PHP Session不起作用
[英]PHP Session won't work
问题描述
Ok I am trying to create a simple login here but my login code as well as the intropage wont work properly. 
好的我想在这里创建一个简单的登录,但我的登录代码以及intropage将无法正常工作。 Tried to tweak the code for SESSION but find no luck. 试图调整SESSION的代码,但没有找到运气。
Here's the code for my login.php: 这是我的login.php的代码:
<?php require_once("includes/connection.php"); ?>
<?php include("includes/header.php"); ?>
<?php
if(isset($_POST["login"])){
if(!empty($_POST['username']) && !empty($_POST['password'])) {
$username=$_POST['username'];
$password=$_POST['password'];
$query=mysql_query("SELECT * FROM usertbl WHERE username='".$username."' AND password='".$password."'");
$numrows=mysql_num_rows($query);
if($numrows!=0)
{
while($row=mysql_fetch_assoc($query))
{
$dbusername=$row['username'];
$dbpassword=$row['password'];
}
if($username == $dbusername && $password == $dbpassword)
{
session_start();
$_SESSION['session_username']=$username;
/* Redirect browser */
header("Location: intropage.php");
}
} else {
$message = "Invalid username or password!";
}
} else {
$message = "All fields are required!";
}
}
?>
<div class="container mlogin">
<div id="login">
<h1>LOGIN</h1>
<form name="loginform" id="loginform" action="" method="POST">
<p>
<label for="user_login">Username<br />
<input type="text" name="username" id="username" class="input" value="" size="20" /></label>
</p>
<p>
<label for="user_pass">Password<br />
<input type="password" name="password" id="password" class="input" value="" size="20" /></label>
</p>
<p class="submit">
<input type="submit" name="login" class="button" value="Log In" />
</p>
<p class="regtext">No account yet? <a href="register.php" >Register Here</a>!</p>
</form>
</div>
</div>
<?php include("includes/footer.php"); ?>
<?php if (!empty($message)) {echo "<p class=\"error\">" . "MESSAGE: ". $message . "</p>";} ?>
Then for here's the code for my intropage.php where in I redirect the page. 然后这里是我的intropage.php的代码,我在其中重定向页面。
<?php
session_start();
if(!isset($_SESSION["session_username"])){
header("location:login.php");
} else {
?>
<?php include("includes/header.php"); ?>
<h2>Welcome, <?php echo $_SESSION['session_username'];?>! </h2>
<p><a href="logout.php">Logout</a> Here!</p>
<?php
}
?>
Any help please? 有什么帮助吗? Just wanna make this work or if anything you can tweak so that I can find where I made a mistake. 只是想做这项工作或者如果有什么你可以调整,以便我可以找到我犯了错误的地方。 A big thanks! 非常感谢!
4 个解决方案
解决方案1
2 已采纳 2014-05-21 04:22:40
You need to check if the session name is set inside all pages using if(isset($_SESSION["session_username"])) 您需要使用if(isset($_SESSION["session_username"]))检查是否在所有页面中设置了会话名称
login.php 的login.php
<?php
error_reporting(E_ALL); ini_set('display_errors', 1);
session_start();
?>
<?php require_once("includes/connection.php"); ?>
<?php include("includes/header.php"); ?>
<?php
if(isset($_SESSION["session_username"])){
// echo "Session is set"; // for testing purposes
header("Location: intropage.php");
}
else{
echo "You are not logged in.";
}
if(isset($_POST["login"])){
if(!empty($_POST['username']) && !empty($_POST['password'])) {
$username=$_POST['username'];
$password=$_POST['password'];
$query =mysql_query("SELECT * FROM usertbl WHERE username='".$username."' AND password='".$password."'");
$numrows=mysql_num_rows($query);
if($numrows!=0)
{
while($row=mysql_fetch_assoc($query))
{
$dbusername=$row['username'];
$dbpassword=$row['password'];
}
if($username == $dbusername && $password == $dbpassword)
{
// old placement
// session_start();
$_SESSION['session_username']=$username;
/* Redirect browser */
header("Location: intropage.php");
}
} else {
// $message = "Invalid username or password!";
echo "Invalid username or password!";
}
} else {
$message = "All fields are required!";
}
}
?>
<div class="container mlogin">
<div id="login">
<h1>LOGIN</h1>
<form name="loginform" id="loginform" action="" method="POST">
<p>
<label for="user_login">Username<br />
<input type="text" name="username" id="username" class="input" value="" size="20" /></label>
</p>
<p>
<label for="user_pass">Password<br />
<input type="password" name="password" id="password" class="input" value="" size="20" /></label>
</p>
<p class="submit">
<input type="submit" name="login" class="button" value="Log In" />
</p>
<p class="regtext">No account yet? <a href="register.php" >Register Here</a>!</p>
</form>
</div>
</div>
Footnotes: 脚注:
Your present code is open to SQL injection . 您现在的代码对SQL注入是开放的。 Use prepared statements , or PDO . 使用预 准备语句或PDO 。
mysql_* functions deprecation notice: mysql_*函数弃用通知:
http://www.php.net/manual/en/intro.mysql.php http://www.php.net/manual/en/intro.mysql.php
This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. 此扩展自PHP 5.5.0起不推荐使用,不建议用于编写新代码,因为将来会删除它。 Instead, either the mysqli or PDO_MySQL extension should be used. 相反,应该使用mysqli或PDO_MySQL扩展。 See also the MySQL API Overview for further help while choosing a MySQL API. 另请参阅MySQL API概述,以便在选择MySQL API时获得进一步的帮助。
These functions allow you to access MySQL database servers. 这些函数允许您访问MySQL数据库服务器。 More information about MySQL can be found at » http://www.mysql.com/ . 有关MySQL的更多信息,请访问» http://www.mysql.com/ 。
Documentation for MySQL can be found at » http://dev.mysql.com/doc/ . 有关MySQL的文档,请访问» http://dev.mysql.com/doc/ 。
Passwords 密码
I noticed that you may be storing passwords in plain text. 我注意到您可能以纯文本格式存储密码。 This is not recommended. 不建议这样做。
Use one of the following: 使用以下之一:
- CRYPT_BLOWFISH crypt_blowfish的
-
crypt() -
bcrypt() -
scrypt() - On OPENWALL 在OPENWALL
- PBKDF2 PBKDF2
- PBKDF2 on PHP.net PHP.net上的PBKDF2
- PHP 5.5's
password_hash()function.PHP 5.5的password_hash()函数。 - Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/ 兼容包(如果PHP <5.5) https://github.com/ircmaxell/password_compat/
Other links: 其他链接:
解决方案2
0 2014-05-21 03:38:36
<?php
session_start();
require_once("includes/connection.php");
include("includes/header.php");
$message = '';
if(isset($_REQUEST["login"])) {
if((isset($_POST['username']) && strlen(trim($_POST['username'])) > 0) && (isset($_POST['password']) && strlen(trim($_POST['password'])) > 0)) {
$username = filter_var($_POST['username'],FILTER_SANITIZE_STRING);
$password = filter_var($_POST['password'],FILTER_SANITIZE_STRING);
$query = mysql_query("SELECT * FROM usertbl WHERE username='".$username."' AND password='".$password."' LIMIT 1");
if(mysql_num_rows($query) == 1) {
$row = mysql_fetch_assoc($query));
$_SESSION['session_username'] = $row['username'];
/* Redirect browser */
header("Location: intropage.php");
} else {
$message = "Invalid username or password!";
}
} else {
$message = "All fields are required!";
}
}
?>
<div class="container mlogin">
<div id="login">
<h1>LOGIN</h1>
<form name="loginform" id="loginform" action="" method="POST">
<p>
<label for="user_login">Username<br />
<input type="text" name="username" id="username" class="input" value="" size="20" />
</label>
</p>
<p>
<label for="user_pass">Password<br />
<input type="password" name="password" id="password" class="input" value="" size="20" />
</label>
</p>
<p class="submit">
<input type="submit" name="login" class="button" value="Log In" />
</p>
<p class="regtext">No account yet? <a href="register.php" >Register Here</a>!</p>
</form>
</div>
</div>
<?php
include("includes/footer.php");
if (!empty($message)) {
echo "<p class=\"error\">" . "MESSAGE: ". $message . "</p>";
}
?>
That won't do it, session_start needs to be at the top of the file to work properly. 不会这样做,session_start需要位于文件的顶部才能正常工作。 So either include it at the beginning of the file "includes/header.php" (which you are including in your login page) or in some other include file which you will be using in all of your pages. 因此要么将其包含在文件“includes / header.php”的开头(您在登录页面中包含该文件),要么包含在您将在所有页面中使用的其他包含文件中。
解决方案3
0 2014-05-21 04:23:21
Put your session_start() into your top of the page. 将session_start()放入页面顶部。
i have just commented your code. 我刚刚评论了你的代码。 and its worked for me. 它为我工作。 Just copy and run this code directly. 只需直接复制并运行此代码即可。
<?php session_start();
//require_once("includes/connection.php"); ?>
<?php //include("includes/header.php"); ?>
<?php
if(isset($_POST["login"])){
if(!empty($_POST['username']) && !empty($_POST['password'])) {
$username=$_POST['username'];
$password=$_POST['password'];
/* $query=mysql_query("SELECT * FROM usertbl WHERE username='".$username."' AND password='".$password."'");
$numrows=mysql_num_rows($query);
if($numrows!=0)
{
while($row=mysql_fetch_assoc($query))
{
$dbusername=$row['username'];
$dbpassword=$row['password'];
}
if($username == $dbusername && $password == $dbpassword)
{*/
$_SESSION['session_username']=$username;
print_r($_SESSION);
/* Redirect browser */
/* header("Location: intropage.php");
}
} else {
$message = "Invalid username or password!";
}
*/
} else {
$message = "All fields are required!";
}
}
?>
<div class="container mlogin">
<div id="login">
<h1>LOGIN</h1>
<form name="loginform" id="loginform" action="" method="POST">
<p>
<label for="user_login">Username<br />
<input type="text" name="username" id="username" class="input" value="" size="20" /></label>
</p>
<p>
<label for="user_pass">Password<br />
<input type="password" name="password" id="password" class="input" value="" size="20" /></label>
</p>
<p class="submit">
<input type="submit" name="login" class="button" value="Log In" />
</p>
<p class="regtext">No account yet? <a href="register.php" >Register Here</a>!</p>
</form>
</div>
</div>
<?php include("includes/footer.php"); ?>
<?php if (!empty($message)) {echo "<p class=\"error\">" . "MESSAGE: ". $message . "</p>";} ?>
解决方案4
0 2014-05-21 05:03:05
You are unnecessarily checking session username in intropage.php 您无需在intropage.php中检查会话用户名
you should remove the code 你应该删除代码
if(!isset($_SESSION["session_username"])){
header("location:login.php");
From intro file and start session only once and it should be in header file's first line. 从intro文件和启动会话只有一次,它应该在头文件的第一行。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.