我在登录脚本中创建会话时遇到问题。 Session()似乎不起作用,因为我可以通过在浏览器中输入来直接访问admin.php,当我登录时,我可以访问其他成员的信息,这是不应该发生的。 这是我的登录脚本:
include('content/config.php');
// table name
$tbl_name=tablename;
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE login='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
$_SESSION["valid_user"] = $_POST["myusername"];
header("location: admin.php?name=$myusername");
}
else {
echo "Wrong Username or Password";
}
} else {
$myusername = "";
$mypassword = "";
}
?>
<html>
<head>
</head>
<body>
<table width="300" border="0" align="center">
<tr><td>
<form name="form1" method="post" action="login.php">
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3">Login</td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</body>
</html>
这是admin.php:
<?
session_start();
if (!$_SESSION["valid_user"])
{
header("location:login.php");
die();
}
?>
<?php include("content/top.php"); ?>
Admin Area
<?php include("content/bottom.php"); ?>
提前致谢!
答案 0 :(得分:6)
您的登录页面中缺少session_start();
功能。你需要将它放在脚本的顶部。
只要您想使用与会话相关的功能,就可以使用session_start();
。
答案 1 :(得分:0)
<?php
session_start();
include('content/config.php');
// table name
$tbl_name=tablename;
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE login='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
$_SESSION["valid_user"] = $_POST["myusername"];
header("location: admin.php?name=$myusername");
}
else {
echo "Wrong Username or Password";
}
} else {
$myusername = "";
$mypassword = "";
}
?>
<html>
<head>
</head>
<body>
<table width="300" border="0" align="center">
<tr><td>
<form name="form1" method="post" action="login.php">
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3">Login</td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</body>
</html>
$_SESSION["valid_user"] = $_POST["myusername"];
//你在登录页面中使用会话,但你错过了把session_start();在你的页面顶部