我设置了login.php
,这样只要登录成功,它就会自动转到profile.php
。但是,即使登录 成功,每当我转到profile.php
时,它仍然会说"您必须登录才能访问此页面"。为什么呢?
这是我的login.php
:
$email = $_POST['email-field'];
$password = $_POST['password-field'];
if ($email && $password)
{
$connect = mysql_connect("xx", "xx", "xx") or die("Couldnt connect!");
mysql_select_db(xx) or die("Couldnt find db");
$query = mysql_query("SELECT * FROM users WHERE email = '$email'");
$numrows = mysql_num_rows($query);
if ($numrows != 0)
{
while ($row = mysql_fetch_assoc($query))
{
$email = $row['email'];
$md5password = $row['password'];
}
if ($email == $email && $md5password == md5($password))
{
header("Location: profile.php");
$_SESSION['email']==$email;
}
else
echo "Incorrect password";
}
else
die("That user doessnt exist!");
}
else
die("Please enter a username and a password");
我的profile.php
:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<?php
include('get-info.php');
session_start();
if ($_SESSION['email'])
echo "<a href=logout.php>Logout</a>";
else
die("You must be logged in to access this page");
?>
<html>
<head>
<title>
R-A | Profile
</title>
<link href='css.css' rel='stylesheet' type='text/css' />
</head>
<body class='body3' >
<div class='logo-bar'>
<div class='menu'>
<img src='images/rateaway.png' class='logo-bar-img' />
<div class='menu-options'>
<a href='index.php' class='menu-links' >Home</a>
<a href='profile.php' class='menu-links' >Profile</a>
<a href='profile.php' class='menu-links' >Friends</a>
</div>
</div>
</div>
<div class='profile-main-content' >
<div class='profile-current-info'>
<p class='profile-name'> <?php get_info('iran_mateu@yahoo.com', 'name'); ?> </p>
<img src='<?php get_info('iran_mateu@yahoo.com', 'profilepic'); ?>' class='profile-pic'/>
<p class='profile-dob' > Born: <?php get_info('iran_mateu@yahoo.com', 'dob'); ?> </p>
<p class='profile-country' > Currently lives in: <?php get_info('iran_mateu@yahoo.com', 'country'); ?> </p>
<p class='profile-gender' > Gender: <?php get_info('iran_mateu@yahoo.com', 'gender'); ?> </p>
</div>
<div class='profile-edit-info' >
</div>
</div>
</body>
答案 0 :(得分:1)
你忘了开课。在每个要使用会话的页面上,您必须致电:
session_start();
另外,请确保在输出任何内容之前执行此操作,否则无效。
答案 1 :(得分:1)
成功登录后,您没有写入会话。考虑这一部分:
if ($email==$email&&$md5password==md5($password))
{
header("Location: profile.php");
$_SESSION['email']==$email;
}
您应该使用=
代替==
。由于您不是,因此 <{1}}分配给$email
。你没有分配任何东西,只是进行比较(并丢弃其返回值)。所以它应该是:
$_SESSION['email']
此外,你应该将$_SESSION['email'] = $email;
添加到login.php的顶部,正如minitech在他的回答中建议的那样。
答案 2 :(得分:0)
此外,除非您有一个可靠的验证,在您的注册页面上不允许多个电子邮件进入您的数据库,否则您的查询应该是:
mysql_query("SELECT * FROM users WHERE email = '$email' LIMIT 1");
这将确保只检索一条记录(理论上应始终如此) - 但如果有多条记录设法被检索,则会破坏您的代码。
最后($ email == $ email ...嗯,不确定你是否正确,因为这基本上是正确的,因为你基本上只是检查它等于它自己(它总是会),我想你有很困惑,因为你实际上已经覆盖了你从$ _POST获得的$ email变量,你的数据来自db。所以你应该修改你的代码:
while ($row = mysql_fetch_assoc($query))
{
$db_email = $row['email'];
$md5password = $row['password'];
}
if ( $email == $db_email && $md5password == md5($password) )
{
// assign variables / do things BEFORE redirecting as there is a risk that
// your session data may not get written in some circumstances
$_SESSION['email'] = $email;
header("Location: profile.php");
// always good habit to make sure nothing else is done after the redirection
die();
}
修改强>
还有一个提示:
:此:强>
$email = $_POST['email-field'];
$password = $_POST['password-field'];
if ($email && $password)
{
会更好:
session_start();
if ( isset($_POST['email-field']) && isset($_POST['email-field']) )
{
$email = $_POST['email-field'];
$password = $_POST['password-field'];
// add some validation to your $email and $password variables
如果您的$ _POST变量实际上没有像你原来的代码一样设置你使用$ _POST变量就好像它们已经设置(它们可能不是这样),上面将有助于避免通知 - 再次只是好习惯。
答案 3 :(得分:0)
需要此功能说明,
if($ email == $ email&amp;&amp; $ md5password == md5($ password)) { 标题(&#34;位置:profile.php&#34;); $ _SESSION [&#39;电子邮件&#39;] == $电子邮件; }
通过:Gaya Rambut