你好,我为我的网站dubleeble.com制作了一个登录系统,出于某种原因,当你登录时,它只会让你登录一个页面,但当你转到另一个页面时,它会让你注销!我该如何解决这个问题?
这是我使用的代码:
<?php
session_start();
$username = $_POST['user'];
$password = $_POST['pass'];
if($username&&$password) {
$connect = mysql_connect("host", "user","pass") or die("Could't Connect!");
mysql_select_db("db");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if($numrows!=0)
{
while ($row = mysql_fetch_assoc($query)) {
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username==$dbusername&&$password==$dbpassword) {
$_SESSION['username']=$username;
header('Location: ' . $_SERVER['HTTP_REFERER']);
}
else
header('Location:http://dubleeble.com/php/login/incorrect.php');
}
else
header('Location:http://dubleeble.com/php/login/incorrect.php');
}
else
header('Location: ' . $_SERVER['HTTP_REFERER']);
?>
备注:
- "loged"拼写为logged
- 您应该使用某种类型的密码加密,而不仅仅是存储您应该使用的文本值
- 像我一样使用mysql_real_sescape_string来确保sql注入不可能
-
确保在使用会话变量的每个页面上都调用session_start()
$username = $_POST['user']; $password = $_POST['pass']; if(isset($username) && isset($password)) { $connect = mysql_connect("host", "user","pass") or die("Could't Connect!"); mysql_select_db("db"); $row= mysql_fetch_assoc("SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."'"); $numrows = mysql_num_rows($row); if($numrows > 0) { if($username == $row['username'] && $password == $row['password']) { session_start(); $_SESSION['username'] = $username; header('Location: ' . $_SERVER['HTTP_REFERER']); } else header('Location:http://dubleeble.com/php/login/incorrect.php'); } else header('Location:http://dubleeble.com/php/login/incorrect.php'); } else header('Location: ' . $_SERVER['HTTP_REFERER']);