) inset;
-webkit-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.5) inset;
box-shadow: 0 1px 4px rgba(0, 0, 0, 0.5) inset;
}
#submit::-moz-focus-inner
{
border: none;
}
#actions a
{
color: #3151A2;
float: right;
line-height: 35px;
margin-left: 10px;
}
/*--------------------*/
#back
{
display: block;
text-align: center;
position: relative;
top: 60px;
color: #999;
}
</style>
</head>
<body>
<form action="<?php echo $login; ?>" class="input" method="post" id="login">
<h1>EPCI Pharma Login</h1>
<fieldset id="inputs">
<input id="Name" name="name" type="text" placeholder="Name" autofocus required>
<input id="Password" name="password" type="password" placeholder="Password" required>
</fieldset>
<fieldset id="actions">
<input type="submit" id="submit" value="Log in">
<a href="">Forgot your password?</a><a href="">Register</a>
</fieldset>
<a href="#" id="back">Back to article...</a>
</form>
</body>
</html>
这里是login_process.php
<?php
session_start();
$host="localhost"; // Host name
$username="ebarea_epic"; // Mysql username
$password="..."; // Mysql password
$db_name="ebarea_epic"; // Database name
$tbl_name="medicalrep"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$name=$_POST['name'];
$password=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$name = stripslashes($name);
$password = stripslashes($password);
$job_title= stripslashes ($job_title);
$name = mysql_real_escape_string($name);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE name='$name' and password='$password'";
$result=mysql_query($sql);
$num_results = mysql_num_rows($result);
$array = mysql_fetch_array($result);
$_SESSION['name']=$array['name'];
$_SESSION['password']=$array['password'];
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
$_SESSION['name']=$_POST['name'];
$_SESSION['password']=$_POST['password'];
if ($array['job_title']=="user")
{ header ("location: userpage.php"); }
else if ($array['job_title']=="admin")
{ header ("location: adminpage.php"); }
}
else if ($name=="ahmedkamal8989@Epci" && $password=="epcisurvey2012@ahmed")
{ header ("location: adminpage.php"); }
else {
echo "Wrong user or password";
}
?>
如果用户和密码错误,则会显示“用户和密码错误”,再次刷新登录表单,会将我重定向到login_process.php,并显示“用户或密码错误”
我试图将echo更改为标题和登录表单的位置,但它导致了重定向循环
现在出现了什么问题!
答案 0 :(得分:2)
你应该是redirecting after every form post。
在这种情况下,在login_process.php中,您应该设置会话变量,而不是回显“密码错误”:
$_SESSION['message'] = "Wrong password";
然后将它们重定向回登录页面,如下所示:
header("Location:/login.php", TRUE, 303);
在您的login.php页面上,您应该有以下内容:
<?php echo $_SESSION['message']; unset($_SESSION['message']); ?>
答案 1 :(得分:1)
让我先从PHP文件中的重要内容开始
// username and password sent from form
$name=$_POST['name']; //Save the post in $name
$password=$_POST['password']; //Save the post in $password
$sql="SELECT * FROM $tbl_name WHERE name='$name' and password='$password'";
$result=mysql_query($sql);
$num_results = mysql_num_rows($result);
$array = mysql_fetch_array($result);
$_SESSION['name']=$array['name']; //OK you save the name in SESSION without knowing if the user has submitted the right login information
$_SESSION['password']=$array['password']; //OK you save the password in SESSION without knowing if the user has submitted the right login information
// Mysql_num_row is counting table row
$count=mysql_num_rows($result); //count always has to be 1 else failed login information
if($count==1){
$_SESSION['name']=$_POST['name']; //WHAT!?! override the SESSION with the post? without escaping?
$_SESSION['password']=$_POST['password']; //Same here!?!?!
//Now you decide the job_title
if ($array['job_title']=="user")
{ header ("location: userpage.php"); }
else if ($array['job_title']=="admin")
{ header ("location: adminpage.php"); }
}
else if ($name=="ahmedkamal8989@Epci" && $password=="epcisurvey2012@ahmed")
{ header ("location: adminpage.php"); }
else {
echo "Wrong user or password";
}
?>
所以我就像这样编写了上面的代码
<?php
session_start();
$host="localhost"; // Host name
$username="ebarea_epic"; // Mysql username
$password="..."; // Mysql password
$db_name="ebarea_epic"; // Database name
$tbl_name="medicalrep"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$name=mysql_real_escape_string($_POST['name']);
$password=mysql_real_escape_string($_POST['password']);
$sql="SELECT `job_title` FROM $tbl_name WHERE name='$name' and password='$password' LIMIT 1";
$result = mysql_query($sql);
$num_results = mysql_num_rows($result);
if($num_results ==1)
{
$_SESSION['name']=$name;
$_SESSION['password']=$password;
$_SESSION['job_title']=$result[0];
switch($result[0])
{
case 'user':
$direct = 'userpage';
break;
case 'admin':
$direct = 'adminpage';
break;
default:
if ($name=="ahmedkamal8989@Epci" && $password=="epcisurvey2012@ahmed")
{
$direct = 'adminpage';
}
else
{
echo 'Wrong user or password';
die();
}
break;
}
header('location: '.$direct.'.php');
die();
?>
我没有测试过这个,但我希望你能自己修复bug;)