<?php
//start the session
mysql_connect("localhost","root","");
@mysql_select_db(fcs)
or die("Unable to select Database");
//check if the form has been submitted
if(isset($_POST['submit'])){
$msg="";
//VALIDATE form information
if(empty($_POST['uname'])){
$msg="Please enter your username.";
}
if(empty($_POST['upass'])){
$msg .="Please enter your password.";
}
//check length of password
if(strlen($_POST['upass']) > 6){
$msg .="Invalid password.";
}
if(empty($msg)){
$sql = "SELECT uname,upass FROM administrator WHERE user ='".$_POST['uname']."'";
$sql .= "AND password ='".md5($_POST['password'])."'";
if(!$res = mysql_query($sql)){
$msg.=mysql_error();
}else{
//user exists in system, set the session variables
if (mysql_num_rows($res) == 1) {
while($row = mysql_fetch_assoc($res)){
// the user name and password match,
$_SESSION['uname'] = $row['uname'];
$_SESSION['upass'] = $_POST['upass'];
//Now go to the main page
header('location../admin.php');
}
}else{
$msg = "Your login details did not match";
}//end numrows check
}//end res check
}
}//end submit check
?>
注意:
如果用户名和密码正确,我想加载(admin.php)页面 只是显示一条消息:
答案 0 :(得分:3)
header-Function应该像这样使用:
header('Location: ../admin.php');
如果您指定完整的绝对URL,那就更好了:
header('Location: http://www.example.com/admin.php');
那是因为RFC 2616要求它是绝对URI(尽管大多数浏览器也支持相对URL):
Location = "Location" ":" absoluteURI
答案 1 :(得分:0)
您的位置标题应为:
header('Location: http://www.example.com/admin.php');
您需要使用以下命令在脚本顶部启动会话:
session_start();
该会话开始代码应位于需要访问$ _SESSION变量的每个页面的开头。