所以我正在为PHP建立一个网站&MySQL的做法,我试图建立一个成员的系统。应该发生的是用户进入登录页面,使用注册的用户名和密码登录(这在注册过程中起作用),然后页面将刷新并将他们带到"会员"区域。下面是我的代码:
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username'])) {
echo "<h1>Member Area</h1>";
echo "<p>Thanks for logging in! You are <b>" . $_SESSION['Username'] . "</b> and your email address is <b>" . $_SESSION['EmailAddress'] . "</b>.</p>";
} elseif(!empty($_POST['username']) && !empty($_POST['password'])) {
$username = mysql_real_escape_string($_POST['username']);
$password = md5(md5(mysql_real_escape_string($_POST['password'])));
$checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
if(mysql_num_rows($checklogin) == 1) {
$row = mysql_fetch_array($checklogin);
$email = $row['EmailAddress'];
$_SESSION['Username'] = $username;
$_SESSION['EmailAddress'] = $email;
$_SESSION['LoggedIn'] = 1;
echo "<center>";
echo "<h1>Success</h1>";
echo "<p>We are now redirecting you to the member area.</p>";
echo "<meta http-equiv='refresh' content='2;login.php' />";
echo "</center>";
} else {
echo "<h1>Error</h1>";
echo "<p>Sorry, your account could not be found. Please <a href='"login.php'">click here to try again</a>.</p>";
}
} else {
echo "<center>";
echo "<h1>Login</h1>";
echo "<p>Thanks for visiting! Please either login below, or <a href='"register.php'">click here to register</a>.</p>";
echo "<form method='"post'" action='"login.php'" name='"loginform'" id='"loginform'">";
echo "<label for='"username'">Username:</label><input type='"text'" name='"username'" id='"username'" /><br />";
echo "<label for='"password'">Password:</label><input type='"password'" name='"password'" id='"password'" /><br /> ";
echo "<input type='"submit'" name='"login'" id='"login'" value='"Login'" />";
echo "</form>";
echo "</center>";
}
?>
基本上,页面加载并检查用户是否已经登录如果是,它加载成员区域。如果没有,它检查用户是否正在尝试登录,如果没有,它显示登录表单。我的问题是,每次我或其他人尝试登录,页面重新加载,但不是带他们到"成员"区域,它带他们回到登录表单…此外,在文档的顶部,我有一行是:<?php include "base.php"; ?>
在base。php文件中,我有一个session_start()
,但也许这是无关紧要的?有什么建议吗?谢谢。
编辑:注册用户的代码在另一个php文件中。同样,带有session_start();
的base.php文件包含在文档的顶部:如果(!空($ _POST['用户名']),,!空($ _POST['密码'])){
$username = mysql_real_escape_string($_POST['username']);
$password = md5(md5(mysql_real_escape_string($_POST['password']))));
$email = mysql_real_escape_string($_POST['email']);
$checkusername = mysql_query("SELECT * FROM users WHERE Username = '".$username."'");
if(mysql_num_rows($checkusername) == 1) {
echo "<h1>Error</h1>";
echo "<p>Sorry, that username is taken. Please go back and try again.</p>";
} else {
$registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('".$username."', '".$password."', '".$email."')");
if($registerquery) {
echo "<h1>Success</h1>";
echo "<p>Your account was successfully created. Please <a href='"login.php'">click here to login</a>.</p>";
} else {
echo "<h1>Error</h1>";
echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
}
}
} else {
echo "<h1>Register</h1>";
echo "<p>Please enter your details below to register.</p> ";
echo "<form method='"post'" action='"register.php'" name='"registerform'" id='"registerform'">";
echo " <label for='"username'">Username:</label><input type='"text'" name='"username'" id='"username'" /><br /> ";
echo " <label for='"password'">Password:</label><input type='"password'" name='"password'" id='"password'" /><br /> ";
echo " <label for='"email'">Email Address:</label><input type='"text'" name='"email'" id='"email'" /><br />";
echo " <input type='"submit'" name='"register'" id='"register'" value='"Register'" />";
echo "</form>";
}
?>
你好像少了一个
session_start()
在PHP脚本的顶部
始终确保session_start()
位于所有其他相关页面的顶部。我会使用isset
,而不是!empty
。
session_start();
if(isset($_SESSION['LoggedIn']) && isset($_SESSION['Username'])) {
对于您想要将会话延续到的每个页面,您都必须执行
session_start();
,即使会话已经创建。
假设您想要一个注销页面,当您要在logout.php这样的页面上注销用户时,您必须有:
session_start();
session_destroy();
session_start ();必须销毁会话
mysql_real_escape_string已弃用,请使用MySQLi或PDO代替!!此外,session_start();
可能对会话工作很有用。