这个网页在php中有重定向循环

时间:2015-02-09 16:59:55

标签: php mysql apache cookies session-cookies

我正在为php中的登录页面做一个测试示例(我故意希望不受保护的代码针对安全问题,例如SQL注入或用于学习目的的会话劫持)。我想用饼干 索引页面如下所示。只需一个用户名和密码: enter image description here

当我尝试登录时,我收到此页面: enter image description here

你能帮我解决导致这个错误的问题吗?

在index.php的开头,我使用了以下php代码:

   <?php
include('login.php'); // Includes Login Script

if(isset($_SESSION['login_user'])){
header("location: profile.php");
}
?>

然后,在login.php中,使用了以下代码:

{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "root", "", "mydbname");

if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

// Selecting Database
$db = mysqli_select_db($connection, "mydbname");
// SQL query to fetch information of registerd users and finds user match.
$query = mysqli_query($connection,"select * from users where password='$password' AND userName='$username'");
$rows = mysqli_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysqli_close($connection); // Closing Connection
}
}
?>

然后,在profile.php中,我使用了这段代码:

    <?php
include('session.php');
?>
<!DOCTYPE html>
<html>
<head>
<title>Your Home Page</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="profile">
<b id="welcome">Welcome : <i><?php echo $login_session; ?></i></b>
<b id="logout"><a href="logout.php">Log Out</a></b>
</div>
</body>
</html>

修改 这是session.php的内容

    <?php
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "root", "", "mydbname");
// Selecting Database
$db = mysqli_select_db($connection, "mydbname");
session_start();// Starting Session
// Storing Session
$user_check=$_SESSION['login_user'];
// SQL Query To Fetch Complete Information Of User
$ses_sql=mysqli_query($connection,"select userName from login where userName='$user_check'");
$row = mysqli_fetch_assoc($ses_sql);
$login_session =$row['userName'];
if(!isset($login_session)){
mysqli_close($connection); // Closing Connection
header('Location: index.php'); // Redirecting To Home Page
}
?>

1 个答案:

答案 0 :(得分:0)

可能会添加

session_start();
<$>之前的$ _SESSION值

相关问题
最新问题