这是登录PHP代码
<?php
session_start();
if( isset($_SESSION['user_id']) ){
header("Location: index.php");
}
require 'database.php';
if(!empty($_POST['username']) && !empty($_POST['password'])):
$records = $conn->prepare('SELECT id,user,password FROM users WHERE user = :user');
$records->bindParam(':user', $_POST['username']);
$records->execute();
$results = $records->fetch(PDO::FETCH_ASSOC);
$message = '';
if(count($results) > 0 && md5($_POST['password'], $results['password']) ){
$_SESSION['user_id'] = $results['id'];
header("Location: index.php");
} else {
$message = 'Sorry, something went wrong';
}
?>
这是应该保护我的页面
<?php
session_start();
if(!isset($_SESSION['user_id']) || $_SESSION['user_id']!=1){
header('Location: login.php');
}
?>
即使我登录,它也会将我重定向到我的login.php。 我错过了什么?