由于某些原因,只有在选中"记住我"框的情况下,我的登录系统才能工作。如果它没有被选中,它只是重定向回登录页面,并且不让用户登录。我在登录页面上的代码如下:
<?php
require 'connection.php';
require 'function.php';
session_name('sessionlogin');
session_set_cookie_params(2*7*24*60*60);
session_start();
if($_SESSION['id'] && !isset($_COOKIE['Remembercookie']) && !$_SESSION['Remembercheck'])
{
$_SESSION = array();
session_destroy();
}
if(isset($_GET['logoff']))
{
$_SESSION = array();
session_destroy();
header("Location: index.php");
exit;
}
?>
Login:<br>
<form name="login" action="includes/login.php" method="post">
Username: <input type="text" name="username" id="username" /><br>
Password: <input type="password" name="password" id="password" /><br>
<input name="Remembercheck" id="Remembercheck" type="checkbox" checked="checked" value="1" />
<input type="submit" value="Login" name="submit"/><br><br><br>
</form>
这是login.php:
<?php
require 'connection.php';
require 'function.php';
require 'salt.php';
session_name('sessionlogin');
session_start();
if($_POST['submit']=='Login')
{
$err = array();
if(!$_POST['username'] || !$_POST['password'])
$err[] = 'All the fields must be filled in!';
if(!count($err))
{
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$_POST['Remembercheck'] = (int)$_POST['Remembercheck'];
$row = mysql_fetch_assoc(mysql_query("SELECT id,usr, FROM table WHERE usr='{$_POST['username']}' AND pass='{$_POST['password']}'"));
if($row['usr'])
{
$_SESSION['usr']=$row['usr'];
$_SESSION['id'] = $row['id'];
$_SESSION['Remembercheck'] = $_POST['Remembercheck'];
setcookie('Remembercookie',$_POST['Remembercheck']);
}
else $err[]='Wrong username and/or password!';
}
if($err)
$_SESSION['msg']['login-err'] = implode('<br />',$err);
echo header("Location: ../index.php");
exit;
}
这里涉及到密码散列和更多的东西,但我去掉了所有这些,以简化问题并使其与这个特定问题相关。请帮忙!
对于您的Login.php文件,请尝试以下操作:
<?php
require 'connection.php';
require 'function.php';
require 'salt.php';
// uncomment if you create a connection to your mysql database like this:
// $link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
// global $c;
if($_POST['submit']=='Login')
{
$err = array();
if(!isset($_POST['username']) || !isset($_POST['password']))
{
$err[] = 'All the fields must be filled in!';
}
else
{
$user = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['password']);
$rcheck = (int)$_POST['Remembercheck'];
$q = mysql_query("SELECT * FROM table WHERE usr='$user' AND pass='$pass'", $c); // i dont know how your are connecting to your database, but you may need to add your $c in your query
$row = mysql_fetch_assoc($q);
$num = mysql_num_rows($q);
if($q != 1) //should only return 1 user
{
// Error
}
else
{
session_name('sessionlogin'); //start your session after the users credentials match
session_start();
$_SESSION['usr']= $row['usr'];
$_SESSION['id'] = $row['id'];
$_SESSION['Remembercheck'] = $rcheck;
setcookie('Remembercookie',$rcheck);
header("Location: ../index.php");
}
else
{
$err[]='Wrong username and/or password!';
}
}
if($err)
$_SESSION['msg']['login-err'] = implode('<br />',$err);
exit;
}
您的代码看起来有点乱,您应该真正开始使用mysqli,因为mysql已经被弃用了,或者这样做。我自己经常使用的登录代码是这样的,但它没有记住我,但这不会有什么不同:
<?php
include "mysqli.php";
global $db; // i use the OOP (object oriented programming) method for connecting to the database.
include "func.php";
// set the variables
$username = $db->real_escape_string(strtolower($_POST['user'])); // i use strtolower to avoid case-sensitive errors, it lowers the strength of passwords so isnt fully recommended
$password = $db->real_escape_string(strtolower($_POST['pass']));
$epassword = md5($password); // hashing the password adds a level of security, however not as much anymore as it can be brute forced. you also need to be aware that your password field in your database must contain the hashed password
$sql = $db->query("SELECT * FROM user WHERE (username = '$username') AND (password = '$epassword')");
$nr = $sql->num_rows;
if( $nr != 1 )
{
echo "<font color='red'>LOGIN ERROR</font><br />";
$q = $db->query("SELECT * FROM user WHERE username = '$username'");
$q_nr = $q->num_rows;
if( $q_nr != 1 )
{
echo "<font color='red'>Username does not exist</font><br />";
echo "<a href='login.php> > Back </a>";
exit;
}
else
{
$q1 = $db->query("SELECT * FROM user WHERE (username = '$username') AND (password = '$epassword')");
$q1_nr = $q1->num_rows;
if ( $q1_nr != 1 )
{
echo "<font color='red'>Password does not match account</font><br />";
echo "<a href='login.php> > Back </a>";
exit;
}
}
}
else
{
$nar = $sql->fetch_array(MYSQLI_BOTH);
session_start();
session_regenerate_id();
$_SESSION['loggedin'] = 1;
$_SESSION['userid'] = $nar['uid'];
header("location:index.php");
}
?>