检查PHP会话 - 问题($ SESSION - 不工作

时间:2012-11-23 17:07:15

标签: php session login

这是在我的页面中,它应该检查用户是否已登录 http://carbonyzed.co.uk/Websites/Jason/sites/2/test/login_success.php

但任何人都可以评估它,而不仅仅是那些登录

的人
<?php
session_start();
if( isset($_SESSION["myusername"]) ){
header("location:main_login.html");
}
?>

我试过了

if(isset($ _ SESSION [“myusername”])){

if(isset($ _ SESSION [$ myusername])){

登录代码可能还没有创建会话?

<?php

ob_start();
$host="ClubEvents.db.9606426.hostedresource.com"; // Host name 
$username="ClubEventsRead"; // Mysql username 
$password="Pa55word!"; // Mysql password 
    $db_name="ClubEvents"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
    $myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>

3 个答案:

答案 0 :(得分:7)

将NOT运算符!添加到if语句中。另外,请不要忘记在标题后添加exit()location标头告诉浏览器重定向,但攻击者可以查看您的页面并忽略location标头,从而绕过您的身份验证系统,因为您的PHP代码将继续执行。

if( !isset($_SESSION["myusername"]) ){
    header("location:main_login.html");
    exit();
}

此外,您没有在发布的登录代码中调用session_start(),因此无法访问会话。

答案 1 :(得分:5)

<?php

session_start();
if (!isset($_SESSION['myusername']))
{
    header('Location: main_login.html');
}

?>

你需要否定支票。

答案 2 :(得分:3)

您也可以使用:

<?php

session_start();
if (empty($_SESSION['myusername'])) {
    header('Location: main_login.html');
}

?>