保持登录活跃在季节PHP

时间:2015-07-21 02:17:13

标签: php html session login

你好,我有一个问题,我有2个页面,一个登录,一个私人页面,当我登录,我试图去我的私人页面真的提供的链接,我的私人页面发送给我登录,就像一个永无止境的圈子。

  • 我完全清楚它很容易被黑客攻击。
  • 如果代码看起来很糟糕,因为我正在学习。
  • 提前谢谢。
  • 我的登录页面
<html>
<head>
    <title>User Login Form - PHP MySQL Ligin System | W3Epic.com</title>
</head>
<body>
<h1>User Login Form - PHP MySQL Ligin System | W3Epic.com</h1>
<?php
session_start("login");
if (!isset($_POST['submit'])){
?>
<!-- The HTML login form -->
    <form action="<?=$_SERVER['PHP_SELF']?>" method="post">
        Username: <input type="text" name="username" /><br />
        Password: <input type="password" name="password" /><br />

        <input type="submit" name="submit" value="Login" />
    </form>
<?php
} else {
    require_once("db_const.php");
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
    # check connection
    if ($mysqli->connect_errno) {
        echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
        exit();
    }

    $username = $_POST['username'];
    $password = $_POST['password'];
    $sql = "SELECT * from members WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1";
    $result = $mysqli->query($sql);
    if (!$result->num_rows == 1) {
        echo "<p>Invalid username/password combination</p>";
    } else {
        echo "<table align=center><tr>
        <font color=#000000  face=Arial, Helvetica, sans-serif size=+2>
        <td align=center><p>Logged in successfully</p></td></tr>";
        echo "<tr><td align=center><p>welcome!</p></td></tr>";
        echo "<tr><td align=center><p>what wood you like to work whit today ". $username . "!</p></td></tr></table>";

        echo "<table align=center><tr><td align=center><a href=adminsearch.php>
        <class\= color=#000000; face=Arial Black, Gadget, sans-seri;style=”text-decoration:none; size=+2>Admin</a></td>";

        echo "<td align=center>&hArr;</td>";

        echo "<td align=center><a href=constructionsearch.php>
        <class\= color=#000000; face=Arial Black, Gadget, sans-seri;style=”text-decoration:none; size=+2>Construction</a></td>";

        echo "<td align=center>&hArr;</td>";

        echo "<td align=center><a href=drivingsearch.php>
        <class\= color=#000000; face=Arial Black, Gadget, sans-seri;style=”text-decoration:none; size=+2>Driving</a></td>";

        echo "<td align=center>&hArr;</td>";

        echo "<td align=center><a href=industrialsearch.php>
        <class\= color=#000000; face=Arial Black, Gadget, sans-seri;style=”text-decoration:none; size=+2>Industrial</a></td></font></table>";

}
}
?>      
</body>
</html>

这是我的私人网页:

<?php
if (isset($_SESSION['login']) && $_SESSION['login'] == true) {
    echo "Welcome to the member's area, " . $_SESSION['username'] . "!";
} else {
     header ("Location: login.php");
}

?>
<?php 
//load database connection
require_once("db_search.php");
if (!isset($_POST['submit']));
    $pdo = new PDO("mysql:host=$host;dbname=$database_name", $user, $password, array(
    PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
    ));
// Search from MySQL database table




$search=$_POST['search'];
$query = $pdo->prepare("select * from admin where psc LIKE '%$search%' OR trade LIKE '%$search%'  LIMIT 0 , 10");
$query->bindValue(1, "%$search%", PDO::PARAM_STR);
$query->execute();
// Display search result
?>
<html>
<head>
<title> How To Create A Database Search With MySQL & PHP Script | Tutorial.World.Edu </title>
</head>
<body>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
Search: <input type="text" name="search" placeholder=" Search here ... "/>
<input type="submit" value="Submit" />
</form>
<?php
  if (!$query->rowCount() == 0) {
    echo "Search found :<br/>";
    echo "<table style=\"font-family:arial;color:#333333;\">";  
    echo "<tr>
    <td style=\"border-style:solid;border-width:1px;border-color:#98bf21;background:#98bf21;\">First Name</td>
    <td style=\"border-style:solid;border-width:1px;border-color:#98bf21;background:#98bf21;\">Last Name</td>
    <td style=\"border-style:solid;border-width:1px;border-color:#98bf21;background:#98bf21;\">Trade</td>
    <td style=\"border-style:solid;border-width:1px;border-color:#98bf21;background:#98bf21;\">Post Code</td>
    <td style=\"border-style:solid;border-width:1px;border-color:#98bf21;background:#98bf21;\">Telephone</td>
    <td style=\"border-style:solid;border-width:1px;border-color:#98bf21;background:#98bf21;\">Comments</td>
    <td style=\"border-style:solid;border-width:1px;border-color:#98bf21;background:#98bf21;\">To be use</td></tr>";            
   while ($results = $query->fetch()) {

    echo "<tr><td style=\"border-style:solid;border-width:1px;border-color:#98bf21;\">";            
    echo $results['f_name'];

    echo "</td><td style=\"border-style:solid;border-width:1px;border-color:#98bf21;\">";           
    echo $results['l_name'];

    echo "</td><td style=\"border-style:solid;border-width:1px;border-color:#98bf21;\">";           
    echo $results['trade'];

    echo "</td><td style=\"border-style:solid;border-width:1px;border-color:#98bf21;\">";           
    echo $results['psc'];

    echo "</td><td style=\"border-style:solid;border-width:1px;border-color:#98bf21;\">";
    echo $results['phone'];

    echo "</td><td style=\"border-style:solid;border-width:1px;border-color:#98bf21;\">";
    echo $results['comm'];

    echo "</td><td style=\"border-style:solid;border-width:1px;border-color:#98bf21;\">";
    echo("<button onclick=\"location.href='del.php?del=" . $results['id'] . "'\"> delete user</button>"); 

    echo "</td></tr>";              
     }
    echo "</table>";        
     } else {
    echo 'Nothing found';
     }
?>

1 个答案:

答案 0 :(得分:3)

您实际上从未在私人网页中呼叫session_start();,也未在登录页面中设置$_SESSION['login']

登录页面 

if (!$result->num_rows == 1) {
        echo "<p>Invalid username/password combination</p>";
    } else {
        $_SESSION['login'] = true;

私人网页 

<?php
session_start();
if (isset($_SESSION['login']) && $_SESSION['login'] == true) {
相关问题
最新问题