安全地将可变数据传递给不同的php文件

时间:2013-06-02 06:34:09

标签: php sql odbc

我正在尝试在我的用户登录之后创建一个仪表板,但是我希望它在另一个页面上。但我担心通过url传递数据可能没有必要,因为它可以手动更改。我想将$username传递给我的dash.php文件。这是我的代码:

的login.php 

<?php
session_start();
//Insert Connection String
require_once 'config.php';
if(!$_SESSION['username']){
if (!isset($_POST['submit'])) {
    echo'<form action="login.php?logged=yes" method="post">';
    echo'<label> Username</label>';
    echo'<input type="text" name="username"/>';
    echo'<label> Passowrd</label>';
    echo'<input type="password" name="password"/>';
    echo'<input type="submit" name="submit" value="Login!"/>';
    echo'</form>';
} else {


    //handle some errors
    //If both fields are empty
    if(!$_POST['username'] && !$_POST['password']) {
        echo"Try to login without entering any info, genius.";
    }
    else {
        //check if the username exists
        if(!empty($_POST['username'])) {
            //check if the password exists
            if(!empty($_POST['password'])) {
                //Put unencrypted username variable
               $username = $_POST['username'];
                //Encrypt the values
                $xusername = md5($_POST['username']);
                $xpassword = md5($_POST['password']);
                //Check if they exist in the database
                $query = odbc_exec($conn, "SELECT * FROM xmember WHERE    username='$xusername' AND password='$xpassword'");
                $user_rows = 0;
                while ($row = odbc_fetch_array($query)) {
                    $user_rows++;
                }
                odbc_free_result($query);
                if($user_rows == 1) {
                    echo 'Welcome, '.$_POST['username'];
                    $_SESSION['username'] = $_POST['username'];
                    echo "<meta http-equiv='refresh' content='3;url=dash.php'>";

                }
                else {echo"Sorry, your account information is invalid.";}
            }
            else {echo"Please put your password";}
        }
        else {echo"Please put your username";}

    }   


}
else {echo"what are you doing here?";}
?>

的config.php 

<?php
/*
Le Change Nickname PHP v1.0 made by Thor KK Klein LOL
CONFIG section
*/
//Set Network Config
$odbc_dsn = "mydb";
$odbc_user = "sa";
$odbc_password = "wh@tTh3!?";

$conn = odbc_connect($odbc_dsn, $odbc_user, $odbc_password);
if(!$conn) {die('Failed to connect to the database!');}


?>

dash.php 

<?php
session_start();
require_once 'login.php';//load connection settings and get info

if(!$_SESSION['username']){
    echo"Are you kidding me?";
}else {
    //Display The Dashboard

    //Get user's typical information

    //Get user's table row array
    echo"Welcome, ".$username;
}
?>

我尝试将login.php一次性登录到我的dash.php以获取数据..但它似乎不起作用。

1 个答案:

答案 0 :(得分:1)

Sinde您将用户名存储在会话变量中,您可以从任何文件usibg $_SESSION["username"]访问它。如果未设置密钥,您可以将用户重定向到登录页面 您的'dash.php'文件可以像这样修改:

<?php
require_once("config.php");
session_start();

if(!isSet($_SESSION["username"])) {
    // Redirect user to login page
    header("Location: login.php");
    exit();
}else {
    //Display The Dashboard
    //Get user's typical information
    //Get user's table row array

    echo("Welcome, " . $_SESSION["username"]);
}
?>
相关问题
最新问题