我正在开发一个小型网站,用户可以用它来保存客户信息和销售记录。出于安全原因,用户应该只能在登录后查看主页或任何页面。因此,我在header.php文件的顶部做了一个重定向语句,如果他们将用户重定向到登录页面没有登录。问题是现在我面临着无限循环的重定向。我不知道在何处放置重定向,以便它不会创建无限循环。
这是我的header.php:
<!DOCTYPE html>
<?php
if (!isset($_SESSION['username'])) {
header('Location: login.php');
}
?>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Shawn's Goods - <?php echo $pageTitle; ?></title>
<link rel="stylesheet" type="text/css" href="styles.css" />
<link rel='stylesheet' type='text/css' href='http://fonts.googleapis.com/css?family=Roboto+Condensed' />
</head>
<body>
<?php session_start(); ?>
<?php
if (isset($_SESSION['username'])) {
?>
<div class="headerWrapper">
<h1 class="pageHeader">Shawn's Goods</h1>
<div class="userFunctions">
<a class="usernameDisplay"><?php echo $_SESSION['username']; ?></a>
<a class="logoutButton">Logout</a>
</div>
</div>
<?php
}
?>
这是包含在我所有网页中的包含文件。我在某处读到一个header()php函数必须放在页面的html标记之前,我不确定这是否正确?
另一个解决方案是编写一个php函数来检查用户名是否已设置,然后打印登录页面或主页的代码,但如果用户手动键入,我仍然需要某种登录重定向例如,客户页面的地址。
这是我的登录脚本:
的common.php:
<?php
$username = 'root';
$password = 'Change01&';
$host = 'localhost';
$dbname = 'shaunsgoods';
$hi = 'Hello';
$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8');
try {
$db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options);
}
catch(PDOException $ex) {
die("DBErr");
}
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
{
function undo_magic_quotes_gpc(&$array)
{
foreach($array as &$value)
{
if(is_array($value))
{
undo_magic_quotes_gpc($value);
}
else
{
$value = stripslashes($value);
}
}
}
undo_magic_quotes_gpc($_POST);
undo_magic_quotes_gpc($_GET);
undo_magic_quotes_gpc($_COOKIE);
}
header('Content-Type: text/html; charset=utf-8');
session_start();
loginscript.php:
<?php
require('common.php');
if(!empty($_POST))
{
if (empty($_POST['username'])) {
die('UserErr');
}
if (empty($_POST['password'])) {
die('PassErr');
}
$query = "
SELECT
id,
username,
password,
salt,
email,
role
FROM users
WHERE
username = :username
";
$query_params = array(
':username' => $_POST['username']
);
try {
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex) {
die('DBErr '.$ex->getMessage());
}
$login_ok = false;
$row = $stmt->fetch();
if($row) {
$check_password = hash('sha256', $_POST['password'] . $row['salt']);
for($round = 0; $round < 65536; $round++) {
$check_password = hash('sha256', $check_password . $row['salt']);
}
if($check_password === $row['password']) {
$login_ok = true;
}
}
if($login_ok) {
unset($row['salt']);
unset($row['password']);
$_SESSION['username'] = $row['username'];
$_SESSION['email'] = $row['email'];
$_SESSION['role'] = $row['role'];
header('Location: home.php');
die('Redirecting to: home.php');
}
else {
die("LogErr");
}
}
答案 0 :(得分:0)
刚刚未定义的会话,所以运行
header('Location: login.php');
将session_start();移到页面顶部,这是真正的代码:
<?php
session_start();
if (!isset($_SESSION['username'])) {
header('Location: login.php');
}
?>