我正在尝试制作一个登录用户的配置文件页面,所以我想如果登录用户点击他的配置文件页面会显示他的用户名和密码,但我不知道我做错了什么,这里是代码
login.php
<?php
$username = "root";
$password = "123";
$hostname = "localhost";
$dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");
$selected = mysql_select_db("login", $dbhandle);
$myusername = $_POST['user'];
$mypassword = $_POST['pass'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$query = "SELECT * FROM users WHERE Username='$myusername' and Password='$mypassword'";
$result = mysql_query($query);
$count = mysql_num_rows($result);
mysql_close();
if($count==1){
$seconds = 120 + time();
setcookie(loggedin, date("F jS - g:i a"), $seconds);
header("location:login_success.php");
}else{
echo 'Incorrect Username or Password';
}
?>
login_success.php
<?php
if(!isset($_COOKIE['loggedin'])){
header("location:index.php");
}
?>
<html>
<body>
<h1>Welcome!</h1>
<a href="profile.php">Profile</a>
<a href="logout.php">Logout</a>
</body>
</html>
profile.php
<?php
session_start();
?>
<html>
<head><title>Profile</title></head>
<body>
<H2>User Profile</h2>
</body>
</html>
<?php
$link = mysql_connect('localhost', 'root', '123');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
if (!mysql_select_db('login')) {
die('Could not select database: ' . mysql_error());
}
$result = mysql_query('SELECT * FROM users where username=$myusername');
if (!$result) {
die('Could not query:' . mysql_error());
}
echo mysql_result($result,0,0);
mysql_close($link);
?>
login.php
if($count==1){
$_SESSION['username'] = $myusername;
}
profile.php
$myusername = $_SESSION['username'];
change query to
$query = "SELECT * FROM users WHERE Username='$myusername'";
添加这些行将解决您的问题
这是因为profile.php中查询中的$myusername
从未定义。在login.php中试试这个:
if($count==1){
$seconds = 120 + time();
setcookie(loggedin, date("F jS - g:i a"), $seconds);
setcookie("username", $myusername, $seconds);
header("location:login_success.php");
} ...
在profile.php中:
$myusername = $_COOKIE["username"];
$result = mysql_query("SELECT * FROM users where username='$myusername'");
不过,我同意Mark Baker的观点,即所有这些代码都非常不安全。