我有脚本login.php,它在使用真实的用户名和密码登录时有效,但是当它以错误的用户名和密码登录时,它会重定向到空白页面,当它应该重定向回index.php 在这里我的脚本,可能是某些人可以帮助我,我的脚本有什么问题。 谢谢。
<?php
session_start();
include 'dbconfig.php';
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$username = stripslashes ($username);
$password = stripslashes ($password);
$query = mysql_query("SELECT username, namalengkap, nik, level FROM users WHERE username= '$username' and password='$password'");
while($row = mysql_fetch_array($query)) {
$level= $row['level'];
$user = $row['namalengkap'];
$nik = $row['nik'];
if ($level == 'admin')
{
$_SESSION['level'] = $level;
$_SESSION ['user']= $user;
$_SESSION ['nik'] = $nik;
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=homeadmin.php">';
exit;
}
elseif ($level == 'pengguna')
{
$_SESSION['level'] = $level;
$_SESSION ['user'] = $user;
$_SESSION ['nik'] = $nik;
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=home.php">';
exit;
}
else {
header("location:index.php");
}
}
?>
答案 0 :(得分:1)
不要使用mysql_query它已被折旧 不要使用while循环
<?php
session_start();
include 'dbconfig.php';
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$username = stripslashes ($username);
$password = stripslashes ($password);
$query = mysql_query("SELECT username, namalengkap, nik, level FROM users WHERE username= '$username' and password='$password'");
$row = mysql_fetch_array($query);
$level= $row['level'];
$user = $row['namalengkap'];
$nik = $row['nik'];
if ($level == 'admin')
{
$_SESSION['level'] = $level;
$_SESSION ['user']= $user;
$_SESSION ['nik'] = $nik;
header('Location:homeadmin.php');
exit;
}
elseif ($level == 'pengguna')
{
$_SESSION['level'] = $level;
$_SESSION ['user'] = $user;
$_SESSION ['nik'] = $nik;
header('Location:home.php');
exit;
}
else {
header("location:index.php");
}
?>