我有一个密码保护页面,只能使用用户名和密码访问。一切都必须正确,但我没有!
这是我的表格( index.php )和pn:
<?php
if (isset($_POST['name'], $_POST['password'])) {
$dns = "mysql:host=localhost;dbname=department_c";
$option = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES UTF8');
try{
$pdo = new PDO($dns, "root", "", $option);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e){
die("Erreur de connection.");
}
$sql="SELECT * FROM admin WHERE name = :name AND password = MD5(:password)";
$stmt = $pdo->prepare($sql);
$stmt->bindValue('name', $_POST['name']);
$stmt->bindValue('password', $_POST['password']);
$stmt->execute();
$nbMembre = $stmt->rowCount();
if($nbMembre == 1){
$membre = $stmt->fetch(PDO::FETCH_ASSOC);
header("location:test.php");
} else {
$msg="<font color='orange'>Enter username and password.</font>";
}
} else {
$msg ="<font color='red'>Lgon!</font>";
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
<meta charset="UTF-8" />
</head>
<body>
<form action="" method="post">
<label for="name">Username: </label>
<input type="text" name="name" /><br/>
<label for="password">Passwprd: </label>
<input type="password" name="password" /><br/>
<input type="submit" value="login" />
</form>
<p><?php echo $msg; ?></p>
</body>
</html>
这是我的测试页面。它非常适合用户名和密码进行保护和访问。没有if(!isset($_SESSION['name']))
或者如果我像if(isset($_SESSION['name']))
那样进入页面,但是!isset 我不能!
以下是代码( test.php ):
<?php
session_start();
require 'connect.php';
if(!isset($_SESSION['name'])){
header("location:index.php");
exit();
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Test</title>
</head>
<body>
<header>
</div>
wellcome
Hellos-.....
<br>
<a href="logout.php"><h2>Logout</h2></a>
</div>
</body>
</html>
这是我的退出代码( logout.php ):
<?php
session_start();
$_SESSION = array();
session_destroy();
if(!isset($_SESSION['name'])){
header("location:index.php");
}else{
echo"<h2> There was a problem with logging out!</h2>";
exit();
}
?>
答案 0 :(得分:0)
在index.php
文件中:
尝试将session_start(); $_SESSION['name'] = $_POST['name'];
放在$membre = $stmt->fetch(PDO::FETCH_ASSOC);
和header("location:test.php");
之间,然后按照我在原始答案中添加的条件语句进行操作。
我测试并为我工作过:
...
if($nbMembre == 1){
$membre = $stmt->fetch(PDO::FETCH_ASSOC);
// my addition
session_start();
$_SESSION['name'] = $_POST['name'];
header("location:test.php");
} else {
$msg="<font color='orange'>Enter username and password.</font>";
}
} else {
$msg ="<font color='red'>Lgon!</font>";
}
...
// rest of code
基于以下内容:(测试代码作为一个文件工作)
将一个变量分配给表单的POST元素,然后从$_POST
分配会话名称。
这将被视为您的登录页面:
<?php
session_start();
// require 'connect.php';
if(isset($_POST['submit'])){
$name = $_POST['name'];
$_SESSION['name'] = $_POST['name'];
if(isset($_SESSION['name']) && !empty($_SESSION['name'])){
echo "session is set";
echo "<br>";
echo $name;
} else {
echo "session is NOT set";
}
} // brace for if(isset($_POST['submit']))
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Test</title>
</head>
<body>
<form action="" method="post">
<label for="name">Username: </label>
<input type="text" name="name" /><br/>
<label for="password">Password: </label>
<input type="password" name="password" /><br/>
<input type="submit" name="submit" value="TEST" />
</form>
</body>
</html>
然后就是你现在拥有的 test.php 。
<?php
session_start();
require 'connect.php';
if(isset($_SESSION['name']) && !empty($_SESSION['name'])){
echo "session is set";
echo "<br>";
echo $name;
} else {
// echo "session is NOT set";
header("location:index.php");
}
/* old method
if(!isset($_SESSION['name'])){
header("location:index.php");
exit();
}
*/
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Test</title>
</head>
<body>
<header>
</div>
wellcome
Hellos-.....
<br>
<a href="logout.php"><h2>Logout</h2></a>
</div>
</body>
</html>
<强>密码:强>
我还注意到您使用MD5存储密码。不再推荐这样做。
以下是一些密码存储选项:
crypt()
bcrypt()
scrypt()
password_hash()
功能。其他链接:
<强>会话强>
这是一个关于会话的直观教程: