管理页面的会话中的可变错误

时间:2016-02-05 17:23:14

标签: php

我正在为网站创建登录信息。我可以让下面的代码工作:它让我登录!然而,我无法开始工作:人们仍然可以通过URL访问我的页面。

登录PHP:

<?php
    //calling connection to database
    include "connection.php";
    //if user posts for called login
    if(isset($_POST['login'])){
        //declaring variables for user input and using escape string to protect php scripts
        $user = mysqli_real_escape_string($dbconn,$_POST['user']);
        $pass = mysqli_real_escape_string($dbconn,$_POST['pass']);
        //select from users table where user input matches un and pw
        $sel_user = "SELECT * from users where un='$user' AND pw='$pass'";
        //put content held in sel_user into variable run_user
        $run_user = mysqli_query($dbconn, $sel_user);
        //use run_user counting rows and save in check_user
        $check_user = mysqli_num_rows($run_user);
        //if content row numbers greater than 0 
        if($check_user>0){
            //session where un is equal to user input stored in $user
            $_SESSION['username']=$user;
            //display admin main page
            header('Location: ../adminmain.php');
        }
        else {
            //display log in error page
            header('Location: ../loginerror.php');
        }
    }
    //close database connection
    mysqli_close($dbconn);
?>

启动会话代码,其中显示未定义的变量:

<?php
    include"includes/loginrequiredb.php";
    if($_SESSION['username'] !=$user){
        session_destroy();
        header("Location: view.php");
        die();
    }else 
    {
        echo "welcome to the site you have logged in" . $_SESSION['username'];
    }
?>

2 个答案:

答案 0 :(得分:1)

如果不启动会话,则无法从$_SESSION获取值。

您只需要在两个文件中启动会话:

session_start();

请注意,您只需在欢迎文件中的两个文件中start_session()

旁注

我建议您还使用isset()检查值集。

答案 1 :(得分:0)

使用session_start启动会话,并在 adminmain.php 页面中添加会话验证文件。

UISearchController
相关问题
最新问题