我有一个mysql表,可以使用我的php页面上的表单插入和删除数据。这一切都有效。现在我希望用户能够查看index.php(显示表及其所有数据的主页)但是如果他们单击删除或添加它必须要求他们登录,然后再显示add.php或delete.php页面他们。我在下面编写了一个login.php脚本,但我不确定如何在让它们通过之前强制页面检查它。此外,如果用户登录,是否会将他带到他点击的页面或只返回index.php
编辑根据要求更新了代码
的login.php
<?php
if (isset($_SESSION['SESS_MEMBER_ID']) && !empty($_SESSION['SESS_MEMBER_ID'])) {
header("location:add.php"); // if user is logged in don't show the form take them were they need to be
} else {
?>
<?php
//Start session
session_start();
//Unset the variables stored in session
unset($_SESSION['SESS_MEMBER_ID']);
unset($_SESSION['SESS_FIRST_NAME']);
unset($_SESSION['SESS_LAST_NAME']);
?>
<form name="loginform" action="login_exec.php" method="post">
<table width="309" border="0" align="center" cellpadding="2" cellspacing="5">
<tr>
<td colspan="2">
<!--the code bellow is used to display the message of the input validation-->
<?php
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>';
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}
?>
</td>
</tr>
<tr>
<td width="116"><div align="right">Username</div></td>
<td width="177"><input name="username" type="text" /></td>
</tr>
<tr>
<td><div align="right">Password</div></td>
<td><input name="password" type="text" /></td>
</tr>
<tr>
<td><div align="right"></div></td>
<td><input name="" type="submit" value="login" /></td>
</tr>
</table>
</form>
<?php
}
?>
Login_exec.php
<?php
//Start session
session_start();
//Include database connection details
require_once('connection.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$username = clean($_POST['username']);
$password = clean($_POST['password']);
//Input Validations
if($username == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login.php");
exit();
}
//Create query
$qry="SELECT * FROM member WHERE username='$username' AND password='$password'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) > 0) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['mem_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['username'];
$_SESSION['SESS_LAST_NAME'] = $member['password'];
session_write_close();
header("location: index.php");
exit();
}else {
//Login failed
$errmsg_arr[] = 'user name and password not found';
$errflag = true;
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login.php");
exit();
}
}
}else {
die("Query failed");
}
?>
的index.php
<center>
<html>
<head>
<title>Extension List</title></head><body>
<?php
$db_host = 'localhost';
$db_user = 'root';
$db_pwd = '****';
$database = 'list';
$table = 'users';
if (!mysql_connect($db_host, $db_user, $db_pwd))
die("Can't connect to database");
if (!mysql_select_db($database))
die("Can't select database");
// sending query
$result = mysql_query("SELECT * FROM {$table}");
if (!$result) {
die("Query to show fields from table failed");
}
$fields_num = mysql_num_fields($result);
echo "<table border='1'><tr>";
// printing table headers
for($i=0; $i<$fields_num; $i++)
{
$field = mysql_fetch_field($result);
echo "<td>{$field->name}</td>";
}
echo "</tr>\n";
// printing table rows
while($row = mysql_fetch_row($result))
{
echo "<tr>";
// $row is array... foreach( .. ) puts every element
// of $row to $cell variable
foreach($row as $cell)
echo "<td>$cell</td>";
echo "</tr>\n";
}
mysql_free_result($result);
?>
<br>
<h1> Alpine Motors Extension List</h1>
<h2><a href="add.php">Add Extension</a>
<br>
<br>
<a href="delete.php"> Delete Extension</a></h2>
<br> <br>
</h3>
</body>
</html>
</center>
<?php
}
?>
delete.php
<?php
要求(&#34; database.php&#34;);
?&GT;
<?php
$this_Stud_ID =$_REQUEST['id'];
// sending query
mysql_query("DELETE FROM users WHERE id = '$this_Stud_ID'")
or die(mysql_error());
if($_POST['action'])
header("Location: index.php");
?>
<center><form action="<?php echo $_SERVER['php_self'] ?>" method="post">
Enter ID Number :<br><input type="text" name="id"><br />
<br><input type="submit" name="action" value="Delete!">
<br> <br>
<h3>
<a href="index.php"> Main Menu </a>
</h3>
</form>
</center>
答案 0 :(得分:3)
在您需要用户登录以访问它的每个页面上,您需要检查您在登录页面上设置的任何会话是否已设置且不是空的
在这种情况下,我将使用成员ID会话
<强> passwordProtectedPage.php
<?php
if(isset( $_SESSION['SESS_MEMBER_ID']) && !empty($_SESSION['SESS_MEMBER_ID'])):?>
Do your html and other code
<?php
else:
header("location:page.php"); // take them to page
//or echo "You not allowed to view this page <a href=\"login.php\">Please login</a>";
endif;
?>
顺便说一下,您不需要在会话var上存储错误消息,如果存在错误,只需将其打印回来就可以在一个页面中执行所有操作。
如果它是一个本地测试页面你需要做什么也没关系 正确的方法,这样你有一天可以成为一个更好的程序员,所以 散列这些密码并阅读有关预准备语句的更多信息。
修改:
在登录页面上,您首先需要检查用户是否已登录。如果他们登录,请将他们带到他们需要的地方,否则显示表格和过程。
<?php
if (isset($_SESSION['SESS_MEMBER_ID']) && !empty($_SESSION['SESS_MEMBER_ID'])) {
header("location:page.php"); // if user is logged in don't show the form take them were they need to be
} else {
?>
show the form content and do proccessing
<?php
}
?>