我创建了一个代码位于
之下的登录表单if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['formid'] == 'Form1')
{
$mysql_server = 'localhost';
$mysql_username = 'root';
$mysql_password = '';
$mysql_database = 'register';
mysql_table = 'users';
$db = mysqli_connect($mysql_server, $mysql_username, $mysql_password,$mysql_database);
if (!$db)
{
die('Failed to connect to database server!<br>'.mysqli_connect_error());
}
mysqli_select_db($db,$mysql_database) or die('Failed to select database<br>'.mysqli_connect_error());
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1)
{
session_start();
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("location: home1.php");
exit;
}else {
echo "Invalid credentials";
header('Location: home.php');
exit;
}
}
这个问题的根本原因是我无法登录。它只是重定向到登录页面。它也没有向我显示任何错误。 登录表单的代码是
<form name="loginform" method="post" action="<?php echo basename(__FILE__); ?>" enctype="multipart/form-data" id="Form1">
<input type="hidden" name="formid" value="form1">
<div id="wb_Text14" style="position:absolute;left:44px;top:13px;width:412px;height:38px;z- index:0;text-align:left;">
<span style="color:#000080;font-family:'Comic Sans MS';font-size:27px;"> <strong> LOGIN </strong></span></div>
<div id="wb_Text15" style="position:absolute;left:29px;top:75px;width:122px;height:27px;z- index:1;text-align:left;">
<span style="color:#000080;font-family:'Comic Sans MS';font-size:19px;"><strong> USERNAME</strong></span></div>
<input type="text" id="Editbox6" style="position:absolute;left:187px;top:75px;width:267px;height:28px;line- height:28px;z-index:2;" name="username" value="">
<div id="wb_Text16" style="position:absolute;left:34px;top:129px;width:125px;height:27px;z- index:3;text-align:left;">
<span style="color:#000080;font-family:'Comic Sans MS';font-size:19px;"><strong>PASSWORD</strong></span></div>
<input type="password" id="Editbox7" style="position:absolute;left:187px;top:129px;width:267px;height:28px;line- height:28px;z-index:4;" name="password" value="">
<input type="submit" id="Button1" name="" value="Submit" style="position:absolute;left:142px;top:223px;width:195px;height:52px;z-index:5;">
</form>
请帮忙。我熟悉PHP。
答案 0 :(得分:0)
您正在标头之前输出,然后标头已经发送。你的标题应该在其他一切之前。还要确保在登录代码之前没有HTML。并尝试使用$ _SESSION。并且您的代码对SQL注入开放。 在http://php.net/manual/en/function.header.php上阅读有关标题,$ _SESSION和SQL注入的内容。 http://php.net/manual/en/security.database.sql-injection.php http://php.net/manual/en/reserved.variables.session.php
我在下面提供了代码。根据您的需要进行修改。
<?php
// Define the core paths
// Define them as absolute paths to make sure that require_once works as expected
// DIRECTORY_SEPARATOR is a PHP pre-defined constant
// (\ for Windows, / for Unix)
defined('DS') ? null : define('DS', DIRECTORY_SEPARATOR);
defined('SITE_ROOT') ? null : define('SITE_ROOT', DS.'xampp'.DS.'htdocs'.DS.'yourepage');
defined('LIB_PATH') ? null : define('LIB_PATH', SITE_ROOT.DS.'includes');
// load config file first
require_once(LIB_PATH.DS.'config.php');
// load core objects
require_once(LIB_PATH.DS.'session.php');
require_once(LIB_PATH.DS.'database.php');
&GT;
<?php
require_once("../includes/initialize.php");
if($session->is_logged_in()) {
redirect_to("index.php");
}
// Remember to give your form's submit tag a name="submit" attribute!
if (isset($_POST['submit'])) { // Form has been submitted.
$username = trim($_POST['username']);
$password = trim($_POST['password']);
// Check database to see if username/password exist.
$found_user = User::authenticate($username, $password);
if ($found_user) {
$session->login($found_user);
log_action('Login', "{$found_user->username} logged in");
redirect_to("index.php");
} else {
// username/password combo was not found in the database
$message = "Username/password combination incorrect.";
}
} else { // Form has not been submitted.
$username = "";
$password = "";
}
?>
<?php
// A class to help work with Sessions
// In our case, primarily to manage logging users in and out
// Keep in mind when working with sessions that it is generally
// inadvisable to store DB-related objects in sessions
class Session {
private $logged_in=false;
public $user_id;
public $message;
function __construct() {
session_start();
$this->check_message();
$this->check_login();
if($this->logged_in) {
// actions to take right away if user is logged in
} else {
// actions to take right away if user is not logged in
}
}
public function is_logged_in() {
return $this->logged_in;
}
public function login($user) {
// database should find user based on username/password
if($user){
$this->user_id = $_SESSION['user_id'] = $user->id;
$this->logged_in = true;
}
}
public function logout() {
unset($_SESSION['user_id']);
unset($this->user_id);
$this->logged_in = false;
}
public function message($msg="") {
if(!empty($msg)) {
// then this is "set message"
// make sure you understand why $this->message=$msg would'nt work
$_SESSION['message'] = $msg;
} else {
// then this is "get message"
return $this->message;
}
}
private function check_login() {
if(isset($_SESSION['user_id'])) {
$this->user_id = $_SESSION['user_id'];
$this->logged_in = true;
} else {
unset($this->user_id);
$this->logged_in = false;
}
}
private function check_message() {
// Is there a message stored in the session?
if(isset($_SESSION['message'])) {
// Add it as an attribute and erase the stored version
$this->message = $_SESSION['message'];
unset($_SESSION['message']);
} else {
$this->message = "";
}
}
}
$session = new Session();
$message = $session->message();