<div id="nav">
<div id="nav_wrapper"><br/>
<ul>
<li><a href="#">ホーム</a></li>
<li><a href="#">About</a></li>
<li><a href="login.html">ログイン</a></li>
</ul>
</div>
这是我的登录按钮所在的nagivation栏
<?php
session_start();
include "connection.php";
$username = mysqli_real_escape_string($conn,$_POST['user']);
$password = mysqli_real_escape_string($conn,$_POST['pass']);
$sql = "Select * from user where username = '".$username.
"' and password = '".md5($password)."'";
$result = mysqli_query($conn, $sql);
if(mysqli_num_rows($result)<=0)
{
$sql = "Select * from user where username = '".$username.
"' and password = '".$password."'";
$result = mysqli_query($conn, $sql);
if(mysqli_num_rows($result)<=0)
{
echo "<script>alert('Wrong username / password! Please try again!');";
die("window.history.go(-1);</script>");
}
}
if($row=mysqli_fetch_array($result))
{
$_SESSION['username'] = $row['username'];
$_SESSION['password'] = $row['password'];
$_SESSION['role'] = $row['role'];
}
if($_SESSION['role']==="1")
{
echo "<script>alert('Welcome back! ".$_SESSION['username']."');";
echo "window.location.href='index.html';</script>";
}
else if($_SESSION['role']==="0")
{
echo "<script>alert('Welcome back, Admin!');";
echo "window.location.href='admin.html';</script>";
}
else
{
echo "<script>window.location.href='login.html';</script>";
}
?>
这是我的login.html,我可以知道如何在用户登录后用logout替换登录吗? 我以前见过一些问题,但我无法理解。 抱歉愚蠢的问题因为我还是html的新手
答案 0 :(得分:2)
假设你要在他们退出时破坏会话 - 这样的事情应该有用......
if(isset($_SESSION['username'])){
echo //logout button here
} else {
echo //log in button here
}
md5也不是很安全 - 为什么要将密码发布到会话变量?
答案 1 :(得分:1)
您只需比较SESSION值即可确定用户是否已登录。
if(empty($_SESSION['username']))
{
echo '<li><a href="login.html">ログイン</a></li>';
}else
{
echo '<li><a href="logout.html">Logout</a></li>';
}
并尝试不使用md5加密密码。请改用PHP's own password hashing algos。也使用prepared statements,因为转义字符串也不安全。
也不要在会话中存储密码和其他敏感信息,它们很容易被劫持。