我的登录页面login.php有以下代码:
<form method="post" action="confirmLoginCredentials.php">
<h2>LOGIN</h2>
<p>Username: <input type="text" name="username" /></p>
<p>Password: <input type="password" name="password" /></p>
<p><input type="submit" name="submit" value="Login" /></p>
</form>
提交后,它重定向到confirmLoginCredentials.php,即:
<?php
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
require_once 'config.php';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$q = "SELECT first_name, last_name FROM users WHERE user_name = '$username' AND password = '$password'";
$result = $mysqli->query($q) or die(mysqli_error($mysqli));
if (!mysqli_num_rows($result) == 1) {
header("Location: login.php");
}
else {
setcookie('authorized', 1, 0);
header("Location: index.php");
}
?>
这很好,如果用户成功登录,它会将用户重定向到索引页面。如果用户还没有登录,我如何将他们从我网站的所有页面重定向到login.php页面?(换句话说,如果用户没有登录,他们就无法访问我网站的内容)我应该在我网站的所有其他页面中放入什么代码才能做到这一点?
任何帮助都将不胜感激!!谢谢
注意:
- 您可以使用SESSION功能来实现您的目标
- 不要将
mysql_*函数与mysqli_*混合使用 - 最好使用
mysqli_* prepared statement,这样就不必转义每个变量,而且这是防止SQL注入的更好方法
您的配置.php:
<?php
$mysqli = new mysqli("DB_HOST", "DB_USER", "DB_PASSWORD", "DB_NAME"); /* REPLACE NECESSARY DATA INSIDE */
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s'n", mysqli_connect_error());
exit();
}
?>
您的确认登录凭证.php:
<?php
session_start(); /* START THE SESSION */
include("config.php");
if($stmt = $mysqli->prepare("SELECT first_name, last_name FROM users WHERE user_name = ? AND password = ?")){
$stmt->bind_param("ss",$_POST["username"],$_POST["password"]); /* BIND VARIABLES TO YOUR QUERY */
$stmt->execute(); /* EXECUTE THE QUERY */
$stmt->store_result();
$result = $stmt->num_rows; /* STORE NUMBER OF ROWS */
$stmt->bind_result($firstname,$lastname); /* STORE THE RESULT */
$stmt->fetch(); /* FETCH THE RESULT */
$stmt->close(); /* CLOSE THE STATEMENT */
if($result == 1){ /* IF FOUND ONE */
$_SESSION["username"] = $firstname; /* STORE THE USERNAME INTO A SESSION VARIABLE */
header("LOCATION:index.php"); /* REDIRECT USER TO INDEX PAGE */
}
else { /* IF NO RESULT FOUND */
header("LOCATION:login.php"); /* REDIRECT USER TO LOGIN PAGE */
}
} /* END OF PREPARED STATEMENT */
?>
然后创建一个包含在所有页面中的header.php,不包括您的login.php:
<?php
session_start();
if(empty($_SESSION["username"])){ /* IF NO USERNAME REGISTERED TO THE SESSION VARIABLE */
header("LOCATION:login.php"); /* REDIRECT USER TO LOGIN PAGE */
}
?>
index.php中的示例:
<?php
include("header.php");
?>
<!-- YOUR INDEX PAGE -->
如果登录用户访问了您的登录页面,您可以将他/她重定向到如下索引页面:
<?php
session_start();
if(!empty($_SESSION["username"])){ /* IF USERNAME IS ALREADY ASSIGNED ON SESSION VARIABLE */
header("LOCATION:index.php"); /* REDIRECT USER TO INDEX PAGE */
}
?>
<form method="post" action="confirmLoginCredentials.php">
<h2>LOGIN</h2>
<p>Username: <input type="text" name="username" /></p>
<p>Password: <input type="password" name="password" /></p>
<p><input type="submit" name="submit" value="Login" /></p>
</form>
对于您的登录.php,您可以使用unset(),如下所示:
<?php
session_start();
unset($_SESSION["username"]);
header("LOCATION:login.php");
?>
额外注意:
- 如果要使用一个或多个会话变量或函数,代码开头应该有
session_start();
将其放在所有页面的顶部:
if ($_COOKIE['authorized'] != '1'){
header("Location: login.php");
exit();
}