单击“登录”按钮后未出现索引页面,我尝试了以下操作:
header("Location: index.php");
和
header('Refresh: 2; URL=index.php', true, 301);
但没有结果
login.php
<?php
session_start();
include("include/config.php");
If($_POST["submit_enter"])
{
$login=$_POST["input_login"];
$pass=$_POST["input_pass"];
}
if($login && $pass)
{
$result=mysqli_query($conn,"SELECT *FROM admin WHERE login='$login' AND pass='$pass'");
if(mysqli_num_rows($result)>0)
{
$row=mysqli_fetch_array($result);
$_SESSION['auth_admin']='yes_auth';
header("Location: index.php");
}else{
$msgerror="Nume de utilizator si/sau parola incorecte";
}
}else{
$msgerror="Introduceti numele de administrator si parola";
}
include("include/head.php");
?>
<div id="block-pass-login">
<?php
if($msgerror)
{
echo'<p id="msgerror">'.$msgerror.'</p><hr>';
}
?>
<h3 style="text-align:center">Autenficare</h3>
<form method="post">
<ul id="pass-login">
<li><label>Nume</label><input type="text" name="input_login"/></li>
<li><label>Parola</label><input type="password" name="input_pass"/></li>
</ul>
<p style="text-align:center"><input type="submit" name="submit_enter" id="submit_enter" value="Logare"/></p>
</form>
</div>
</body>
</html>
index.php
<?php
include("include/config.php");
if($_SESSION['auth_admin']=='yes_auth'){
if(isset($_GET["logout"])){
unset($_SESSION['auth_admin']);
header("Location: ../index.php");
}
$title="Acces la BD";
$_SESSION['urlpage']="<a href='index.php'>Acasa</a>";
include("include/head.php");
?>
<div id="block-body">
<?php
include("include/header.php");
$query1=mysqli_query($conn,"SELECT * FROM Categorie WHERE tip='mare'");
$result1=mysqli_num_rows($query1);
$query2=mysqli_query($conn,"SELECT * FROM Categorie WHERE tip='munte'");
$result2=mysqli_num_rows($query2);
$query3=mysqli_query($conn,"SELECT * FROM Destinatie WHERE Tip_Destinatie='mare'");
$result3=mysqli_num_rows($query3);
$query4=mysqli_query($conn,"SELECT * FROM Destinatie WHERE Tip_Destinatie='munte'");
$result4=mysqli_num_rows($query4);
$query5=mysqli_query($conn,"SELECT * FROM Destinatie_Hotel");
$result5=mysqli_num_rows($query5);
$query6=mysqli_query($conn,"SELECT * FROM Hotel WHERE Tip_Destinatie='mare'");
$result6=mysqli_num_rows($query6);
$query7=mysqli_query($conn,"SELECT * FROM Tip_Transport WHERE Denumire='avia'");
$result7=mysqli_num_rows($query7);
$query8=mysqli_query($conn,"SELECT * FROM Tip_Transport WHERE Denumire='auto'");
$result8=mysqli_num_rows($query8);
$query9=mysqli_query($conn,"SELECT * FROM Destinatie_Transport WHERE Denumire_Tip='avia'");
$result9=mysqli_num_rows($query9);
$query10=mysqli_query($conn,"SELECT * FROM Destinatie_Transport WHERE Denumire_Tip='auto'");
$result10=mysqli_num_rows($query10);
$query11=mysqli_query($conn,"SELECT * FROM Categorie WHERE tip='tratament'");
$result11=mysqli_num_rows($query11);
$query12=mysqli_query($conn,"SELECT * FROM Destinatie WHERE Tip_Destinatie='tratament'");
$result12=mysqli_num_rows($query12);
$query13=mysqli_query($conn,"SELECT * FROM Hotel WHERE Tip_Destinatie='munte'");
$result13=mysqli_num_rows($query13);
$query14=mysqli_query($conn,"SELECT * FROM Destinatie_Shopping");
$result14=mysqli_num_rows($query14);
$query15=mysqli_query($conn,"SELECT * FROM Shopping");
$result15=mysqli_num_rows($query15);
$query16=mysqli_query($conn,"SELECT * FROM Hotel WHERE Tip_Destinatie='tratament'");
$result16=mysqli_num_rows($query16);
$query17=mysqli_query($conn,"SELECT * FROM Destinatie_Excursii");
$result17=mysqli_num_rows($query17);
$query18=mysqli_query($conn,"SELECT * FROM Excursii");
$result18=mysqli_num_rows($query18);
?>
<div id="block-content">
<div id="block-parameters">
<p id="title-page">Statistica generala</p>
</div>
<ul id="general-statistics">
<li><p>Tari | mare<span><?php echo $result1;?></span></p></li>
<li><p>Destinatii | mare<span><?php echo $result3;?></span></p></li>
<li><p>Hotele | mare<span><?php echo $result6;?></span></p></li>
<li><p>Tari | munte<span><?php echo $result2;?></span></p></li>
<li><p>Destinatii | munte<span><?php echo $result4;?></span></p></li>
<li><p>Hotele | munte<span><?php echo $result13;?></span></p></li>
<li><p>Tari | tratament<span><?php echo $result11;?></span></p></li>
<li><p>Destinatii | tratament<span><?php echo $result12;?></span></p></li>
<li><p>Hotele | tratament<span><?php echo $result16;?></span></p></li>
<li><p>Tari | avia<span><?php echo $result7;?></span></p></li>
<li><p>Destinatii | avia<span><?php echo $result9;?></span></p></li>
<li><p>Tari | auto<span><?php echo $result8;?></span></p></li>
<li><p>Destinatii | auto<span><?php echo $result10;?></span></p></li>
<li><p>Tari | Shopping<span><?php echo $result14;?></span></p></li>
<li><p>Destinatii | Shopping<span><?php echo $result15;?></span></p></li>
<li><p>Tari | Excursii<span><?php echo $result17;?></span></p></li>
<li><p>Destinatii | Excursii<span><?php echo $result18;?></span></p></li>
</ul>
</div>
</div>
</body>
</html>
<?php
}else{
header("Location:login.php");
}
?>
已编辑 var_dump
非常感谢!
答案 0 :(得分:1)
1)您的代码容易受到SQL注入的攻击,总是逃避用户输入!请阅读How can I prevent SQL injection in PHP?
2)似乎您将密码以纯文本格式存储在数据库中,这非常糟糕,请继续学习哈希。请参阅http://php.net/manual/en/function.password-hash.php
我在您的index.php中缺少session_start(),这可能会导致不确定的无限循环。
