好吧,我已经玩了一段时间了,我没有在哪里。我发现,如果用户未登录,为了阻止页面(使用PHP),您需要拥有以下代码:
<?php
session_start();
if(empty($_SESSION['logged_in']))
{
header('Location: http://' . $_SERVER['HTTP_HOST'] . '/login.php');
exit;
}
?>
那太棒了,它奏效了。当我没有登录时,它阻止了我。问题是,当我登录时,它仍然阻止我。这是login.php代码:
<?php
include("db.php");
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from Form
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password = md5($password); // Encrypted Password
$sql = "SELECT id FROM admin WHERE username='$username' and passcode='$password'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if ($count == 1) {
header("location: index.php");
} else {
$error = "Your Login Name or Password is invalid";
}
}
?>
<form action="login.php" method="post">
<label>UserName :</label>
<input type="text" name="username"/><br />
<label>Password :</label>
<input type="password" name="password"/><br/>
<input type="submit" value=" Login "/><br />
</form>
现在,我知道我正在通过这里登录,因为它重定向到索引,但索引然后把我踢了。我觉得这些会议可能会被认为是不同的,但到现在为止早上1点30分,经过几个小时的工作,我放弃了,决定问你。如果你知道我做错了什么,请告诉我。
谢谢!
答案 0 :(得分:1)
您没有设置会话变量。
试试这个
if($count==1)
{
$_SESSION['logged_in'] = 1; //Or whatever makes it not empty
header("location: index.php");
}
现在,您正使用空会话变量
将自己送回索引答案 1 :(得分:0)
避免使用 Mysql *
Dainis说你需要在session_start()
之前include
,你还需要在检查用户名后设置$_SESSION['logged_in']=true;
或者你想要的东西,密码是正确的。
<?php
session_start();
include("db.php");
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
$password=md5($password); // Encrypted Password
$sql="SELECT id FROM admin WHERE username='$username' and passcode='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1)
{
$_SESSION['logged_in']=true;
header("location: index.php");
}
else
{
$error="Your Login Name or Password is invalid";
}
}
?>
答案 2 :(得分:0)
在if条件下为登录用户创建会话。检查下面修改后的代码。
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from Form
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password = md5($password); // Encrypted Password
$sql = "SELECT id FROM admin WHERE username='$username' and passcode='$password'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if ($count == 1) {
$_SESSION['logged_in'] = 'YES'; // put session value here
header("location: index.php");
} else {
$error = "Your Login Name or Password is invalid";
}
}