无法正确验证用户身份

时间:2015-08-05 08:47:54

标签: php authentication mysqli

我正在创建一个仅允许用户在登录时访问的管理页面。当用户尝试直接访问该页面时,他将被重定向到登录页面,并显示“请登录!”。然而,这很有效,出现了一个奇怪的问题。

管理页面有两个功能“编辑类别”和“删除类别”。

当我尝试删除删除页面上的类别时,我会回到“请登录!”的登录页面。即使我已经登录。但是,编辑类别工作正常。

以下是登录,编辑和删除页面的代码。

登录页面:

<form method="post" action="login.php">
        <input type="text" name="email" placeholder="Email" required="required" />
        <input type="password" name="password" placeholder="Password" required="required" />
        <input type="submit" class="btn btn-primary btn-block btn-large" name="login"/>
    </form>
</div>
            <script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>

</body>
</html>


<?php 
include("includes/db.php");

if(isset($_POST['login']))
{
    $email = mysqli_real_escape_string($con,$_POST['email']);

    $pass = mysqli_real_escape_string($con,$_POST['password']);

    $query = "select * from admins where user_email='$email' AND user_pass='$pass' ";
    $popo = mysqli_query($con,$query);
    $check = mysqli_num_rows($popo);
                if($check == 0)
                {
                    echo "<script> alert('Password or Email is wrong,try again!')</script>";

                }
                else 
                {
                    $_SESSION['user_email']=$email;
                    echo"<script>window.open('index.php?login=Welcome to Admin Area!','_self')</script>";
                }
}
?>

修改类别:

if(!isset($_SESSION['user_email']))
{
    echo "<script>window.open('login.php?not_admin=Please Login!','_self') </script>" ;

}
else
{


if(isset($_GET['edit_cats']))

        {
            $cat_id=$_GET['edit_cats'];
        $query= "select * from categories where cat_id ='$cat_id'";
        $run = mysqli_query($con,$query);

        $fetch = mysqli_fetch_array($run);
        $cat_id = $fetch['cat_id'];
        $cat_title = $fetch['cat_title'];
                }
?>

<form action="" method="post" style="padding:80px;">
<b>Update Category:</b>

<input type="text" name="new_cat" value = "<?php echo $cat_title;?>"/>
<input type="submit" name="update_cat" value="Update Category"/>


</form>

<?php 

if(isset($_POST['update_cat']))
{
$update_id=$cat_id;
$new_cat = $_POST['new_cat'];
$query=   "UPDATE  categories SET cat_title= '$new_cat' WHERE cat_id = '$update_id' ";
$run = mysqli_query($con,$query);

if ($run)
    {
        echo "<script>alert('Updated!')</script>";

        echo "<script>window.open('index.php?view_cats','_self')</script>";
    } // display when product is added
        else{
            echo"Error in updating category"; // display when there is error
        }
}
?>
<?php }?>

删除类别:

<?php
include("includes/db.php");

if(!isset($_SESSION['user_email']))
{
    echo "<script>window.open('login.php?not_admin=Please Login!','_self') </script>" ;

}
else
{


    if(isset($_GET['delete_cat']))

    {
        $del_id = $_GET['delete_cat'];
        $query= "delete from categories where cat_id='$del_id'";        
        $nob=mysqli_query($con,$query);

        if($nob)
        {
            echo "<script>alert('A category has been deleted!') </script>";
            echo "<script>window.open('index.php?view_cats','_self') </script>";

        }
        else 
        {
            echo "Unsuccessful in deleting category!";
        }
    }
}   
    ?>

P.S我是我的session_start();完成登录&amp;包含编辑和删除页面的索引页面

1 个答案:

答案 0 :(得分:0)

开始你的会议

<?php session_start(); ?>