我正在尝试使用php mysqli创建一个注册表和登录页面,提交两个表单用户被重定向到main.php,其中标题菜单有home,inbox等菜单,但是如果用户没有登录访问main.php他们会看到注册和登录菜单。但是我的header.php无法识别会话。登录用户标题菜单后应更改为主页,收件箱等,但登录后仍会显示注册登录菜单。
register.php
<?php include ( "./inc/header.inc.php" ); ?>
<?php
$con = mysqli_connect("localhost","root","","findfriends") or die ("Connection not established");
?>
<?php
if(isset($_POST['reg'])){
session_start();
$fn=strip_tags(@$_POST['fname']);
$ln=strip_tags(@$_POST['lname']);
$un=strip_tags(@$_POST['username']);
$em=strip_tags(@$_POST['email']);
$pswd=strip_tags(@$_POST['password']);
$d= date("Y-m-d");
$sql = $con->query("INSERT INTO users (userid,username,first_name,last_name,email,password,sign_up_date,activated,bio,profile_photo,closed) VALUES ('','{$un}','{$fn}','{$ln}','{$em}','{$pswd}','{$d}','0','What you do?','','no')");
}
?>
<?php
if(isset($_POST['login'])){
$em = preg_replace('#[^A-Za-z0-9]#i', '',$_POST["email"]); // fill everything but numbers and letters
$pswd = preg_replace('#[^A-Za-z0-9]#i', '',$_POST["password"]); // fill everything but numbers and letters
$result = $con->query("SELECT * FROM users WHERE email='$em' AND password='$pswd'");
$row = $result->fetch_array(MYSQLI_BOTH);
session_start();
$_SESSION['userid'] = $row['userid'];
}
?>
<div style="width: 800px; margin: 0px auto 0px auto;">
<table>
<tr>
<td width="60%" valign="top">
<h2>Already a member? Login Below</h2>
<form action="main.php" method="POST">
<input type="text" name="user_login" size="25" placeholder="UserName"/><br><br>
<input type="password" name="password_login" size="30" placeholder="Passsword"/><br><br>
<input type="submit" name="login" value="Login">
</form>
</td>
<td width="40%" valign="top">
<h2>Sign Up!</h2>
<form action="main.php" method="POST">
<input type="text" name="fname" size="25" placeholder="First Name"/>
<input type="text" name="lname" size="25" placeholder="Last Name"/><br><br>
<input type="text" name="username" size="25" placeholder="Username"/><br><br>
<input type="email" name="email" size="25" placeholder="Email"/><br><br>
<input type="password" name="password" size="25" placeholder="Password"/><br><br>
<input type="submit" name="reg" value="Sign Up!">
</form>
</td>
</tr>
</table>
header.php
<?php
$con = mysqli_connect("localhost","root","","findfriends") or die ("Connection not established");
?>
<?php
session_start();
if (isset($_SESSION['userid'])) {
$user = $_SESSION['userid'];
}
else {
$user = "";
}
?>
<!DOCTYPE html>
<html>
<head>
<title>findfriends</title>
<script src="js/main.js" type="text/javascript"></script>
<link rel="stylesheet" type="text/css" href="./css/style.css"/>
</head>
<body>
<div class="headerMenu">
<div id="wrapper">
<div class="logo">
<img src="./img/logo.gif"/>
</div>
<div class="search_box">
<form action="searchresults.php" method="post" name="search">
<table>
<tr>
<td>
<input type="text" name="search" placeholder="Search ..."/>
</td>
<td>
<input type="image" src="./img/search-icon.png" alt="submit" />
</td>
</tr>
</table>
</form>
</div>
<div class="cb">
<a href="create_blog.php">Create a Blog</a>
</div>
<?php
if (isset($_SESSION['userid'])) {
echo '
<ul class="dd">
<li><a href="main.php" >Home</a>
</li>
<li><a href="' . $user . '">Profile</a>
</li>
<li><a href="my_messages.php">Inbox' . $unread_numrows . '</a>
</li>
<li><a href="#">Management</a>
<ul>
<li><a href="account_settings.php">Settings</a>
</li>
<li><a href="logout.php">Logout</a>
</li>
</ul>
</li>
</ul>';
}
else
{
echo '
<ul class="dd">
<li><a href="register.php" >Sign Up</a>
</li>
<li><a href="register.php">Login</a>
</li>
</ul>';
}
?>
</div>
</div>
</body>
</html>
答案 0 :(得分:0)
我在header.php if (isset($_SESSION['userid']))中看到的方式总是错误的。你应该有更好的方法来做到这一点。类似的东西:
由于您有两种情况可以使用/设置会话(或cookie),即
(1)当用户注册/注册时。
(2)当用户登录/登录时。
对于方案(1)。
在查询中INSERTs数据库中的新记录后。使用session或我更喜欢设置cookie来存储用户信息并将他/她重定向到main.php
一个例子:
$reg_query = "INSERT INTO signup(First_Name, Last_Name, Gender)
VALUES('$fname', '$lname', '$gender')";
$reg_run = mysqli_query($con, $reg_query);
$Month = 86400 + time();
setcookie('user', $uname, $Month);
echo "The cookie has been set.";
header("Location:main.php");
对于方案(2)。
成功检查/匹配用户已注册后。设置一个Cookie并将他/她移至main.php
一个例子:
$log_que = "SELECT * FROM login WHERE username = '$user' AND password = '$pass' ";
$log_run = mysqli_query($con, $log_que);
$row = mysql_fetch_array($log_run);
$user_db = $log_row['username'];
$pass_db = $log_row['password'];
if($user == $user_db && $pass == $pass_db)
{
echo "LOGGED IN!";
$Month = 86400 + time();
setcookie('user', $user, $Month);
header("Location:main.php");
}
现在,在您的main.php上,您应该应用支票,如:
<?php
if(isset($_COOKIE['user']))
{
echo '<nav id = "navigation">
<ul>
<li><a href = "welcome.php">Home</a></li>
<li><a href = "index.php">View</a></li>
<li><a href = "myprofile.php">Profile</a></li>
</ul>
</nav>
<div id = "line"></div>';
}
else
{
echo '<nav id = "navigation">
<ul>
<li><a href = "welcome.php">Home</a></li>
<li><a href = "index.php">View</a></li>
<li><a href = "login.php">Login</a></li>
<li><a href = "signup.php">Signup</a></li>
</ul>
</nav>
<div id = "line"></div>';
}
?>
最后但并非最不重要,在你的signout.php上不要忘记为unset设置();他们。一个例子:
<?php
if(isset($_COOKIE['user']))
{
unset($_COOKIE['user']);
setcookie('user', '', time() - 3600, 'login.php');
setcookie('user', '', time() - 3600, 'signup.php');
echo "<script type='text/javascript'>alert('YOU HAVE LOGGED OUT!')</script>";
}
header("refresh:1; url=welcomepage.php");
?>
注意:研究mysqli / PDO以及如何避免SQL Injection / XSS。 如果您正在使用会话。只需用会话替换cookie即可 并在登出页面上正确取消/销毁它们。