如果我输入直接网址和会话过期,页面重定向

时间:2013-06-06 06:24:23

标签: php javascript mysql

我正在创建一个受密码保护的网页。 一切都运作良好但我的问题是每当用户从我的网页复制网址并粘贴另一个浏览器然后该页面显示相同的数据(我有一些网页,所有页面显示相关数据)。那不是我想要的。我希望它会再次自动进入登录页面。我需要相同的会话过期脚本 我的代码如下所示。

<?php



$host = ""; // Your host address to your     database on your server. Usually "localhost". Check with your hosting provider
$user = ""; // Your username you set up for this database on your server
$pass = ""; // Your password you set up for this database on your server
$db = ""; // The database name that you will be connecting to

// Connecting to the MySQL database
mysql_connect($host, $user, $pass);
mysql_select_db($db);


if (isset($_POST['username'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    // Query to check to see if the username and password supplied match the database records
    $sql = "SELECT * FROM users WHERE username='".$username."' AND     password='".$password."' LIMIT 1";
    $res = mysql_query($sql);
    // If login information is correct
    if (mysql_num_rows($res) == 1) 
    {
    header('Location: done.php');

}
    // If login information is invalid
    else {
    header('Location: error.php');

}
}

?>

谢谢!

5 个答案:

答案 0 :(得分:1)

你需要使用[Session] [1]。这里有一个例子。

用户输入登录凭据后不久

    if (valid credentials given) 
    {
      session_start();
      $_SESSION['data'] = "some data";

    }

然后在每个页面中你需要使用这两个语句。

session_start();
if($_SESSION['data'] is set and valid) {
   // go to the page
}
else {
   // go to login page
}

我建议您通过good tutorial了解如何使用会话。

答案 1 :(得分:0)

您需要检查页面开头的可用会话数据

<?PHP
session_start();

if (!$_SESSION['is_logged_in'] || $_SESSION['expires'] < time() ){
    header('Location: login.php');
    session_unset();
    session_destroy();
    exit;
}
else $_SESSION['expires'] = time() + 3600; //refresh the lifetime

然后在登录时你会看到这些变量:

<?PHP
//Never sent unchecked data to mysql server
//creating md5 hashed to prevent from mysql injections
$username = md5(strtolower($_POST['username']));
$password = md5($_POST['password']);

$query = 'SELECT * FROM users WHERE MD5(LOWER(username)) = "'. $username .'" AND MD5(password) = "' . $password . '"';
 [...]
 if (mysql_num_rows($res) === 1){
     $_SESSION['is_logged_in'] = true;
     $_SESSION['expires'] = time() + 3600;   // 3600 seconds session lifetime
 }

答案 2 :(得分:0)

试试这个:

<?php
$host = ""; // Your host address to your     database on your server. Usually "localhost". Check with your hosting provider
$user = ""; // Your username you set up for this database on your server
$pass = ""; // Your password you set up for this database on your server
$db   = ""; // The database name that you will be connecting to
// Connecting to the MySQL database
mysql_connect($host, $user, $pass);
mysql_select_db($db);
if (isset($_POST['username'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    // Query to check to see if the username and password supplied match the database records
    $sql      = "SELECT * FROM users WHERE username='" . $username . "' AND     password='" . $password . "' LIMIT 1";
    $res      = mysql_query($sql);
    // If login information is correct
    if (mysql_num_rows($res) == 1) {
        // if user is valid then start session
        if (session_id() == '') {
            // session isn't started
            session_start();
            $_SESSION['user'] = true;
        }
        header('Location: done.php');
        die();
    }
    // If login information is invalid
    else {
        header('Location: error.php');
        die();
    }
}
// done.php
if (session_id() == '') {
    // session isn't started
    session_start();
    if ($_SESSION['user']) {
        // valid code
    } else {
        // redirect on login page
        header('Location: login.php');
        die();
    }
}
?>

答案 3 :(得分:0)

以下是在会话中存储登录信息的完整登录系统的示例。试试这个!

登录页面 

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>

登录检查脚本 

<?php

$host="localhost"; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

成功页面 

<?php
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>

<html>
<body>
Login Successful
</body>
</html>

退出脚本 

<?php 
session_start();
session_destroy();
?>

答案 4 :(得分:0)

每个需要登录用户的页面都必须单独检查用户是否具有足够的权限(已经登录)。如果他没有足够的权限,则将其重定向到登录页面。

secretPage.php 

session_start();

// is user not yet logged-in?
if (!isset($_SESSION['userid']))
{
  // remember the requested url
  $_SESSION['loginTarget'] = $_SERVER['PHP_SELF'];

  // redirect to the login page
  header('Location: login.php', true, 303);
  exit;
}
else
{
  // already logged in
  echo 'hello user';
}

的login.php 

session_start();

// user submitted the login input?
if ($_SERVER['REQUEST_METHOD'] === 'POST')
{
  ...
  // after checking username and login
  if ($usernameAndPasswordAreCorrect)
  {
    // remember the logged-in user
    $_SESSION['userid'] = $userId;

    // redirect to the target page
    header('Location: ' . $_SESSION['loginTarget'], true, 303);
    exit;
  }
}
...

此脚本只是解释工作流程的一个示例,而不是一个有效的解决方案,它应该让您入门。还有很多其他事情要做,例如使用慢速密钥派生函数(BCrypt)散列密码,输入验证,防止SQL注入,设置deault登录目标......

相关问题
最新问题