helo,我有PHP代码,只需检查和验证来自HTML表单和MYSQL数据库的数据。但它不是基于会话,我尝试了很多次来生成会话但未能获得准确的结果。我只需要基于会话的登录系统。
这是我的简单代码:
<?php
require_once('connectionlog.php');
$category= ($_POST['category']);
$username = ($_POST['username']);
$password = ($_POST['password']);
$qry="SELECT * FROM member WHERE (username='$username' AND password='$password') AND category='$category'" ;
$result=mysql_query( $qry);
if($result){
$member = mysql_fetch_assoc($result);
if(($result) and ($category=="ABC") and ($member['category']=="ABC")){
header("location: ABC.php");
exit();}
if(($result) and ( $category=="DEF") and ($member['category']=="DEF")){
header("location: DEF.php");
exit();
}
}
else {
die("Query failed");
}
?>
尝试过的代码:
<!--
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
-->
<?php
/*
//Start session
session_start();
//Include database connection details
require_once('connectionlog.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$category= clean($_POST['category']);
$username = clean($_POST['username']);
$password = clean($_POST['password']);
//Input Validations
if($category=='Account Type'){
$errmsg_arr[] = 'Account Type is missing';
$errflag = true;
}
if($username == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: loginform.php");
exit();
}
//Create query
$qry="SELECT * FROM member WHERE username='$username' AND password='$password' " ;
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result and $category=='Admin') {
if(mysql_num_rows($result) > 0) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['mem_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['username'];
$_SESSION['SESS_LAST_NAME'] = $member['password'];
$_SESSION['SESS_CATEGORY_TYPE'] = $member['category'];
session_write_close();
//$result['category']=='Admin' and
if($result['category']=='Admin' and $category=='Admin'){
header("location: admin.php");
}
//else
//{header("location: chkadmin.php");}
//$result['category']=='Doctor' and
if($result['category']=='Doctor' and $category=='Doctor'){
header("location: chkadmin.php");
}
exit();
}
else {
//Login failed
$errmsg_arr[] = 'user name and password are not found';
$errflag = true;
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: loginform.php");
exit();
}
}
}else {
die("Query failed");
}
*/
?>
<!--
</body>
</html>
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<?php
//Start session
session_start();
//Include database connection details
require_once('connectionlog.php');
//$con=mysqli_connect("localhost","root","","vip");
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$category= clean($_POST['category']);
$username = clean($_POST['username']);
$password = clean($_POST['password']);
//Input Validations
if($category=='Account Type'){
$errmsg_arr[] = 'Account Type is missing';
$errflag = true;
}
if($username == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: loginform.php");
exit();
}
//Create query
$qry="SELECT * FROM member WHERE (username='$username' AND password='$password') AND category='$category'" ;
$result=mysql_query( $qry);
//$result=mysqli_query( $con,$qry);
//$result1= mysqli_query($con,$qry);
//while($row = mysqli_fetch_array($con,$resultt)){
//Check whether the query was successful or not
//if(($result) and ($category=="Admin")and //($result['category']==$category)
//){
if($result){
if(mysql_num_rows($result) > 0) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['mem_id'];
$_SESSION['SESS_CATEGORY_TYPE'] = $member['category'];
$_SESSION['SESS_FIRST_NAME'] = $member['username'];
$_SESSION['SESS_LAST_NAME'] = $member['password'];
session_write_close();
if(($result) and ($category=="Admin") and ($member['category']=="Admin")){
header("location: admin.php");
exit();}
if(($result) and ( $category=="Doctor") and ($member['category']=="Doctor")){
header("location: doctor2.php");
exit();
}
if(($result) and ($category=='Patient') and ($member['category']=="Patient")){
header("location: patient.php");
exit();}
if(($result) and ($category=='Nurse') and ($member['category']=="Nurse")){
header("location: doctor.php");
exit();}
if(($result) and ($category=='Pharmacist') and ($member['category']=="Pharmacist")){
header("location: pharmacist.php");
exit();}
if(($result) and ($category=='Labortarist') and ($member['category']=="Labortarist")){
header("location: lab.php");
exit();}
if(($result) and ($category=='Accountant') and ($member['category']=="Accountant")){
header("location: accountant.php");
exit();}
/*else {
$errmsg_arr[] = 'Account Type is not Correct';
$errflag = true;
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
/*echo "<script>alert('Enter correct record')</script>";
header("location:loginform.php");
exit();}}*/
}else {
//Login failed
$errmsg_arr[] = 'Data is not found';
$errflag = true;
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: loginform.php");
exit();
}
}
}
/*else if($result and ( $category=="Doctor") //and ($result['category']=='Doctor')
){
if(mysql_num_rows($result) > 0) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['mem_id'];
$_SESSION['SESS_CATEGORY_TYPE'] = $member['category'];
$_SESSION['SESS_FIRST_NAME'] = $member['username'];
$_SESSION['SESS_LAST_NAME'] = $member['password'];
session_write_close();
header("location: admin.php");
exit();
}else {
//Login failed
$errmsg_arr[] = 'user name and password are not found';
$errflag = true;
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: loginform.php");
exit();
}
}
}
else if($result and ($category=='Nurse') ) {
if(mysql_num_rows($result) > 0) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['mem_id'];
$_SESSION['SESS_CATEGORY_TYPE'] = $member['category'];
$_SESSION['SESS_FIRST_NAME'] = $member['username'];
$_SESSION['SESS_LAST_NAME'] = $member['password'];
session_write_close();
header("location: admin.php");
exit();
}else {
//Login failed
$errmsg_arr[] = 'user name and password are not found';
$errflag = true;
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: loginform.php");
exit();
}
}
}
else if($result and ($category=='Pharmacist')){
if(mysql_num_rows($result) > 0) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['mem_id'];
$_SESSION['SESS_CATEGORY_TYPE'] = $member['category'];
$_SESSION['SESS_FIRST_NAME'] = $member['username'];
$_SESSION['SESS_LAST_NAME'] = $member['password'];
session_write_close();
header("location: admin.php");
exit();
}else {
//Login failed
$errmsg_arr[] = 'user name and password are not found';
$errflag = true;
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: loginform.php");
exit();
}
}
}
else if($result and $category=='Accountant'){
if(mysql_num_rows($result) > 0) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['mem_id'];
$_SESSION['SESS_CATEGORY_TYPE'] = $member['category'];
$_SESSION['SESS_FIRST_NAME'] = $member['username'];
$_SESSION['SESS_LAST_NAME'] = $member['password'];
session_write_close();
header("location: admin.php");
exit();
}else {
//Login failed
$errmsg_arr[] = 'user name and password are not found';
$errflag = true;
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: loginform.php");
exit();
}
}
}
else if($result and ($category=='Labortarist')){
if(mysql_num_rows($result) > 0) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['mem_id'];
$_SESSION['SESS_CATEGORY_TYPE'] = $member['category'];
$_SESSION['SESS_FIRST_NAME'] = $member['username'];
$_SESSION['SESS_LAST_NAME'] = $member['password'];
session_write_close();
header("location: admin.php");
exit();
}else {
//Login failed
$errmsg_arr[] = 'user name and password are not found';
$errflag = true;
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: loginform.php");
exit();
}
}
}
else if($result and ($category=='Patient')){
if(mysql_num_rows($result) > 0) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['mem_id'];
$_SESSION['SESS_CATEGORY_TYPE'] = $member['category'];
$_SESSION['SESS_FIRST_NAME'] = $member['username'];
$_SESSION['SESS_LAST_NAME'] = $member['password'];
session_write_close();
header("location: admin.php");
exit();
}else {
//Login failed
$errmsg_arr[] = 'user name and password are not found';
$errflag = true;
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: loginform.php");
exit();
}
}
}*/
else {
die("Query failed");
//header("location: loginform.php");
}
?>
</body>
</html>
答案 0 :(得分:1)
首先使用会话,你必须在页面的开头开始会话。
<?php
session_start();
// receive the username and password from your template file like
$username = mysql_real_escape_string($_POST['username']);
$pwd= $_POST['pwd'];
// do your database validation with username and password
?>
if user match put needed information in session like
$_SESSION['username']=$username;
// And more
and start session in every page or start in a page and include this page on all pages.
and in the other page just check
if(!isset($_SESSION['username']))
// redirect the desired page
希望它会对你有所帮助:)。
答案 1 :(得分:0)
您的代码容易受到SQL注入攻击。您应该使用PDO准备好的语句。或者至少在将帖子数据放入查询之前转义它。绝不相信用户输入。另外,我希望你不要在你的数据库中存储明文密码。它们应该被盐渍和散列。在PHP中,会话非常简单。调用session_start();并且在会话数组中放置您想要的任何数据,即$ _SESSION ['username'] = $ member ['username'];然后在后续页面上调用session_start();再次检索数据如下:$ username = $ _SESSION ['username'];
答案 2 :(得分:0)
好的,首先,在脚本的最顶层,您需要使用
开始会话session_start();
然后向其添加数据使用以下
$_SESSION['key'] = $data;
然后将数据检索回变量do
$data = $_SESSION['key'];
清空单个变量做
unset($_SESSION['key']);
并取消设置所有变量
unset($_SESSION);
并完全破坏会话
session_destroy();
希望这会有所帮助