页面不会重定向到索引与正确的用户名和密码

时间:2016-01-28 21:45:22

标签: php mysql session redirect

我有许多用户可以使用网站的安全部分,现在我专注于使其能够登录和注销。我无法将此页面重定向到原始页面。当我第一次去index.php时,它会像它应该重定向到Login.php。但是当我在页面中输入正确的用户名和密码并提交它时,它只是重定向回login.php。但是它没有将$ _SESSION [“correct”]的参数设置为false,就像它应该重定向回login.php一样,而是将它设置为TRUE。在输入正确的用户名或密码之前,甚至不应设置$ _SESSION [“correct”]。这完全在我的verify.php中工作。我正在回应“已记录”和“正确”会话数据的值,以验证它们是否已设置以及它们的值是什么。

的login.php

<div class="panel panel-default">
    <div class="panel-heading">
        <h3>Administration Login</h3>
    </div>
    <form action="verify.php" method="post">
        <div class="panel-body">
            <div class="col-lg-12 col-md-12 col-sm-12 col-xs-12">
                <?php
                    echo $_SESSION['logged'] . '<br>';
                    echo $_SESSION['correct'] . '<br>';
                ?>
                <input class="form-control" type="text" placeholder="Username" name="username" id="username" required autofocus>
            </div>
            <div class="col-lg-12 col-md-12 col-sm-12 col-xs-12">
                <input class="form-control" type="password" placeholder="Password" name="password" id="password" required>
            </div>
            <div class="col-lg-6 col-md-6 col-sm-6 col-xs-12">
                <button type="submit" class="btn btn-success btn-block">Login</button>
            </div>
            <div class="col-lg-6 col-md-6 col-sm-6 col-xs-12">
                <button type="reset" class="btn btn-danger btn-block">Clear</button>
            </div>
        </div>
    </form>
</div>

VERIFY.PHP

<?php
    session_start();
    require ("../_php/connectInfo.php");

    $username = mysqli_real_escape_string($conn, $_POST['username']);
    $password = mysqli_real_escape_string($conn, $_POST['password']);
    $query = "SELECT id, username, password FROM info";
    $result = $conn->query($query);
    if ($result->num_rows > 0) {
        while ($row = $result->fetch_assoc()) {
            if ($row['password'] == $password && $row['username'] == $username) {

                $_SESSION["logged"] = TRUE;
                $_SESSION["correct"] = TRUE;
                header("location: index.php");
                exit;
            }
        }
        $_SESSION["correct"] = FALSE;
        header("location: login.php");  
    } else {
        header("location: login.php");  
    }
?>

1 个答案:

答案 0 :(得分:1)

您必须使用die();exit;代替break;

(...)
while ($row = $result->fetch_assoc()) {
    if ($row['password'] == $password) {

        $_SESSION["logged"] = TRUE;
        $_SESSION["correct"] = TRUE;
        header("location: index.php");
        break;                            #  -----
    }                                     #      |
}                                         #      |
$_SESSION["CORRECT"] = FALSE;             #  <----
header("location: login.php");  
(...)

当您中断while循环时,您将$_SESSION['CORRECT']定义为False并将用户发送到登录页面,无论如何。