我有个问题。当我登录时,它做得很好。它说您以$username = admin…但当我刷新登录页面时,它不再说了。它给了我登录和密码字段,所以我可以重新登录。我猜会话没有设置好,但我似乎找不到问题。它甚至说我的密码不正确但仍然告诉我你以admin登录,这是我的用户名谢谢
<?php
session_start();
include("connect.php");
if ($_POST['submit']){
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
if($username){
if($password){
$password = md5(md5("KmsdufIFNKSnefndbdo19228330293".$password."JSDSHBFJS8S8ds8sd8s8d"));
$query = mysql_query("SELECT * FROM user WHERE username='$username'");
$num_rows = mysql_num_rows($query);
if ($num_rows == 1){
$row = mysql_fetch_assoc($query);
$db_username = $row['username'];
$db_password = $row['password'];
if ($password == $db_password){
$username =$_SESSION['username'];
}else
echo "Your password is incorrect";
}else{
echo "Username not Found";
}
}
}else
echo "Futeni emrin e llogarise.";
}
?>
<html>
<head>
</head>
<body>
<?php
if ($username){
echo "You are logged in as, ".$username."!. <a href='logout.php'>LogOut</a> ";
}else{
echo "
<form action='login.php' method='post'>
Username: <input type='text' name='username' id='user'/>
<br/>
Password: <input type='password' name='password' id='pass'/>
<br/>
<input type='submit' name='submit' value='Submit'/>
</form>
";
}
?>
</body>
</html>
$username的值在if ($_POST['submit']){中设置,所以当您刷新登录页面时,它不再说了。您应该将$username设置为会话
<?php
session_start();
include("connect.php");
if ($_POST['submit']){
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
if($username){
if($password){
$password = md5(md5("KmsdufIFNKSnefndbdo19228330293".$password."JSDSHBFJS8S8ds8sd8s8d"));
$query = mysql_query("SELECT * FROM user WHERE username='$username'");
$num_rows = mysql_num_rows($query);
if ($num_rows == 1){
$row = mysql_fetch_assoc($query);
$db_username = $row['username'];
$db_password = $row['password'];
if ($password == $db_password){
$_SESSION['username']= $username;
}else
echo "Your password is incorrect";
}else{
echo "Username not Found";
}
}
}else
echo "Futeni emrin e llogarise.";
}
?>
<html>
<head>
</head>
<body>
<?php
if ( isset($_SESSION['username']) && $_SESSION['username'] != '' ){
$username = $_SESSION['username'];
echo "You are logged in as, ".$username."!. <a href='logout.php'>LogOut</a> ";
}else{
echo "
<form action='login.php' method='post'>
Username: <input type='text' name='username' id='user'/>
<br/>
Password: <input type='password' name='password' id='pass'/>
<br/>
<input type='submit' name='submit' value='Submit'/>
</form>
";
}
?>
</body>
</html>
首先要将username设置为session变量
if ($password == $db_password){
$username = mysql_real_escape_string($_SESSION['username']);
$_SESSION['username'] = $username;
} else {
echo "Your password is incorrect";
}
在if条件下,您需要更改以下代码
$username = isset($_SESSION['username']) ? $_SESSION['username'] : null;
if ($username){
echo "You are logged in as, ".$username."!. <a href='logout.php'>LogOut</a> ";
}else{
/* your code */
}
您正在进行相反的设置。试着
if ($password == $db_password){
$_SESSION['username'] = $username;
}
if (isset($_SESSION['username']))
{
echo "You are logged in as, $_SESSION['username']!. <a href='logout.php'>LogOut</a>";
}
p。开始使用准备好的语句(mysqli或pdo),避免mysql扩展。