我有一个sample.php页面和里面的sample.php页面我有一个登录脚本。问题是,每次我尝试登录有一个页面显示"网页有重定向循环",我不知道如何修复它..有人可以帮助我解决这个问题..
<?php
session_start();
$username="";
if(count($_POST)>0) {
$conn = mysql_connect("localhost","root","");
mysql_select_db("region_survey",$conn);
$result = mysql_query("SELECT * FROM survey_login WHERE username='" . $_POST["username"] . "' and password = '". $_POST["password"]."'");
$row = mysql_fetch_array($result);
if(is_array($row)) {
$_SESSION["Survey_id"] = $row[Survey_id];
$_SESSION["username"] = $row[username];
} else {
$username = "Invalid Username or Password!";
}
}
if(isset($_SESSION["Survey_id"])) {
header("Location:login.php");
}
?>
我想你必须重新检查你的代码逻辑…
用户将使用username、password和submit填写登录表单。
形式值到达form action attribute value -> target of form
您将检查数据库中的注册用户表,以检查该用户是否有权访问您的页面if true ->您将保存用户会话else ->重定向用户到登录页面
尽可能多的我可以从你的代码中理解,你是从数据库中获取用户数据,并保存在一个会话中,如果查询有结果…
也许它可以工作,但这不是一个完整的解决方案…
这是一个示例指南:
session_start();
if( isset( $_POST['submitButtonName'] ) ) //means the form is submitted using submit button
{
$username = strip_tags( trim( $_POST['username'] ) ); //or something you need
$pass = strip_tags( trim( $_POST['password'] ) ); //or something you need
$sql = 'select * from tablename where username = ' . $username . ' and password= ' . $pass . ' limit 1';
//create a connection to your DB using PHP PDO class which is more safe and reliable
$conn = new PDO('mysql: host = localhost; dbname = databaseName;', $DBUsername, $DBPass);
$conn->exec("SET SESSION collation_connection = 'utf8_general_ci';");
$conn->exec("SET CHARACTER SET 'utf8';");
$conn->exec("set names 'utf8';");
$sendQueryUsingPDO = $conn->query( $sql );
$fetchDataFromDb = $sendQueryUsingPDO->fetchColumn();
if( $fetchDataFromDb['username'] == $username && $fetchDataFromDb['password'] == $pass )
{
//user is valid, write sessions and redirect it to your target page
}// end of if
else
{
//user is not valid and redirect it to login page and unset sessions
}//end of else
}//if user submit the form
我希望这能成为一个起点…
更新:
正如你在评论中所问的,它使用mysql:
$host = 'localhost';
$db = 'yourDB';
$us = 'yourDB_Username';
$ps = 'yourDB_Password';
$link = mysql_connect($host, $us, $ps);
if (!$link)
{
die('Could not connect: ' . mysql_error() );
}
else
{
echo 'Connected successfully';
}
mysql_select_db( $db, $link);
$result = mysql_query($sql);
$row = mysql_fetch_row($result);
if( $row['username'] == $username && $row['password'] == $pass )
{
// user is valid
}
else
{
//user is not valid
}
修改以下代码
if(isset($_SESSION["Survey_id"])) {
header("Location:login.php");
}
if(isset($_SESSION["Survey_id"])) {
unset($_SESSION["Survey_id"]);
header("Location:login.php");
}
将最后一个代码块更改为-如果(!收取($ _SESSION("Survey_id"))){标题("位置:login");}
由于没有设置session变量,所以重定向到login.php