从登录页面我捕获用户和密码值:
<?php
session_start();
$error='';
$rows = 0;
if (isset($_POST['submit'])) {
$username=$_POST['username'];
$password=$_POST['password'];
$mysqli = new mysqli("localhost","xxxxx","xxxxx","xxxxxxx");
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$username = stripslashes($username);
$password = stripslashes($password);
$username = $mysqli->real_escape_string($username);
$password = $mysqli->real_escape_string($password);
$query = "select count(*) from login where password='$password' AND username='$username'";
if ($stmt = $mysqli->prepare($query)) {
$stmt->execute();
$stmt->store_result();
$rows = $stmt->num_rows;
$stmt->close();
}
}
$mysqli->close();
if ($rows == 1) {
$_SESSION['login_user']=$username;
header("location: profile.php");
} else {
header("location: login.php");
$error = "Username or Password is invalid";
}
?>
我的profile.php脚本如下所示:
<?php
include('session.php');
?>
<!DOCTYPE html>
<html>
<head>
<title>Your Home Page</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="profile">
<b id="welcome">Welcome : <i><?php echo $login_session; ?></i></b>
<b id="logout"><a href="logout.php">Log Out</a></b>
</div>
</body>
</html>
和session.php
<?php
if(!isset($_SESSION['login_user'])){
header('Location: login.php');
}
?>
我的代码流就像提交登录表单时一样,validate_login.php源代码将验证用户的详细信息。如果细节正确,将显示profile.php页面或再次返回登录页面。
我有3个困难;
答案 0 :(得分:1)
你现在没有会话在session.php
<?php
if(!isset($_SESSION['login_user'])){
header('Location: login.php');
}
?>
您需要添加session_start();
所以你会得到
<?php
session_start();
if(!isset($_SESSION['login_user'])){
header('Location: login.php');
}
?>
为了安全起见,最好使用准备好的prepared statements
。
对于错误的handelings,尝试做一些真正的会话吗?。
if(session_id() == '' || !isset($_SESSION)) {
// session isn't started
echo "No session";
}
答案 1 :(得分:0)
你的session.php应该是
empty()
基本上简洁等同于!isset($var) || $var == false
。
<?php
session_start();
if(empty($_SESSION['login_user'])){
header('Location: login.php');
}
?>
将session.php包含在您的脚本中以及任何其他适用于注册用户的页面
<?php
include_once('session.php');
$error='';
$rows = 0;
if (isset($_POST['submit'])) {
$username=$_POST['username'];
$password=$_POST['password'];
$mysqli = new mysqli("localhost","xxxxx","xxxxx","xxxxxxx");
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$username = stripslashes($username);
$password = stripslashes($password);
$username = $mysqli->real_escape_string($username);
$password = $mysqli->real_escape_string($password);
$query = "select count(*) from login where password='$password' AND username='$username'";
if ($stmt = $mysqli->prepare($query)) {
$stmt->execute();
$stmt->store_result();
$rows = $stmt->num_rows;
$stmt->close();
}
}
$mysqli->close();
if ($rows == 1) {
$_SESSION['login_user']=$username;
header("location: profile.php");
} else {
header("location: login.php");
$error = "Username or Password is invalid";
}
?>
答案 2 :(得分:0)
在使用任何会话变量之前调用session_start()函数。
如果收到如下警告:警告:无法修改标题信息 - 已发送的标题(输出从脚本:行开始),然后使用@ suppress operator
@session_start() //@ for error suppression