我的索引页面完美运行。 但同时直接调用主页意味着它的开放。
我希望如果有任何页面调用检查登录。 已经登录意味着转到该页面。或者转到登录页面。
任何机构都提供登录会话的编码。
这是我的登录代码
<?php
session_start();
include 'connect.php';
if(isset($_POST['validate']))
{
$username = mysqli_real_escape_string($mysqli,$_POST['username']);
$pass = mysqli_real_escape_string($mysqli,$_POST['password']);
$sel_user = " select * from user where username='$username' AND password='$pass'";
$run_user = mysqli_query($mysqli, $sel_user);
$check_user = mysqli_num_rows($run_user);
if($check_user>0)
{
$_SESSION['user_name']=$username;
echo "<script>window.open('home.php','_self')</script>";
}
else
{
echo "<script>alert('Email or password is not correct, try again!') </script>";
echo "<script>window.open('index.php','_self')</script>";
}
}
?>
您在不检查用户名和密码的情况下启动会话。 密码也应该散列。注意 sql 注入。使用预准备语句。
<?php
include 'connect.php';
if(isset($_POST['validate']))
{
$username = mysqli_real_escape_string($mysqli,$_POST['username']);
$pass = mysqli_real_escape_string($mysqli,$_POST['password']);
$sel_user = " select * from user where username='$username' AND password='$pass'";
$run_user = mysqli_query($mysqli, $sel_user);
$check_user = mysqli_num_rows($run_user);
if($check_user>0)
{
session_start();
$_SESSION['logged_in'] = true;
session_regenerate_id(true);
header("Location:home.php");
}
else
{
echo "<script>alert('Email or password is not correct, try again!') </script>";
echo "<script>window.open('index.php','_self')</script>";
}
}
要检查是否已在任何页面中登录,请添加以下代码:
session_start();
if(!$_SESSION['logged_in']){
session_destroy();
header("Location: login.php");