我有许多用户可以使用网站的安全部分,现在我专注于使其能够登录和注销。我无法将此页面重定向到原始页面。当我第一次去index.php时,它会像它应该重定向到Login.php。但是当我在页面中输入正确的用户名和密码并提交它时,它只是重定向回login.php。但是它没有将$ _SESSION [“correct”]的参数设置为false,就像它应该重定向回login.php一样,而是将它设置为TRUE。在输入正确的用户名或密码之前,甚至不应设置$ _SESSION [“correct”]。这完全在我的verify.php中工作。我正在回应“已记录”和“正确”会话数据的值,以验证它们是否已设置以及它们的值是什么。
的login.php
<div class="panel panel-default">
<div class="panel-heading">
<h3>Administration Login</h3>
</div>
<form action="verify.php" method="post">
<div class="panel-body">
<div class="col-lg-12 col-md-12 col-sm-12 col-xs-12">
<?php
echo $_SESSION['logged'] . '<br>';
echo $_SESSION['correct'] . '<br>';
?>
<input class="form-control" type="text" placeholder="Username" name="username" id="username" required autofocus>
</div>
<div class="col-lg-12 col-md-12 col-sm-12 col-xs-12">
<input class="form-control" type="password" placeholder="Password" name="password" id="password" required>
</div>
<div class="col-lg-6 col-md-6 col-sm-6 col-xs-12">
<button type="submit" class="btn btn-success btn-block">Login</button>
</div>
<div class="col-lg-6 col-md-6 col-sm-6 col-xs-12">
<button type="reset" class="btn btn-danger btn-block">Clear</button>
</div>
</div>
</form>
</div>
VERIFY.PHP
<?php
session_start();
require ("../_php/connectInfo.php");
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$query = "SELECT id, username, password FROM info";
$result = $conn->query($query);
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
if ($row['password'] == $password && $row['username'] == $username) {
$_SESSION["logged"] = TRUE;
$_SESSION["correct"] = TRUE;
header("location: index.php");
exit;
}
}
$_SESSION["correct"] = FALSE;
header("location: login.php");
} else {
header("location: login.php");
}
?>
答案 0 :(得分:1)
您必须使用die();
或exit;
代替break;
:
(...)
while ($row = $result->fetch_assoc()) {
if ($row['password'] == $password) {
$_SESSION["logged"] = TRUE;
$_SESSION["correct"] = TRUE;
header("location: index.php");
break; # -----
} # |
} # |
$_SESSION["CORRECT"] = FALSE; # <----
header("location: login.php");
(...)
当您中断while
循环时,您将$_SESSION['CORRECT']
定义为False
并将用户发送到登录页面,无论如何。