php - 登录时重定向用户

时间:2015-08-03 19:11:00

标签: php mysqli

尝试使用php和MySQL设置一个简单的登录系统后,我被告知MySQL折旧,所以我开始研究mysqli。

我还是PHP的新手并连接到数据库所以我找到了一些在线教程,我能够设置一个有效的简单登录脚本(我使用了本教程http://w3epic.com/php-mysql-login-system-a-super-simple-tutorial/)。我迷失了一部分。

以下是我的登录页面中的代码:

<html>
<head>
<title>User Login Form - PHP MySQL Ligin System | W3Epic.com</title>
</head>
<body>
<h1>User Login Form - PHP MySQL Ligin System | W3Epic.com</h1>
<?php
if (!isset($_POST['submit'])){
?>
<!-- The HTML login form -->
    <form action="<?=$_SERVER['PHP_SELF']?>" method="post">
        Username: <input type="text" name="username" /><br />
        Password: <input type="password" name="password" /><br />

        <input type="submit" name="submit" value="Login" />
    </form>
<?php
} else {
    require_once("db-const.php");
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
    # check connection
    if ($mysqli->connect_errno) {
        echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
        exit();
    }

    $username = $_POST['username'];
    $password = $_POST['password'];

    $sql = "SELECT * from clients WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1";
    $result = $mysqli->query($sql);
    if (!$result->num_rows == 1) {
        echo "<p>Invalid username/password combination</p>";
    } else {
        echo "<p>Logged in successfully</p>";
        // do stuffs
    }
}
?>      
</body>
</html>

它有效,我可以登录。

但是,如果用户在数据库中找到匹配项,我想将用户重定向到另一个页面

我的想法是做一些事情:

if (!$result->num_rows == 1) {
    echo "<p>Invalid username/password combination</p>";
    header( 'Location: http://www.galactek.com/support/offmaint.html' );
} else {
    echo "<p>Logged in successfully</p>";
    // do stuffs
    header("Location:output.php");
}

然而,这会产生错误:

  

警告:无法修改标题信息 - 已在第38行的/home4/galactek/public_html/test/login.php中发送的标题(在/home4/galactek/public_html/test/login.php:7中开始输出)< / p>

如何成功重定向用户?

1 个答案:

答案 0 :(得分:0)

您需要在页面顶部进行密码检查。如果已经将任何内容写入输出(例如PHP之前的HTML和head标记),则不允许更改标题。此外,查找参数化的SQL查询,因为这将有助于防止您当前易受攻击的SQL注入

<?php
    header("Location: " . my_url);

<?php
$failed = false;
if (isset($_POST["username"]) && isset($_POST["password"])) {
    require_once("db-const.php");
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

    # check connection
    if ($mysqli->connect_errno) {
        echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
        exit();
    }

    $username = $_POST['username'];
    $password = $_POST['password'];

    $sql    = "SELECT * from clients WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1";
    $result = $mysqli->query($sql);

    if ($result->num_rows == 1) {
        //redirect the user to their account page since they logged in!
        header("Location: http://example.com/youraccount");
    } else {
        $failed = true;
    }
}
?>
<html>
<head>
<title>User Login Form - PHP MySQL Ligin System | W3Epic.com</title>
</head>
<body>
<h1>User Login Form - PHP MySQL Ligin System | W3Epic.com</h1>
<!-- The HTML login form -->
    <form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
        Username: <input type="text" name="username" /><br />
        Password: <input type="password" name="password" /><br />

        <input type="submit" name="submit" value="Login" />
    </form>
<?php

if ($failed) {
    echo "<p>Invalid username/password combination</p>";
}
?>
相关问题
最新问题