所以我正在建立一个PHP&网站。 MySQL的做法,我试图建立一个成员的系统。应该发生的是用户进入登录页面并使用注册的用户名和密码(在注册过程中工作)登录,然后页面将刷新并将其带到“'成员”。区域。这是我的代码:
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username'])) {
echo "<h1>Member Area</h1>";
echo "<p>Thanks for logging in! You are <b>" . $_SESSION['Username'] . "</b> and your email address is <b>" . $_SESSION['EmailAddress'] . "</b>.</p>";
} elseif(!empty($_POST['username']) && !empty($_POST['password'])) {
$username = mysql_real_escape_string($_POST['username']);
$password = md5(md5(mysql_real_escape_string($_POST['password'])));
$checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
if(mysql_num_rows($checklogin) == 1) {
$row = mysql_fetch_array($checklogin);
$email = $row['EmailAddress'];
$_SESSION['Username'] = $username;
$_SESSION['EmailAddress'] = $email;
$_SESSION['LoggedIn'] = 1;
echo "<center>";
echo "<h1>Success</h1>";
echo "<p>We are now redirecting you to the member area.</p>";
echo "<meta http-equiv='refresh' content='2;login.php' />";
echo "</center>";
} else {
echo "<h1>Error</h1>";
echo "<p>Sorry, your account could not be found. Please <a href=\"login.php\">click here to try again</a>.</p>";
}
} else {
echo "<center>";
echo "<h1>Login</h1>";
echo "<p>Thanks for visiting! Please either login below, or <a href=\"register.php\">click here to register</a>.</p>";
echo "<form method=\"post\" action=\"login.php\" name=\"loginform\" id=\"loginform\">";
echo "<label for=\"username\">Username:</label><input type=\"text\" name=\"username\" id=\"username\" /><br />";
echo "<label for=\"password\">Password:</label><input type=\"password\" name=\"password\" id=\"password\" /><br /> ";
echo "<input type=\"submit\" name=\"login\" id=\"login\" value=\"Login\" />";
echo "</form>";
echo "</center>";
}
?>
所以基本上,页面加载并检查用户是否已经登录,如果是,则加载成员区域。如果没有,它会检查用户是否正在尝试登录,如果没有,则会显示登录表单。
我的问题是,每次我或其他人尝试登录时,页面都会重新加载,而不是将其带到“&#39;成员”中。区域,它将他们带回登录表单...
另外,在文档的顶部我有一行:
<?php include "base.php"; ?>
在base.php文件中我有一个session_start(),但也许这是无关紧要的?
有什么建议?感谢。
编辑:
注册用户的代码位于不同的php文件中。同样,带有session_start();的base.php文件包含在文档的顶部:
if(!empty($ _ POST [&#39; username&#39;])&amp;&amp;!empty($ _ POST [&#39; password&#39;])){
$ username = mysql_real_escape_string($ _ POST [&#39; username&#39;]);
$ password = md5(md5(mysql_real_escape_string($ _ POST [&#39;密码&#39;])));
$ email = mysql_real_escape_string($ _ POST [&#39; email&#39;]);
$checkusername = mysql_query("SELECT * FROM users WHERE Username = '".$username."'");
if(mysql_num_rows($checkusername) == 1) {
echo "<h1>Error</h1>";
echo "<p>Sorry, that username is taken. Please go back and try again.</p>";
} else {
$registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('".$username."', '".$password."', '".$email."')");
if($registerquery) {
echo "<h1>Success</h1>";
echo "<p>Your account was successfully created. Please <a href=\"login.php\">click here to login</a>.</p>";
} else {
echo "<h1>Error</h1>";
echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
}
}
} else {
echo "<h1>Register</h1>";
echo "<p>Please enter your details below to register.</p> ";
echo "<form method=\"post\" action=\"register.php\" name=\"registerform\" id=\"registerform\">";
echo " <label for=\"username\">Username:</label><input type=\"text\" name=\"username\" id=\"username\" /><br /> ";
echo " <label for=\"password\">Password:</label><input type=\"password\" name=\"password\" id=\"password\" /><br /> ";
echo " <label for=\"email\">Email Address:</label><input type=\"text\" name=\"email\" id=\"email\" /><br />";
echo " <input type=\"submit\" name=\"register\" id=\"register\" value=\"Register\" />";
echo "</form>";
}
?>
答案 0 :(得分:3)
你似乎错过了
session_start()
位于php脚本的顶部
答案 1 :(得分:1)
始终确保session_start()也位于所有其他相关网页的首位。我会将isset与!empty一起使用。
session_start();
if(isset($_SESSION['LoggedIn']) && isset($_SESSION['Username'])) {
答案 2 :(得分:1)
对于您希望通过会话进行的每个页面,您必须执行
session_start();
即使会话已经创建。
假设您需要一个注销页面,当您要在logout.php等页面上注销用户时,您必须拥有:
session_start();
session_destroy();
session_start();有必要破坏会议
答案 3 :(得分:0)
不推荐使用mysql_real_escape_string,而是使用MySQLi或PDO!
此外,session_start();可能对处理会话非常有用。