所以我在将输入的用户名存入我的网站并保持自己登录该网站时遇到问题。我可以登录(我看到这是因为“你已登录”消息。但是第二次我点击链接转到members.php页面,它返回回显“你还没有登录。”。 为什么没有将$ username值添加到SESSION?
以下是我的4个代码。我有第五个以及我的所有MySQL信息,我不想分享,但是,我的用户名是通过MySQL确认的,因为我收到了第一次登录验证。是的,我在YouTube上关注了一个教程。
的index.php
<html>
<form action='login.php' method='POST'>
Username: <input type='username' name='username'><br>
Password: <input type='password' name='password'><br>
<input type='submit' name='button' value='Login'>
</form>
</html>
的login.php
<?php
session_start();
$password = $_POST['password'];
$username = $_POST['username'];
include ("connect.php");
if ($username && $password)
{
// info is provided
$queryget = mysql_query("SELECT * FROM login WHERE username='$username' AND password ='$password' ");
$numrows = mysql_num_rows($queryget);
if ($numrows != 0)
{
$_SESSION['username'] = $username;
echo "You have been logged in. <a href='members.php'>Go to the members page</a>";
}
else echo "This password is wrong";
include ("index.php");
}
else
{
echo "Wrong password, try again!";
include ("index.php");
}
?>
members.php
<?php
session_start();
$username = $_SESSION['username'];
if ($username)
{
echo "Welcome $username | <a href='logout.php>Logout</a>'";
}
else
{
echo "You are not logged in.";
include ("index.php");
}
?>
logout.php
<?php
session_start();
$username = $_SESSION['username'];
session_destroy();
echo "You have been logged out.";
?>
答案 0 :(得分:0)
查看代码后,SQL查询可能会出错。 您正在执行以下操作来检查用户:
if($numrows!=0)...
但是,如果mysql_query或mysql_num_rows返回false(如果有错误),那么这也会对用户进行身份验证。
在login.php中尝试以下代码,看看会发生什么。
error_reporting(E_ALL);
ini_set('display_errors', '1');
session_start();
include ("connect.php");
$password = $_POST['password'];
$username = $_POST['username'];
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
if ($username!='' && $password!='')
{
// info is provided
$queryget = mysql_query("SELECT * FROM login WHERE username='$username' AND password ='$password' ") or die(mysql_error());
if(!$queryget){ echo 'An error occured: ' . mysql_error(); exit; }
$numrows = mysql_num_rows($queryget);
if ($numrows > 0)
{
$_SESSION['username'] = $username;
echo "You have been logged in. <a href='members.php'>Go to the members page</a>";
exit;
} else {
echo "The username or password is wrong";
include ("index.php");
exit;
}
} else if($username=='') {
echo "You need to specify a username, try again!";
include ("index.php");
exit;
} else if($password=='') {
echo "You need to specify a password, try again!";
include("index.php");
exit;
}
答案 1 :(得分:-1)
login.php:
<?php
session_start();
$password = $_POST['password'];
$username = $_POST['username'];
include ("connect.php");
if ($username && $password)
{
// info is provided
$queryget = mysql_query("SELECT * FROM login WHERE username='$username' AND password ='$password' ");
$numrows = mysql_num_rows($queryget);
$row=mysql_fetch_array($queryget);
if ($numrows != 0)
{
$_SESSION['username'] = $row['username'];
$_SESSION['logged'] = 1;
echo "You have been logged in. <a href='members.php'>Go to the members page</a>";
}
else
{
$_SESSION['logged'] = 0;
echo "This password is wrong";
include ("index.php");}
}
else
{
echo "Wrong password, try again!";
include ("index.php");
}
?>
member.php:
<?php
session_start();
if($_SESSION['logged'])
{
echo "Welcome $_SESSION['username'] | <a href='logout.php>Logout</a>'";
}
否则 { echo“你还没有登录。”; include(“index.php”);
}
?>