[英]PHP login page only accessible to user that logged in?
Been looking at several of these and haven't found any luck - i'm sure it's something simple i'm doing. 一直在查看其中的几个,却没有发现任何运气-我敢肯定,这是我正在做的简单事情。 I have a basic HTML login page, that calls login.php.
我有一个基本的HTML登录页面,该页面称为login.php。
HTML: HTML:
<?php
session_start();
?>
<form action="login.php" method="POST">
<div align="center">Username:
<input type="text" name="uname">
<br><br>
Password:
<input type="password" name="pass">
<br><br>
<input type="submit" value="login" name="submit">
</div>
</form>
LOGIN.PHP: LOGIN.PHP:
<?php
require ('sql_connect.php');
if (isset($_POST['submit'])){
$username=mysql_escape_string($_POST['uname']);
$password=mysql_escape_string($_POST['pass']);
if (!$_POST['uname'] | !$_POST['pass'])
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('You did not complete all of the required fields')
window.location.href='htmlogin.html'
</SCRIPT>");
exit();
}
$sql= mysql_query("SELECT * FROM `members` WHERE `username` = '$username' AND `password` = '$password'");
$row= mysql_fetch_assoc($sql);
$url=$row['defaultpage'];
if(mysql_num_rows($sql) > 0)
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Login Succesfully!')
window.location.href='htmllogin.html'
</SCRIPT>");
header($url);
exit();
}
else{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Wrong username password combination.Please re-enter.')
window.location.href='htmllogin.html'
</SCRIPT>");
exit();
}
}
else{
}
?>
I have got the form sucesfully connecting to the DB and will let me login (i've got it setup with a database entry so its redirecting to a specific URL based on who logs in.) 我已经将表单成功连接到数据库,并让我登录(我使用数据库条目对其进行了设置,以便根据登录者的身份将其重定向到特定的URL。)
My question is, I do not want that specific URL accessable to someone who has not logged in. I've tried a couple different options, using session_start();
我的问题是,我不想让未登录的人访问该特定的URL。我使用
session_start();
尝试了几个不同的选项session_start();
but apparently i'm either not entering the correct information, or doing it on the correct pages. 但显然我不是在输入正确的信息,还是在正确的页面上进行了输入。 Here is what I currently have on the landing page that a specific user would be sent to after logging in:
这是我当前在登录页面上具有的内容,特定用户登录后将被发送到该页面:
<?php
session_start();
if(!isset($_SESSION['username'])){
header("Location:http://mywebsite.com/htmllogin.html")
}
?>
<html>
<head>
</head>
<body>
<div id="div1">
test
</div>
</body>
</html>
My thought was that in the landing page, if it doesn't match the session it would re-direct the user to the original html login page. 我的想法是,在登录页面中,如果与会话不匹配,它将把用户重定向到原始的html登录页面。 Any help...thanks!
任何帮助...谢谢!
Once your user is verified and should be logged in, you need to create your $_SESSION variables. 验证用户并登录后,您需要创建$ _SESSION变量。
<?php
$_SESSION['username'] = $_POST['uname'];
?>
The above piece of code should be placed inside the next if-structure in login.php: 上面的代码应该放在login.php中的下一个if-结构内:
if(mysql_num_rows($sql) > 0)
{
$_SESSION['username'] = $_POST['uname'];
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('Login Succesfully!')
window.location.href='htmllogin.html'
</SCRIPT>");
header($url);
exit();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.