php session()在登录脚本中不起作用

时间:2011-09-10 20:34:22

标签: php session login

我在登录脚本中创建会话时遇到问题。 Session()似乎不起作用,因为我可以通过在浏览器中输入来直接访问admin.php,当我登录时,我可以访问其他成员的信息,这是不应该发生的。 这是我的登录脚本:      

include('content/config.php');
// table name
$tbl_name=tablename;

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);

$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE login='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){

$_SESSION["valid_user"] = $_POST["myusername"];

header("location: admin.php?name=$myusername");
}
else {
echo "Wrong Username or Password";
}


} else {  

  $myusername = "";
      $mypassword = "";

}


?>

<html>
<head>
</head>
<body>

<table width="300" border="0" align="center">
<tr><td>

<form name="form1" method="post" action="login.php">
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3">Login</td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>

</body>
</html>

这是admin.php:

<?
session_start();
if (!$_SESSION["valid_user"])
{
header("location:login.php");
die();
}
?>

<?php include("content/top.php"); ?>
Admin Area
<?php include("content/bottom.php"); ?>

提前致谢!

2 个答案:

答案 0 :(得分:6)

您的登录页面中缺少session_start();功能。你需要将它放在脚本的顶部。

只要您想使用与会话相关的功能,就可以使用session_start();

答案 1 :(得分:0)

<?php 
session_start();
include('content/config.php');
// table name
$tbl_name=tablename;

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);

$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE login='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){

$_SESSION["valid_user"] = $_POST["myusername"];

header("location: admin.php?name=$myusername");
}
else {
echo "Wrong Username or Password";
}


} else {  

  $myusername = "";
      $mypassword = "";

}


?>

<html>
<head>
</head>
<body>

<table width="300" border="0" align="center">
<tr><td>

<form name="form1" method="post" action="login.php">
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3">Login</td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>

</body>
</html>

$_SESSION["valid_user"] = $_POST["myusername"]; //你在登录页面中使用会话,但你错过了把session_start();在你的页面顶部

相关问题
最新问题