我有登录的流程页面,我可以连接到数据库,也可以检查用户名和密码。
但在那之后,我无法在登录成功后显示索引页面。这是我的代码:
$dbc=mysql_connect(_SRV,_ACCID,_PWD) or die(_ERROR15.": ".mysql_error());
$db=mysql_select_db("qdbase",$dbc) or die(_ERROR17.": ".mysql_error());
switch(postVar('action')) {
case 'submitlogin' :
submitlogin(postVar('loguser'),postVar('logpass'));
break;
}
function submitlogin($loguser,$logpass){
if(isset($loguser, $logpass)) {
ob_start();
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($loguser);
$mypassword = stripslashes($logpass);
$myusername = mysql_real_escape_string($myusername,$dbc);
$mypassword = mysql_real_escape_string($mypassword, $dbc);
$sql="SELECT * FROM admin WHERE user='$myusername' AND password=('$mypassword')";
$result=mysql_query($sql, $dbc);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "admin.php"
session_register("admin");
session_register("password");
$_SESSION['name']= $myusername;
header("location:index1.php");
}
else {
$msg = "Wrong Username or Password. Please retry";
header("location:login.php?msg=$msg");
}
// ob_end_flush();
}
else {
header("location:login.php?msg=Please enter some username and password");
}
mysql_close($dbc);
ob_end_flush();
}
我在index1.php的这一部分感到困惑:
<?php
session_start(); //Start the session
define(ADMIN,$_SESSION['name']); //Get the user name from the previously registered super global variable
if(!session_is_registered("admin")){ //If session not registered
header("location:login.php"); // Redirect to login.php page
}
else //Continue to current page
header( 'Content-Type: text/html; charset=utf-8' );
?>
这部分来自login.php,因为我认为它们是不同步的:
if(mysql_num_rows($result) > 0)
{
session_register("admin");
session_register("password");
$_SESSION['name']= $myusername;
header("location:index1.php");
}
我只有用户和密码,admin来自哪里?从这个bcoz我得到:
PHP Notice: Use of undefined constant ADMIN - assumed 'ADMIN' in /var/www/html/index1.php on line 12
答案 0 :(得分:2)
你弄乱了真正的逃脱。
$myusername = mysql_real_escape_string($dbc, $myusername);
$mypassword = mysql_real_escape_string($dbc, $mypassword);
应该是
$myusername = mysql_real_escape_string($myusername, $dbc);
$mypassword = mysql_real_escape_string($mypassword, $dbc);
继承文件块:
string mysql_real_escape_string ( string $unescaped_string [, resource $link_identifier ] )
@source:http://php.net/manual/en/function.mysql-real-escape-string.php
和
$result=mysql_query($dbc, $sql);
应该
$result = mysql_query($sql, $dbc);
更新#1
没有希望这会有用,只是扔了你的代码并清理它,删除了一些东西并添加了一些东西:
if(false === ($dbc = mysql_connect(_SRV,_ACCID,_PWD) die(_ERROR15.": ".mysql_error());
if(false === mysql_select_db("qdbase",$dbc)) die(_ERROR17.": ".mysql_error());
switch(postVar('action'))
{
case 'submitlogin':
submitlogin(postVar('loguser'),postVar('logpass'));
mysql_close($dbc);
exit; //Flushing the headers
break;
}
function submitlogin($loguser,$logpass)
{
if(isset($loguser, $logpass))
{
$myusername = mysql_real_escape_string(stripslashes($loguser));
$mypassword = mysql_real_escape_string(stripslashes($logpass));
$sql = sprintf("SELECT * FROM admin WHERE user='%s' AND password=('%s')",$myusername,$mypassword);
if(false === ($result = mysql_query($sql))
{
//Show Database query error and die()
}
// If result matched $myusername and $mypassword, table row must be 1 row
if(mysql_num_rows($result) > 0)
{
session_register("admin");
session_register("password");
$_SESSION['name']= $myusername;
header("location:index1.php");
}else
{
header("location:login.php?msg=" . urlencode("Wrong Username or Password. Please retry"));
}
}else{
header("location:login.php?msg=" . urlencode("Please enter some username and password"));
}
}
答案 1 :(得分:0)
在header()调用之前,您是否检查过您的程序是否有任何输出?如果你的程序发送了一些输出(甚至是一个空格),那么标题调用将不起作用。