Question

我是php的新手所以我面临很多困难我想创建我的登录页面，用户登录并转移到祝贺页面........但由于我的会话错误检测，任何人都可以访问没有任何登录表格的祝贺页.......我不知道的问题是什么.....

这是我的 login.php 文件

addObject: //If is array it would be O(N)
insertObjectAtIndex: //Same here

这是我的 congratulation.php 文件

<?php
session_start(); 
$username = '';
$password = '';
$userError = ''; 
$passError = '';
if(isset($_POST['submit'])){
  $username = $_POST['username']; 
  $password = $_POST['password'];

  if($username === '9155499248' && $password === 'Ben 10'){

    $_SESSION['login'] = true; 
     header('LOCATION:congratulation.php');  
      die();
  }

  if($username !== '9155499248')
     $userError = 'Invalid Username';

   if($password !== 'Ben 10')
    $passError = 'Invalid Password';
}
echo "<!DOCTYPE html>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
   <head>
     <meta http-equiv='content-type' content='text/html;charset=utf-8' />
      <meta http-equiv='X-UA-Compatible' content='IE=edge ,chrome=1'>
      <meta name='viewport' content='width=device-width'>   
     <title>Login</title>
     <link rel='stylesheet' href='css/normalize.css'>
     <link rel='stylesheet' href='css/style.css'/>
     <script src='js/prefixfree.min.js'></script>
     </head>
 <body>
    <div class='login'>
<h1><b>Login</b></h1>
     <form name='input' action='".$_SERVER['PHP_SELF']."' method='post'>
    <label for='username'></label><input type='text' value='".$username."' id='username' name='username' />
    <div class='error'>".$userError."</div>
    <label for='password'></label><input type='password' value='".$password."' id='password' name='password' />
    <div class='error'>".$passError."</div>
    <button type='submit' class='btn btn-primary btn-block btn-large' name='submit' value='1'>Let me in.</button>
  </form>
  </div>
        <script src='js/index.js'></script> 

  </body>
</html>";

Answer 1

您还没有确定$ username是$ _SESSION [＆＃39; login＆＃39;]。所以你可以这样做。

php

Olso你可以试试这个

//on login.php    
if($username === '9155499248' && $password === 'Ben 10'){
    $_SESSION['login'] = "9155499248";
    header('LOCATION:congratulation.php'); 
    die();
}
//on congratulation.php
if($_SESSION['login'] != "9155499248"){
    header('Location: login.php')
}

创建会话后，您可以通过

检查用户是否为9155499248

//on login.php  
$_SESSION['username'] = $username;

//on congratulation.php
if(isset($_SESSION['username'])) {
    $username = $_SESSION['username'];
} else {
    header('Location: login.php');
    die();
}

无需检查congratulation.php上的密码，因为您在登录login.php时创建了会话。如果用户是＆＃34; X＆＃34;他不会参加会议＆＃34; Y＆＃34;但会议＆＃34; X＆＃34;。检查用户名密码

后创建会话

Answer 2

实际上你并没有在congratulation.php中检查布尔值true或false。

在login.php中，您将$ _SESSION [＆＃39; login＆＃39;]设置为true

所以你应该使用

<?php
       session_start();
       // STEP 2. Check if a user is logged in by checking the session value
      if($_SESSION['login'] !== true)

          header('Location: login.php')
      }
  ?>

而不是

<?php
     session_start();
     // STEP 2. Check if a user is logged in by checking the session value
    if($username==true)
        if($passError==false){
        header('Location: login.php')
    }
?>

会话未验证用户是否登录

2 个答案: