我正在开发带有会话的登录表单。当我登录并尝试更改同一域中的页面并返回登录页面时,我已注销并且需要凭据。贝娄是代码。
mysky.php(登录页面)
<?php
session_start();
$pageTitle = 'MySky Login';
include 'header.php';
?>
<div id="cloud_box">
<div id="cloud_title">My<span>Sky</span> Login</div>
<form action="myskyweb.php" name="form" method="POST"
onsubmit="return IsEmpty();">
<div id="msg"><?php if(isset($msg)) { echo $msg; }?></div>
<div id="u">
<div id="user1">U</div>
<input type="text" id="user" name="user"/>
<div id="error_u"></div>
</div>
<div id="p">
<div id="pass1">P</div>
<input type="password" id="pass" name="pass"/>
<div id="error_p"></div>
</div>
<button id="btn" type="submit">Login</button>
</form>
</div>
<?php include 'footer.php';?>
myskyweb.php(成功登录后)
<?php
session_start();
if(!isset($_SESSION['id']))
{
header("Location: mysky.php");
}
$pageTitle = sprintf('MySky - %s', $_POST['user']);
include 'header.php';
include 'login.php';
?>
<?php
print_r($_SESSION);
?>
<div id="logout"><a href="logout.php">Logout</a></div>
<?php include 'footer.php';?>
page1.php(我网域的一页)
<?php
session_start();
$pageTitle = 'page1';
include 'header.php';
?>
<?php
print_r($_SESSION);
?>
<div id="structure">
<?php include 'footer.php';?>
page2.php(另一页)
<?php
session_start();
$pageTitle = 'page2';
include 'header.php';
?>
<?php
print_r($_SESSION);
?>
<div class="slides">
<?php include 'footer.php';?>
login.php(检查凭据是否正确并为会话赋值)
<?php
include 'db_info.php';
$username = $password = $encrypted = $msg = '';
//connect to db
$conn = new mysqli($dbServer, $dbUser, $dbPass, $dbName)
or die($conn);
//get values
$username = $_POST['user'];
$password = $_POST['pass'];
//prevent mysql injection
$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysqli_real_escape_string($conn, $username);
$password = mysqli_real_escape_string($conn, $password);
//encrypt pass
$encrypted = md5($password);
//search
$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$encrypted'";
$result = mysqli_query($conn, $sql) or die("Failed to query database ".mysqli_error($conn));
//compare
$row = mysqli_fetch_array($result);
if (($row['username'] == $username) && ($row['password'] == $encrypted)){
$_SESSION['id'] = $row['id'];
$_SESSION['user'] = $row['username'];
$_SESSION['logged_in'] = time();
} else {
$msg = 'Credentials mismatch';
header("Location: /mysky.php");
die();
}
mysqli_close($conn);
?>
我在所有页面上都使用了功能 print_r()来了解问题是否出在会话上。会话不是问题,因为登录后每个页面都会显示会话var。因此,会话在更改页面后保留值。我无法理解为什么我再次在登录页面中看到登录表单,而不是看到成功的登录页面。
感谢您的帮助!
答案 0 :(得分:0)
登录时,您需要分配一个$ _SESSION变量。请看下面的示例
Login.php
//login code
.....
//
//if successful
$_SESSION['user_id'] = $user['username'];
$_SESSION['logged_in'] = time();
header( "Location: /protected.php" );
die();
例如,然后在后续页面的顶部。
home.php
<?php
session_start();
if(isset($_SESSION['user_id']) || isset($_SESSION['logged in'])){
echo 'blah'
?>
如果您要删除登录按钮,或者如果他们尝试重定向则重定向 访问登录页面,您需要进行一些处理才能实现 这个。
更改登录按钮->退出按钮
<?php if(isset($_SESSION['user_id']) || isset($_SESSION['logged in'])){
?>
<li> <a href="logout.php"> Logout | <?php echo
$_SESSION['user_id'] ?> </a></li>
<?php }else{ ?>
<li> <a href="loginpage.php" >login</a></li>
<?php } ?>
Protected.php
<?php
session_start();
if(!isset($_SESSION['user_id']) || !isset($_SESSION['logged_in'])){
echo "Oops, you're not supposed to be here\n";
echo 'You\'ll be redirected in 5 seconds. If not, click <a
href="index.php">here</a>.';
header( "refresh:5;url=index.php" );
exit;
}
echo 'Congratulations! You are logged in!';
echo 'You\'ll be redirected in 5 seconds. If not, click <a
href="index.php">here</a>.';
header( "refresh:5;url=index.php" );
die();
?>
我相信这就是您想要实现的一切,只需根据需要更改变量
答案 1 :(得分:0)
编辑1
我可以成功登录,但是如果然后单击菜单page1.php,然后 单击mysky.php,我再次看到登录表单,而不是 myskyweb.php(授权页面)
好-这很重要。所以您的问题没有登录,对吗?但是,在身份验证之后,如果您返回登录页面,则会看到登录表单,并且不会被重定向。如果您已通过身份验证,则要自动重定向到登录页面。是吗?
如果是这样,那么我的问题是,您在 mysky.php(登录页面)中检查用户是否已登录?我什么地方都看不到支票。
您需要:
<?php
session_start();
// If the user is already logged in, redirect them to the landing page.
if (isset($_SESSION['id'])) {
header("Location: myskyweb.php");
}
您仅在检查是否设置了会话变量login.php
后才调用id
。这就是为什么它会将您重定向回登录页面。将包含在内的内容直接移到session_start()
下。有时它起作用的唯一原因是存在一个会话-请参阅我的下一点。
myskyweb.php(成功登录后)
<?php
session_start();
// Move this include up here before the check.
include 'login.php';
if(!isset($_SESSION['id']))
{
header("Location: mysky.php");
}
$pageTitle = sprintf('MySky - %s', $_POST['user']);
include 'header.php';
...
?>
此外,出于调试目的,每次单击登录屏幕时都清除会话。这样一来,您就不会对过时的会话数据感到困惑,让您保持登录状态
mysky.php(登录页面)
<?php
// Always clear the session when hitting the log in page.
session_destroy();
$_SESSION = [];
...
您很容易受到SQL Injection攻击-查找参数化查询。
发出die;
呼叫后,您需要致电header
-https://stackoverflow.com/a/768472/296555
答案 2 :(得分:0)
@waterloomatt和@Isaac感谢您的时间和回复!几个小时后,终于我找到了有效的代码。如果您发现任何错误,我将很高兴知道! 我会遇到SQL注入攻击的问题吗?
login.php
<?php
session_start();
include 'db_info.php';
//connect to db
$conn = new mysqli($dbServer, $dbUser, $dbPass, $dbName)
or die($conn);
//get values
if ((isset($_POST['user'])) && (isset($_POST['user']))){
$username = $_POST['user'];
$password = $_POST['pass'];
} else {
$username = null;
$password = null;
}
//prevent mysql injection
$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysqli_real_escape_string($conn, $username);
$password = mysqli_real_escape_string($conn, $password);
//encrypt pass
$encrypted = hash('sha256', $password);
//search
$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$encrypted'";
$result = mysqli_query($conn, $sql) or die("Failed to query database ".mysqli_error($conn));
//compare
$row = mysqli_fetch_array($result);
if (($row['username'] != $username) || ($row['password'] != $encrypted)){
if ((isset($_POST['user'])) && (isset($_POST['pass']))){
$_SESSION['msg'] = 'Credentials mismatch';}
} else {
$_SESSION['id'] = $row['id'];
$_SESSION['user'] = $row['username'];
}
mysqli_close($conn);
?>
mysky.php
<?php
include 'login.php';
if ((isset($_SESSION['id'])) && (isset($_SESSION['user'])))
{
include 'sky_auth.php';
}
else
{
include 'sky_login.php';
}
include 'footer.php';
?>
sky_login.php
<?php
$pageTitle = 'MySky Login';
include 'header.php';
?>
<div id="cloud_box">
<div id="cloud_title">My<span>Sky</span> Login</div>
<form action="" name="form" method="POST" onsubmit="return IsEmpty();">
<div id="msg"><?php if (isset($_SESSION['msg'])){
echo $_SESSION['msg'];
unset($_SESSION);
session_destroy();} ?>
</div>
<div id="u">
<div id="user1">U</div>
<input type="text" id="user" name="user"/>
<div id="error_u"></div>
</div>
<div id="p">
<div id="pass1">P</div>
<input type="password" id="pass" name="pass"/>
<div id="error_p"></div>
</div>
<button id="btn" type="submit">Login</button>
</form>
</div>
sky_auth.php
<?php
if(!isset($_SESSION['id']))
{
header("Location: mysky.php");
die();
}
$pageTitle = sprintf('MySky - %s', $_SESSION['user']);
include 'header.php';
?>
<div id="sky_contain">
<div id="logout"><a href="logout.php">Logout</a></div>
</div>
</div>