简单的登录会话 php
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/16889995/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
simple login session php
提问by user2446521
Having trouble getting my session up and running. I've been over looking my code for the past couple hours and I can't see to find what is wrong with it. The problem I am experiencing is that every time I type the username and password in, it just redirects me to the login page to type in the info again when it should be displaying the securedpage.php..
无法启动并运行我的会话。在过去的几个小时里,我一直在查看我的代码,但我看不出它有什么问题。我遇到的问题是,每次我输入用户名和密码时,它只会将我重定向到登录页面,以便在应该显示securepage.php 时再次输入信息。
Here is my code:
这是我的代码:
loginproc.php page- This page steps through if statement and goes straight to the else
loginproc.php 页面- 此页面逐步执行 if 语句并直接进入 else
<?php
// Inialize session
session_start();
// Include database connection settings
include('../../model/database.php');
// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM user WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string($_POST['password']) . "')");
// Check username and password match
if (mysql_num_rows($login) == 1) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
header('Location: securedpage.php');
}
else {
// Jump to login page
header('Location: index.php');
}
?>
securedpage.php page
securepage.php 页面
<?php
// Inialize session
session_start();
// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username'])) {
header('Location: index.php');
}
?>
<html>
<head>
<title>Secured Page</title>
</head>
<body>
<p>This is secured page with session: <b><?php echo $_SESSION['username']; ?></b>
<br>You can put your restricted information here.</p>
<p><a href="logout.php">Logout</a></p>
</body>
</html>
database.php page
database.php 页面
<?php
$dsn = 'mysql:host=localhost;dbname=sports_db';
$username = '';
$password = '';
$options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
try {
$db = new PDO($dsn, $username, $password, $options);
} catch (PDOException $e) {
$error_message = $e->getMessage();
include 'errors/db_error_connect.php';
exit;
}
function display_db_error($error_message) {
global $app_path;
include 'errors/db_error.php';
exit;
}
?>
回答by alwaysLearn
You cannot mix PDO and mysql .. You are creating query in PDOand using mysql_*Try changing your code to
您不能混合 PDO 和 mysql .. 您正在创建查询PDO并使用mysql_*尝试将代码更改为
<?php
// Inialize session
session_start();
// Include database connection settings
include('../../model/database.php');
// Retrieve username and password from database according to user's input
$stmt = $db->prepare("SELECT * FROM user WHERE (`username` = :username) and (`password` = :password)");
$result = $stmt->execute(array(':username'=>$_POST['username'],':password'=>$_POST['password']));
$num_rows = $stmt->rowCount();
// Check username and password match
if ( $num_rows > 0) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
header('Location: securedpage.php');
}
else {
// Jump to login page
header('Location: index.php');
}
?>
see reference
回答by Sven
The problem probably lies here:
问题大概出在这里:
if (mysql_num_rows($login) == 1) {
Use triple equation if you want to check for the integer 1. Most likely, though, is that the login/pass fails.
如果您想检查整数 1,请使用三重方程。不过,最有可能是登录/通过失败。
And this:
和这个:
$_SESSION['username'] = $_POST['username'];
is bad practice, even if you get a valid response.
是不好的做法,即使你得到了有效的回应。
回答by Manjunath
I have a suggestion for you:
我有一个建议给你:
1) Do not store the user given data directly in to your session variable.
1) 不要将用户给定的数据直接存储到会话变量中。
2) First check to see if the user credential exists in your table,fetch the corresponding row and then store the fetched data in your session variable.
2) 首先检查您的表中是否存在用户凭据,获取相应的行,然后将获取的数据存储在您的会话变量中。
