我有个问题。当我登录时,它做得很好。它表示你以$ username = admin登录...但是当我刷新登录页面时,它不再说了。它给了我回登录和密码字段,所以我可以重新登录。我猜测会话没有设置,但我似乎无法找到问题。它甚至说我的密码不正确,但仍然告诉我你以管理员身份登录,这是我的用户名谢谢
<?php
session_start();
include("connect.php");
if ($_POST['submit']){
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
if($username){
if($password){
$password = md5(md5("KmsdufIFNKSnefndbdo19228330293".$password."JSDSHBFJS8S8ds8sd8s8d"));
$query = mysql_query("SELECT * FROM user WHERE username='$username'");
$num_rows = mysql_num_rows($query);
if ($num_rows == 1){
$row = mysql_fetch_assoc($query);
$db_username = $row['username'];
$db_password = $row['password'];
if ($password == $db_password){
$username =$_SESSION['username'];
}else
echo "Your password is incorrect";
}else{
echo "Username not Found";
}
}
}else
echo "Futeni emrin e llogarise.";
}
?>
<html>
<head>
</head>
<body>
<?php
if ($username){
echo "You are logged in as, ".$username."!. <a href='logout.php'>LogOut</a> ";
}else{
echo "
<form action='login.php' method='post'>
Username: <input type='text' name='username' id='user'/>
<br/>
Password: <input type='password' name='password' id='pass'/>
<br/>
<input type='submit' name='submit' value='Submit'/>
</form>
";
}
?>
</body>
</html>
答案 0 :(得分:2)
$ username的值在if ($_POST['submit']){内设置,因此,当您刷新登录页面时,它不会再说了。您应该将$username设置为会话
<?php
session_start();
include("connect.php");
if ($_POST['submit']){
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
if($username){
if($password){
$password = md5(md5("KmsdufIFNKSnefndbdo19228330293".$password."JSDSHBFJS8S8ds8sd8s8d"));
$query = mysql_query("SELECT * FROM user WHERE username='$username'");
$num_rows = mysql_num_rows($query);
if ($num_rows == 1){
$row = mysql_fetch_assoc($query);
$db_username = $row['username'];
$db_password = $row['password'];
if ($password == $db_password){
$_SESSION['username']= $username;
}else
echo "Your password is incorrect";
}else{
echo "Username not Found";
}
}
}else
echo "Futeni emrin e llogarise.";
}
?>
<html>
<head>
</head>
<body>
<?php
if ( isset($_SESSION['username']) && $_SESSION['username'] != '' ){
$username = $_SESSION['username'];
echo "You are logged in as, ".$username."!. <a href='logout.php'>LogOut</a> ";
}else{
echo "
<form action='login.php' method='post'>
Username: <input type='text' name='username' id='user'/>
<br/>
Password: <input type='password' name='password' id='pass'/>
<br/>
<input type='submit' name='submit' value='Submit'/>
</form>
";
}
?>
</body>
</html>
答案 1 :(得分:0)
首先,您必须将username设置为session变量
if ($password == $db_password){
$username = mysql_real_escape_string($_SESSION['username']);
$_SESSION['username'] = $username;
} else {
echo "Your password is incorrect";
}
在if条件下,您需要更改以下代码
$username = isset($_SESSION['username']) ? $_SESSION['username'] : null;
if ($username){
echo "You are logged in as, ".$username."!. <a href='logout.php'>LogOut</a> ";
}else{
/* your code */
}
答案 2 :(得分:0)
你正在设置另一种方式。尝试
if ($password == $db_password){
$_SESSION['username'] = $username;
}
然后
if (isset($_SESSION['username']))
{
echo "You are logged in as, $_SESSION['username']!. <a href='logout.php'>LogOut</a>";
}
P.S开始使用预准备语句(mysqli或pdo)并避免使用mysql扩展。