PHP需要登录才能查看

时间:2013-12-28 07:27:46

标签: php login

好吧,我已经玩了一段时间了,我没有在哪里。我发现,如果用户未登录,为了阻止页面(使用PHP),您需要拥有以下代码:

<?php
session_start();
if(empty($_SESSION['logged_in']))
{
    header('Location: http://' . $_SERVER['HTTP_HOST'] . '/login.php');
    exit;
}
?>

那太棒了,它奏效了。当我没有登录时,它阻止了我。问题是,当我登录时,它仍然阻止我。这是login.php代码:

<?php
include("db.php");
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // username and password sent from Form
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);
    $password = md5($password); // Encrypted Password
    $sql = "SELECT id FROM admin WHERE username='$username' and passcode='$password'";
    $result = mysql_query($sql);
    $count = mysql_num_rows($result);

    // If result matched $username and $password, table row must be 1 row
    if ($count == 1) {
        header("location: index.php");
    } else {
        $error = "Your Login Name or Password is invalid";
    }
}
?>
<form action="login.php" method="post">
    <label>UserName :</label>
    <input type="text" name="username"/><br />
    <label>Password :</label>
    <input type="password" name="password"/><br/>
    <input type="submit" value=" Login "/><br />
</form>

现在,我知道我正在通过这里登录,因为它重定向到索引,但索引然后把我踢了。我觉得这些会议可能会被认为是不同的,但到现在为止早上1点30分,经过几个小时的工作,我放弃了,决定问你。如果你知道我做错了什么,请告诉我。

谢谢!

3 个答案:

答案 0 :(得分:1)

您没有设置会话变量。

试试这个

      if($count==1)
    {
        $_SESSION['logged_in'] = 1; //Or whatever makes it not empty
        header("location: index.php");
    }

现在,您正使用空会话变量

将自己送回索引

答案 1 :(得分:0)

避免使用 Mysql *

Dainis说你需要在session_start()之前include,你还需要在检查用户名后设置$_SESSION['logged_in']=true;或者你想要的东西,密码是正确的。

<?php
session_start();
include("db.php");
if($_SERVER["REQUEST_METHOD"] == "POST")
{
    // username and password sent from Form
    $username=mysql_real_escape_string($_POST['username']);
    $password=mysql_real_escape_string($_POST['password']);
    $password=md5($password); // Encrypted Password
    $sql="SELECT id FROM admin WHERE username='$username' and passcode='$password'";
    $result=mysql_query($sql);
    $count=mysql_num_rows($result);

    // If result matched $username and $password, table row must be 1 row
    if($count==1)
    {
        $_SESSION['logged_in']=true;

        header("location: index.php");

    }
    else
    {
        $error="Your Login Name or Password is invalid";
    }
}
?>

答案 2 :(得分:0)

在if条件下为登录用户创建会话。检查下面修改后的代码。

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // username and password sent from Form
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);
    $password = md5($password); // Encrypted Password
    $sql = "SELECT id FROM admin WHERE username='$username' and passcode='$password'";
    $result = mysql_query($sql);
    $count = mysql_num_rows($result);

    // If result matched $username and $password, table row must be 1 row
    if ($count == 1) {
        $_SESSION['logged_in'] = 'YES'; // put session value here 
        header("location: index.php");
    } else {
        $error = "Your Login Name or Password is invalid";
    }
}
相关问题
最新问题