我将从易受攻击的SQL代码转变为安全的代码,我正在尝试将我的登录信息更新为:
$(e.target).parents('.container').attr('data-user-id');
当我启动登录页面时,我收到了这条消息:
此网页有重定向循环 任何帮助表示赞赏。
修改 主页代码:
if(isset($_POST['login'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($username != '' && $password!=''){
session_start();
$sql = "SELECT * FROM login WHERE username=? and password =?";
$stmt = $con->prepare($sql);
$stmt=bind_param("ss", $username, $password);
$stmt->execute();
$stmt->store_result();
$num->$stmt->num_rows;
$stmt->close();
if($num>0){
$_SESSION["username"] = $username;
header("Location:homepage.php");
die();
} else {
$message = "Invalid Username or Password!";
}
}
}
编辑2
global.php文件:
<?php
require_once ('/include/global.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Clinic Form</title>
<link href="css/1140.css" rel="stylesheet" type="text/css" />
<link href="css/style.css" rel="stylesheet" type="text/css" />
<link href="http://fonts.googleapis.com/css?family=Source+Sans+Pro:300" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="container12">
<header>
<div class="row" align="center">
<div class="column12"> <a href="homepage.php"><img src="images/logo.png"/></a> </div>
</div>
<div class="row" align="center">
<div class="row" align="center"><a href="logout.php">Logout</a></div>
</div>
</header>
<h1 id="home" align="center"> </h1>
<div class="alert"></div>
<div class="column12" align="center">
<div class="row"><a href="patients.php">
<input type="image" value="Patient" src="images/patient.png" width="widthInPixels" height="heightInPixels" onmouseover="this.src='images/patient_roll.png';" onmouseout="this.src='images/patient.png';">
</a> </div>
<div class="row"><a href="/clinic form/appoint/appoint.php">
<input type="image" value="Appointments" src="images/appointments.png" width="widthInPixels" height="heightInPixels" onmouseover="this.src='images/appointments_roll.png';" onmouseout="this.src='images/appointments.png';">
</a> </div>
<div class="row"><a href="/clinic form/med/med.php">
<input type="image" value="Medicaments" src="images/med.png" width="widthInPixels" height="heightInPixels" onmouseover="this.src='images/med_roll.png';" onmouseout="this.src='images/med.png';">
</a> </div>
<div class="row"><a href="">
<input type="image" value="Statistics" src="images/stat.png" width="widthInPixels" height="heightInPixels" onmouseover="this.src='images/stat_roll.png';" onmouseout="this.src='images/stat.png';">
</a> </div>
</div>
</div>
</body>
</html>
编辑3
整个index.php代码:
<?php
session_start();
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name
//if(!session_is_registered(myusername)){
//header("location:index.html");
if(isset($_SESSION['username'])) {
echo "Page seen only by " . $_SESSION['username']."<br>";
$con=mysqli_connect($host,$username,$password,$db_name);
}
else{
session_destroy();
header("location:index.php");
}
?>
答案 0 :(得分:1)
如果您对标题更具体,可能会对您有所帮助。当我开始时,我发现了这个代码的平静并且从那以后一直使用它。
$hostname = $_SERVER["HTTP_HOST"];
$path = dirname($_SERVER["PHP_SELF"]);
header("Location: https://".$hostname.($path == "/" ? "" : $path)."/homepage.php");
die();
但我有另一个问题,你在哪里设置会话变量$ _SESSION [&#34;用户名&#34;]?
修改
好的,您的代码执行此操作:
你打电话给homepage.php,其中包括global.php。由于尚未设置会话变量,global.php跳转到此部分
else
{
session_destroy();
header("location:index.php");
}
在这里您重定向到index.php。在index.php中,您再次包含global.php,此时您的循环就开始了。所以你的global.php会把你发送到index.php,全局会把你发送到index.php,依此类推。
在途中只是在index.php的最开头删除global.php的include。
此外,您需要致电
$stmt->bind_param("ss", $username, $password);
而不是
$stmt=bind_param("ss", $username, $password);
答案 1 :(得分:0)
请在位置后添加标题功能中的空格:。
header("Location: homepage.php");