是接受用户名和密码的登录页面代码。但其他页面也是用URL打开的。使用的会话也开始。请帮我修改代码。
<?php
if(isset($_POST["submit"])){
if(!empty($_POST['user']) && !empty($_POST['pass'])) {
$user=$_POST['user'];
$pass=$_POST['pass'];
$con=mysqli_connect('localhost','root','') or die(mysql_error());
mysqli_select_db($con, 'user_registration') or die("cannot select DB");
$query=mysqli_query($con, "SELECT * FROM login WHERE username='".$user."' AND password='".$pass."'");
$numrows=mysqli_num_rows($query);
if($numrows!=0)
{
while($row=mysqli_fetch_assoc($query))
{
$dbusername=$row['username'];
$dbpassword=$row['password'];
}
if($user == $dbusername && $pass == $dbpassword)
{
session_start();
$_SESSION['sess_user']=$user;
/* Redirect browser */
header("Location: index.php");
}
} else {
echo "Invalid username or password!";
}
} else {
echo "All fields are required!";
}
}
?>