最受欢迎

阻止用户在没有登录的情况下访问页面不起作用

Preventing user access to page without login not working

本文关键字:访问 情况下 不起作用 登录 用户 | 更新日期: 2023-09-27

当我尝试登录时,它不允许我登录,但是当我取出它时,它允许我这样做,但即使我注销,它仍然允许我在页面上?

我知道有问题的领域是欢迎中的PHP代码.php

登录.php:

<html>
<body>
    <form name="form1" method="post" action="connection.php">
        <td colspan="3"><strong>Member Login </strong></td>
        <td width="78">Username</td>
        <td width="6">:</td>
        <td width="294">
            <input name="myusername" type="text" id="myusername">
        </td>
        Password: 
        <input name="mypassword" type="text" id="mypassword">
        <input type="submit" name="Submit" value="Login">
    </form>
</body>
</html>

连接.php:

<?php
    ob_start();
    $host="localhost"; // Host name 
    $username="root"; // Mysql username 
    $password=""; // Mysql password 
    $db_name="v2"; // Database name 
    $tbl_name="members"; // Table name 
    // Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");
    // Define $myusername and $mypassword 
    $myusername=$_POST['myusername']; 
    $mypassword=$_POST['mypassword']; 
    // To protect MySQL injection (more detail about MySQL injection)
    $myusername = stripslashes($myusername);
    $mypassword = stripslashes($mypassword);
    $myusername = mysql_real_escape_string($myusername);
    $mypassword = mysql_real_escape_string($mypassword);
    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";                            
    $result=mysql_query($sql);
    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);
    // If result matched $myusername and $mypassword, table row must be 1 row
    if($count==1){
        // Register $myusername, $mypassword and redirect to file "welcome.php"
        $_SESSION["myusername"];
        $_SESSION["mypassword"];
        header("location:welcome.php");
    }
    else {
        echo "Wrong Username or Password";
    }
    ob_end_flush();
?>

欢迎光临.php:

<?php
    session_start();
    if(!isset($_SESSION["myusername"])){
        header("location:login.php");
    }
?>
<html>
<body>
    You have successfully logged in!
    <br>
    <a href="logout.php">Logout</a>
</body>
</html>

您应该尽量避免直接访问超级全局变量。您可以使用 php 'filter_input(INPUT_POST,'用户名');相反。还要记得加密您的密码。也许您在表中加密了密码,但在"选择"查询中无法解密......正确通过它。

我认为您需要更改为

  // Register $myusername, $mypassword and redirect to file "welcome.php"
 $_SESSION["myusername"]=$myusername;
 $_SESSION["mypassword"]=$mypassword;

为了工作这个if(!isset($_SESSION["myusername"]))

相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习