在我的页面上http://mackscript.netii.net/main_login.php
当我登录时,它会让我到错页面,
我想让它转到?nav_to指定的页面
所以,我将其指定为?nav_to=shop.php。
但它重定向到login_success.php。
main_login.php的代码
<html>
<head>
<title>Please login</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php" style="color:#B3B3B3;">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" class="field" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" class="field" id="mypassword"></td>
</tr>
<tr>
<td><a href="insert.php">Register</a></td>
<td><input type="submit" name="Submit" class="but" value="Login"></td>
<td><a href="contact.php">Forgot pass?</a></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</body>
</html>
checklogin.php的代码(这会检查登录和重定向)(详细信息已被删除)
<?php
ob_end_flush();
define('DEBUG', TRUE);
ob_start();
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$nav = $_GET['nav_to'];
$nav_to = (string)$nav;
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$mypass = md5($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypass'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypass and redirect to file "login_success.php"
$sql="SELECT credits FROM $tbl_name WHERE username='$myusername' and password='$mypass'";
$creds=mysql_query($sql);
$row = mysql_fetch_row($creds);
session_register("myusername");
session_register("mypass");
if(!empty($nav_to)){
header("location:$nav_to");
}
if(empty($nav_to)){
header("location:login_success.php?name=$myusername");
setcookie("valid", "true", time()+3600);
setcookie("creds", "$row[0]", time()+3600);
}
}else {
echo "Wrong Username or Password";
echo "<p><a href='main_login.php'>Back</a></p>";
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
</body>
</html>
答案 0 :(得分:2)
我认为那是因为$ nav_to不在$ _GET中! - 您的表单中的方法是“发布”但我无法看到输入此名称。
您应该添加以下内容:
<input type="hidden" name="nav_to" value="<?php echo $_GET["nav_to"]; ?>" />
答案 1 :(得分:1)
在你的html表单和你的php文件中使用@Radeczek answare替换下面的代码
替换代码
if(!empty($nav_to)){
header("location:$nav_to");
}
if(empty($nav_to)){
header("location:login_success.php?name=$myusername");
setcookie("valid", "true", time()+3600);
setcookie("creds", "$row[0]", time()+3600);
}
带
if(!empty($nav_to)){
header("location:$nav_to");
exit();
}
if(empty($nav_to)){
header("location:login_success.php?name=$myusername");
setcookie("valid", "true", time()+3600);
setcookie("creds", "$row[0]", time()+3600);
exit();
}