我正在创建一个登录网站。 这是我的login.php:
<?php
include 'connect.php';
include 'header.php';
echo '<h3>Sign up</h3>';
$username="";
$finished = false;
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
/* so, the form has been posted, we'll process the data in three steps:
1. Check the data
2. Let the user refill the wrong fields (if necessary)
3. Save the data
*/
$errors = array(); /* declare the array for later use */
if(!isset($_POST['user_name']))
{
$errors[] = 'The username field must not be empty.';
}
if(!isset($_POST['user_pass']))
{
$errors[] = 'The password field cannot be empty.';
}
if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
{
echo '<p class="error">login failed';
echo '<ul>';
foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
{
echo '<li>' . $value . '</li>'; /* this generates a nice error list */
}
echo '</ul></p>';
}
else
{
//the form has been posted without errors, so save it
//notice the use of mysql_real_escape_string, keep everything safe!
//also notice the sha1 function which hashes the password
$sql = "SELECT
user_id,
user_name,
user_level
FROM
users
WHERE
user_name = '" . mysql_real_escape_string($_POST['user_name']) . "'
AND
user_pass = '" . sha1($_POST['user_pass']) . "'";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo '<p class="error">Something went wrong while registering. Please try again later.</p>';
//echo mysql_error(); //debugging purposes, uncomment when needed
}
else
{
if(mysql_num_rows($result) == 0)
{
echo '<p class="error">You have supplied a wrong user/password combination. Please try again.</p>';
}
else
{
$_SESSION['signed_in'] = true;
while($row = mysql_fetch_assoc($result))
{
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_name'] = $row['user_name'];
$_SESSION['user_level'] = $row['user_level'];
}
echo 'Successfully logged in as ' . $_SESSION['user_name'];
$finished=true;
}
}
}
}
if(!$finished) {
echo '<form method="post" action="">
<table>
<tr>
<td>Username:</td><td> <input type="text" name="user_name" value="' . $username . '"/></td>
</tr>
<tr>
<td>Password:</td><td> <input type="password" name="user_pass"/></td>
</tr>
</table>
<input type="submit" value="login" />
</form>';
}
include 'footer.php';
?>
我的header.php:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="description" content="A short description." />
<meta name="keywords" content="put, keywords, here" />
<title>PHP-MySQL forum</title>
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body>
<h1>My forum</h1>
<div id="wrapper">
<div id="menu">
<a class="item" href="index.php">Home</a> -
<a class="item" href="/forum/create_topic.php">Create a topic</a> -
<a class="item" href="/forum/create_cat.php">Create a category</a>
<div id="userbar">
<?php
if($_SESSION['signed_in'])
{
echo 'Hello' . $_SESSION['user_name'] . '. Not you? <a href="signout.php">Sign out</a>';
}
else
{
echo '<a href="login.php">Log in</a> or <a href="sign up">create an account</a>.';
}
?>
</div>
</div>
<div id="content">
和页脚:
</div><!-- content -->
</div><!-- wrapper -->
</body>
</html>
现在,当我成功登录,并且我尝试访问标题中的$_SESSION['signed_in']时,它未设置(我尝试使用echo输出并且它没有显示任何内容)。 'user_name'等也未设置,但在login.php中它具有正确的内容。我做错了什么?
答案 0 :(得分:0)
要使用PHP工作的会话,必须先使用session_start()启动它们。您可以在脚本中执行此操作,方法是在login.php或connect.php之上添加,如下所示:
<?php
session_start();
include 'connect.php';
最好将其添加到connect.php中,以使其在所有其他网页上也可用。
mysql_*已从php-5.5开始弃用,并已在php-7.0中删除。因此,请使用mysqli_*或PDO
Why shouldn't I use mysql_* functions in PHP?
答案 1 :(得分:-1)
在第一行,首先要做的是创建会话。
<?php
session_start();
?>
记得在每个使用会话变量
的文件上写下这一行