我在php中创建了会话并限制了admin.php页面。如果用户未登录他/她或任何外星人/机器人无法访问该页面。登录后必须进入管理页面。但它转到了check.php中提到的contact.php。如果我在admin.php中没有包含check.php。它在登录后转到admin.php但admin.php也可以在没有登录的情况下访问。你能查看我错在哪里吗?
这是login.php -
<?php
include('connect.php'); // Include connect for login Script
if ((isset($_SESSION['username']) != ''))
{
header('Location: admin.php');
}
?>
<!DOCTYPE html>
<html>
<head>
<link href='http://fonts.googleapis.com/css?family=Montserrat:400,700' rel='stylesheet' type='text/css'>
<meta charset="UTF-8">
<title>Admin Login</title>
</head>
<body>
<div class="login-block">
<form action="" method="POST">
<h1>Login</h1><span><img src="/img/loginlogo.png"/></span>
<span id="invalid"><?php echo $error; ?></span>
<input type="text" name="username" placeholder="Username" id="username" />
<span><?php echo $usererror; ?></span>
<input type="password" name="password" placeholder="Password" id="password" />
<span><?php echo $pwderror; ?></span>
<input id= "btn" name="submit" type="submit" value=" Login "/>
<a href="register.php" id="frgt">Forgot Password</a>
<a href="register.php" id="register">Register Now</a>
</form>
</div>
</body>
</html>
这是admin.php -
<?php
include('check.php');
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Home</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<h1 class="hello">Hello, <em><?php echo $login_user;?>!</em></h1>
<br><br><br>
<a href="logout.php" style="font-size:18px">Logout?</a>
</body>
</html>
这是check.php -
<?php
include('db.php');
session_start();
$user_check=$_SESSION['username'];
$sql = mysqli_query($db,"SELECT username FROM credentials WHERE username='$user_check' ");
$row=mysqli_fetch_array($sql,MYSQLI_ASSOC);
$login_user=$row['username'];
if(!isset($user_check))
{
header("Location: contact.php");
}
?>
这是我的connect.php -
<?php
session_start();
include("db.php"); //Establishing connection with our database
$error = ""; //Variable for storing our errors.
if(isset($_POST["submit"]))
{
if(empty($_POST["username"]) || empty($_POST["password"]))
{
$usererror = "Username can not be left blank";
$pwderror = "Password can not be left blank";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// To protect from MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
//$password = md5($password);
//Check username and password from database
$sql="SELECT id FROM credentials WHERE username='$username' and password='$password'";
$result=mysqli_query($db, $sql);
$row=mysqli_fetch_array($result, MYSQLI_ASSOC);
//If username and password exist in our database then create a session.
//Otherwise echo error.
if(mysqli_num_rows($result) == 1)
{
$_SESSION['username'] = $login_user; // Initializing Session
header("location: admin.php"); // Redirecting To Other Page
}
else
{
$error = "Incorrect username or password.";
}
}
}
?>
答案 0 :(得分:1)
我已经解决了这个问题。
我在connect.php中替换了我的代码:
$_SESSION['username'] = $login_user; // Initializing Session
为:
$_SESSION['username'] = $username; // Initializing Session
谢谢大家。
答案 1 :(得分:0)
我可以帮助您,并说您应该停止关注该教程。它告诉你如何使用HTML,PHP,MySQL的一切都被弃用,而不是最好的实践和错误。停止使用该教程,抛弃您的工作并阅读准备好的SQL语句以及HTML5和PHP 7。
始终在die()来电后放置exit或header("Location: ...);。
您的登录信息正在检查您的会话值,因此一旦您正确登录,会记住会话值并始终“登录”。要打破此循环,请清除此网站的浏览器数据。刷新页面。
如果没有Showing me what PHP errors (if any) you are getting,我无法提供更详细的帮助,并澄清您是否能够正确登录?