我有一个login.php页面,我希望用户在点击我的html表单上的添加或删除按钮时必须使用它们(如果他们离开页面并且单击添加,他们也不能保持登录状态或删除然后他们必须再次登录)。
目前我已将它设置为将用户带到index.php,如果他们正确登录但我想删除一旦我弄清楚如何让他们登录访问某些页面。
我的login.php代码:
<html>
<head>
<title>Login</title> <link rel="stylesheet" type="text/css" href="style.css">
</head>
<body id="body-color">
<div id="Sign-In">
<center><fieldset style="width:30%"><legend>Welcome Please Login Below</legend>
<form method="POST" action="connectivity.php">
Username: <br><input type="text" name="user" size="40"><br>
Password: <br><input type="password" name="pass" size="40">
<br>
<br>
<input id="button" type="submit" name="submit" value="Log-In">
</form>
</center>
</fieldset>
</div>
</body>
</html>
connectivity.php:
<?php
define('DB_HOST', 'localhost');
define('DB_NAME', 'list');
define('DB_USER', 'root');
define('DB_PASSWORD', '****');
$con = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db = mysql_select_db(DB_NAME, $con) or die("Failed to connect to MySQL: " . mysql_error());
/*
$ID = $_POST['user']; $Password = $_POST['pass'];
*/
function SignIn() {
session_start();
if (!empty($_POST['user'])) {
$query = mysql_query("SELECT * FROM UserName where userName = '$_POST[user]' AND pass = '$_POST[pass]'") or die(mysql_error());
$row = mysql_fetch_array($query);
if (!empty($row['userName']) AND ! empty($row['pass'])) {
$_SESSION['userName'] = $row['pass'];
header("Location: index.php");
} else {
header("Location: login.php");
}
}
}
if (isset($_POST['submit'])) {
SignIn();
}
?>
答案 0 :(得分:1)
使用SESSIONS
。设置一个值为(1)的会话,如果设置了不,它会将您带到登录页面。
以下是一个例子:
session_start();
if (!isset($_SESSION['CheckLogin'])) {
header("Location: index.php");
}
答案 1 :(得分:0)
除了sql注入风险之外,请记住在要为登录用户检查的页面顶部添加session_start()
<?php
session_start();
define('DB_HOST', 'localhost');
define('DB_NAME', 'list');
define('DB_USER', 'root');
define('DB_PASSWORD', '****');
$con = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db = mysql_select_db(DB_NAME, $con) or die("Failed to connect to MySQL: " . mysql_error());
/*
$ID = $_POST['user']; $Password = $_POST['pass'];
*/
function SignIn() {
session_start();
if (!empty($_POST['user'])) {
$query = mysql_query("SELECT * FROM UserName where userName = '$_POST[user]' AND pass = '$_POST[pass]'") or die(mysql_error());
$row = mysql_fetch_array($query);
if (!empty($row['userName']) AND ! empty($row['pass'])) {
$_SESSION['userName'] = $row['pass'];
header("Location: index.php");
} else {
header("Location: login.php");
}
}
}
if (isset($_POST['submit'])) {
SignIn();
}
?>
然后在每个页面上,执行以下操作:
<?php
if(isset($_SESSION['userName']) && $_SESSION['userName'] != ''){
//this user is logged in and has access
}else{
//redirect back to login page
header('Location: index.php');
}