几天坚持一个简单的'登录/注销PHP脚本

时间:2016-08-01 16:36:17

标签: php session login

我有一个非常简单的登录/注销脚本,适用于这个小小的私人' niche'网站所以它不需要很多安全性。

session_start();

// Array with users and passwords
$lgns = array(
'firstuser' => '5d0a158df212de401a9509a88a8d9f96b060f6c5',
'seconduser' => 'f8a913721596fffbf18a4777e6f163316154e6e5',
'thirduser' => 'f8a913721596fffbf18a4777e6f163316154e6e5',
);

$user = isset($_POST['username']) ? $_POST['username'] : '';
$passu = isset($_POST['password']) ? $_POST['password'] : '';
$pass = sha1($passu);

// Check if credentials are valid
// If not...
if( !isset($lgns[$user]) or $lgns[$user] != $pass )
{
    // Check if session is valid
    // If not...
    if ( !(isset($_SESSION['user']) && $_SESSION['user'] != '') )
    {
        echo "Wrong creds, no session; redirecting...";
    }
    else
   {
        // If credentials are not valid but there IS session
        echo "Wrong creds, but there IS session, so stay.";
   }

}
// If credentials are valid, set session.
else
{
   echo "Correct credentials";
    $sessionUser = $_POST['username'];
    $_SESSION["user"] = $sessionUser;
}

这是一个单独的php文件中的注销脚本:

session_start();

unset( $_SESSION["user"] );
session_destroy(); 
header("Location: ../index.php");

问题是:无论我尝试什么,我都会得到错误的信用,但是有会话,所以留下来。"信息。我不知道我是否没有正确检查会话,或者我是否没有正确关闭会话。

我几天来一直在寻找和挣扎,我开始感到愚蠢。我之前做过这项工作!所以我不得不问。提前谢谢。

1 个答案:

答案 0 :(得分:0)

请看下面给出的以下代码,希望对您有帮助!! 

<html>
    <head>
    </head>
        <title>Quiz</title>
            <body>
                <center>Log In Page</center>
                <form action="" method='POST'>
                Email ID : -<input name="email" type="text"><br/><br/>
                Password : -&nbsp; <input name="password" type="text"><br/>
                <input type='submit' value="Log In" name="login">
                </form>
<?php
    $con = mysqli_connect("localhost","root","","Database_name");
    if(isset($_POST['login'])){
    $login=mysqli_real_escape_string($con,$_POST['email']);
    $pass=mysqli_real_escape_string($con,$_POST['password']);
    $conv_md_pass=md5($pass);
    echo "$conv_md_pass";
    $select_user="SELECT * FROM mst_user where email='".$login."' AND pass='".$conv_md_pass."'";
    $run_user=mysqli_query($con,$select_user);
    $check_user=mysqli_num_rows($run_user);
    echo "/$check_user";
    if($check_user>0)
    {
        echo "Successfully logged in";



    }
    else
    {
        echo "Wrong username and password";
    }

}

?>
</body>
</html>
  

SignOut 

<?php
session_start();
session_destroy();
header("Location: login.php");
?>
相关问题
最新问题