我正在尝试使用脚本更新我的登录脚本,但是当我登录时,它会将我重定向到索引页面,请您帮忙看看。 这是登录脚本
<?php
include 'core/init.php';
logged_in_redirect();
if (empty($_POST) === false) {
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) === true || empty($password) === true) {
$errors[] = 'You need to enter a username and password';
} else if (user_exists($username) === false) {
$errors[] = 'We can\'t find that username. Have you registered?';
} else if (user_active($username) === false) {
$errors[] = 'You haven\'t activated your account!';
} else {
if (strlen($password) > 32) {
$errors[] = 'Password too long';
}
$login = login($username, $password);
if ($login === false) {
$errors[] = 'That username/password combination is incorrect';
} else {
$_SESSION['user_id'] = $login;
header('Location: index.php');
exit();
}
}
} else {
$errors[] = 'No data received';
}
include 'include/header.php';
if (empty($errors) === false) {
?>
<h2>We tried to log you in, but...</h2>
<?php
echo output_errors($errors);
}
include 'include/footer.php';
?>
这是我的索引页
<?php include("core/init.php");?>
<?php include("include/header.php");?>
<.....body>
<?php include("include/footer.php");?>
这是我的初始文件
<?php
session_start();
//error_reporting(0);
require 'database/connect.php';
require 'functions/general.php';
require 'functions/users.php';
$current_file = explode('/', $_SERVER['SCRIPT_NAME']);
$current_file = end($current_file);
if (logged_in() === true) {
$session_user_id = $_SESSION['user_id'];
$user_data = user_data($session_user_id, 'user_id', 'username', 'password', 'first_name', 'last_name', 'email', 'password_recover', 'type', 'allow_email', 'houseno', 'addressa', 'addressb', 'addressc', 'county', 'state', 'country');
if (user_active($user_data['username']) === false) {
session_destroy();
header('Location: index.php');
exit();
}
if ($current_file !== 'changepassword.php' && $user_data['password_recover'] == 1) {
header('Location: changepassword.php?force');
exit();
}
}
$errors = array();
?>
和我的标题脚本
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<?php include("include/head.php");?>
<body>
<div id="outer">
<div id="page">
<div id="header">
<!--<div id="adban" style="position: absolute; left: 50%; margin-left: -150px;">
<span style="left;"><a href="reregister.php">Click here to Register now and place your orders</a></span>
</div>-->
<div id="hlogo">
<!--<span style="float:right;"><img src="img/relogo2.jpg" class="logoImage" width="96" height="96"/></span>-->
<span style="float:right;margin:2px 2px 0 0;"><img src="img/relogo1.jpg" class="logoImage" width="96" height="96"/></span>
</div>
<span style="font-size:small;text-shadow: 10px 10px 1px grey;"><h1>Reacheasy<span style="font-size:small;"><?php if(isset($_SESSION['username'])){ echo $_SESSION['username'];}?></span></h1></span>
<!--<span style="float:left;"><img src="img/rewordlogo.jpg"/></span>-->
<ul id="nav">
<navigation........>
</ul>
</div> <!--end of navigation div -->
</div>
<div id="navigation">
<?php
if(isset($_SESSION['username']))
{ ?>
<?php include("include/menu.php");?>
<?php }else{
?>
<?php include("include/aside.php");?>
<?php
}
?>
这是功能的页面
<?php
function mail_users($subject, $body) {
$query = mysql_query("SELECT `email`, `first_name` FROM `reusers` WHERE `allow_email` = 1");
while (($row = mysql_fetch_assoc($query)) !== false) {
email($row['email'], $subject, "Hello " . $row['first_name'] . ",\n\n" . $body);
}
}
function has_access($user_id, $type) {
$user_id = (int)$user_id;
$type = (int)$type;
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `reusers` WHERE `user_id` = $user_id AND `type` = $type"), 0) == 1) ? true : false;
}
function recover($mode, $email) {
$mode = sanitize($mode);
$email = sanitize($email);
$user_data = user_data(user_id_from_email($email), 'user_id', 'first_name', 'username');
if ($mode == 'username') {
email($email, 'Your username', "Hello " . $user_data['first_name'] . ",\n\nYour username is: " . $user_data['username'] . "\n\n-phpacademy");
} else if ($mode == 'password') {
$generated_password = substr(md5(rand(999, 999999)), 0, 8);
change_password($user_data['user_id'], $generated_password);
update_user($user_data['user_id'], array('password_recover' => '1'));
email($email, 'Your password recovery', "Hello " . $user_data['first_name'] . ",\n\nYour new password is: " . $generated_password . "\n\n-phpacademy");
}
}
function update_user($user_id, $update_data) {
$update = array();
array_walk($update_data, 'array_sanitize');
foreach($update_data as $field=>$data) {
$update[] = '`' . $field . '` = \'' . $data . '\'';
}
mysql_query("UPDATE `reusers` SET " . implode(', ', $update) . " WHERE `user_id` = $user_id");
}
function activate($email, $email_code) {
$email = mysql_real_escape_string($email);
$email_code = mysql_real_escape_string($email_code);
if (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `reusers` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `active` = 0"), 0) == 1) {
mysql_query("UPDATE `reusers` SET `active` = 1 WHERE `email` = '$email'");
return true;
} else {
return false;
}
}
function change_password($user_id, $password) {
$user_id = (int)$user_id;
$password = md5($password);
mysql_query("UPDATE `reusers` SET `password` = '$password', `password_recover` = 0 WHERE `user_id` = $user_id");
}
function register_user($register_data) {
array_walk($register_data, 'array_sanitize');
$register_data['password'] = md5($register_data['password']);
$fields = '`' . implode('`, `', array_keys($register_data)) . '`';
$data = '\'' . implode('\', \'', $register_data) . '\'';
mysql_query("INSERT INTO `reusers` ($fields) VALUES ($data)");
email($register_data['email'], 'Activate your account', "Hello " . $register_data['first_name'] . ",\n\nYou need to activate your account, so use the link below:\n\nhttp://localhost/lr/activate.php?email=" . $register_data['email'] . "&email_code=" . $register_data['email_code'] . "\n\n - phpacademy");
}
function user_count() {
return mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `reusers` WHERE `active` = 1"), 0);
}
function user_data($user_id) {
$data = array();
$user_id = (int)$user_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1) {
unset($func_get_args[0]);
$fields = '`' . implode('`, `', $func_get_args) . '`';
$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `reusers` WHERE `user_id` = $user_id"));
return $data;
}
}
function logged_in() {
return (isset($_SESSION['user_id'])) ? true : false;
}
function user_exists($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `reusers` WHERE `username` = '$username'"), 0) == 1) ? true : false;
}
function email_exists($email) {
$email = sanitize($email);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `reusers` WHERE `email` = '$email'"), 0) == 1) ? true : false;
}
function user_active($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `reusers` WHERE `username` = '$username' AND `active` = 1"), 0) == 1) ? true : false;
}
function user_id_from_username($username) {
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `user_id` FROM `reusers` WHERE `username` = '$username'"), 0, 'user_id');
}
function user_id_from_email($email) {
$email = sanitize($email);
return mysql_result(mysql_query("SELECT `user_id` FROM `reusers` WHERE `email` = '$email'"), 0, 'user_id');
}
function login($username, $password) {
$user_id = user_id_from_username($username);
$username = sanitize($username);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `reusers` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $user_id : false;
}
?>