嘿伙计们我是PHP的新手并试图找出如何在一个非常基本的登录系统中实现$ _session:
<?php
session_start();
include 'dbconn.php';
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = $conn->query($sql);
$row = $result->fetch_object();
if($username == "$row->username" && $password == "$row->password") {
$_SESSION['loggedin'] = "$username";
header('Location: admin.php');
} else {
header('Location: index.php?msg=wrong-username-or-password');
}
问题在于,如果我使用局部变量,如:
$admin_userName = 'admin';
$admin_password = '1234';
然后进行比较
if($username == "$adminusername" && $password == "$adminpassword") {
$_SESSION['loggedin'] = "$username";
header('Location: admin.php');
$ _session完美无缺。但是当我使用它时:
if($username == "$row->username" && $password == "$row->password") {
$_SESSION['loggedin'] = "$username";
header('Location: admin.php');
会话不起作用。没有会话,上述陈述完美无缺!
的login.php
<?php
session_start();
include 'dbconn.php';
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = $conn->query($sql);
$row = $result->fetch_object();
if($username == $row->username && $password == $row->password) {
$_SESSION['loggedin'] = $username;
header('Location: apptify.php');
} else {
header('Location: index.php?msg=wrong-username-or-password');
}
logout.php
<?php
session_start();
unset($_SESSION['loggedin']);
header('Location: index.php');
?>
我真的迷了路,感谢任何帮助。
答案 0 :(得分:1)
问题在于,如果我使用局部变量,如: $ admin_userName =&#39; admin&#39 ;; $ admin_password =&#39; 1234&#39 ;; 然后进行比较 if($ username ==&#34; $ adminusername&#34;&amp;&amp; $ password ==&#34; $ adminpassword&#34;){
问题在于,您正在使用:
$admin_userName = 'admin';
$admin_password = '1234';
然后使用:
if($username == "$adminusername" && $password == "$adminpassword")
^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^
您忘记了下划线并且没有匹配变量lettercase。
变量区分大小写。
if($username == "$admin_userName" && $password == "$admin_password")
我的测试脚本,成功:
<?php
session_start();
$DB_HOST = 'xxx';
$DB_USER = 'xxx';
$DB_PASS = 'xxx';
$DB_NAME = 'xxx';
$con = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME)
or die(mysqli_connect_error());
$_POST['username'] = "John";
$username = $_POST['username'];
$_POST['password'] = "Johnny";
$password = $_POST['password'];
$_SESSION['loggedin'] = "$username";
echo $username; // echo'd John
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = $con->query($sql);
$row = $result->fetch_object();
if($username == "$row->username" && $password == "$row->password") {
$_SESSION['loggedin'] = "$username";
// header('Location: admin.php');
echo "Match!";
} else {
// header('Location: index.php?msg=wrong-username-or-password');
echo "No match.";
}
我需要指出:
您应该考虑使用mysqli with prepared statements或PDO with prepared statements,他们更安全。
关于密码存储。
如果您还没有哈希密码,而不是您可能正在使用的纯文本方法,我建议您查看CRYPT_BLOWFISH或PHP 5.5&#39; password_hash()功能。对于PHP&lt; 5.5使用password_hash() compatibility pack。
答案 1 :(得分:0)
应该没有引号:
if($username == $row->username && $password == $row->password) {
$_SESSION['loggedin'] = $username;
header('Location: index.php');
}