stackoom
  简体   繁体   中英

How do I use SESSION_START to keep a user logged into my website

 原文  2013-12-02 02:51:39       php/ session

Question

So I'm trying to make a website but I'm stuck on the login no matter what I try I login go to the home page and immediately get logged out please help I really want to get this website up and running by the end of next year login.php 

<?php
 SESSION_START();
$_SESSION['uname'] = $uname; // Set the user's name.

require('config.php');

if(isset($_POST['submit'])){
$uname = mysql_escape_string($_POST['uname']);
$pass = mysql_escape_string($_POST['pass']);
$pass = md5($pass);

$sql = mysql_query("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass` = '$pass'");

if(mysql_num_rows($sql) > 0){
header("Location: home.php");
echo "You are now logged in.";

exit();
}else{
echo "Wrong username and password combination.";

}

}else{
$form = <<<EOT
<form action = "login.php" method = "POST">
Username: <input type = "text" name="uname"> <br />
Password: <input type = "password" name = "pass" /> <br />
<input type = "submit" name = "submit" value = "Login"/>
</form>
EOT;
}
echo $form;
?>e

Home.php 

    <?php
    SESSION_START();
    $_SESSION['uname'] = $uname; // Set the user's name.

    if($uname){
    echo $uname;    
    }

   ?>
   <?php
   if(!$uname){
   ?>
      <a href="register">Register</a>
    <a href="login">Login</a>
    <?php
        }
       ?>


      <head>
      <link rel="stylesheet" type="text/css" href="style.css">
      <title>ArcheWorlds</title>
      </head>



        <body bgcolor="black">


       <div class = "HomeNav">
       <a href = "register.php">Register</a><!--class = "HomeNavButton"--> 
       |
       <a href = "login.php">Login</a>
       </div>
       <p>Hello and welcome to Archeworlds!</p>
        </body>
        <div class="footer" style="border-top: 1px solid #FFFFFF padding-bottom: 10px margin-top: 150px"> <img              `src="Pictures/Studio 8 (small).png">`

3 answers

solution1
 0  2013-12-02 02:59:22

login_form.php 

<?php
   session_start();
   if (isset($_SESSION['uname'])) {
      $username = $_SESSION['uname'];
      echo $username;
      exit(); # Ready to go!
   }
?>
<form action = "login.php" method = "POST">
Username: <input type = "text" name="uname"> <br />
Password: <input type = "password" name = "pass" /> <br />
<input type = "submit" name = "submit" value = "Login"/>
</form>

login.php 

<?php 
session_start();
$username = mysql_escape_string($_POST['uname']); 
$pass = md5(mysql_escape_string($_POST['pass'])); ## This is *INCREDIBLY* insecure
$sql = mysql_query("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass` = '$pass'");

if(mysql_num_rows($sql) > 0){
   $_SESSION['uname'] = $username;
   header("Location: home.php"); # Ready to go!
   exit();
}
else {
   header('login_form.php'); # Failed
}

The simplest way to come up with a more secure password hash is to generate a salt for the database and then come up with an implementation of PBKDF2 using the PHP Manual Page for it

solution2
 0  2013-12-02 03:13:31

I think you need to make few changes in code:
login.php 

<?php
if( isset( $_GET['action'] ) && $_GET['action'] == "logout") {
    session_unset();
}
if(isset($_POST['submit'])){
    SESSION_START();
    $_SESSION['uname'] = $_POST['uname']; // Set the user's name.

    require('config.php');

    $uname = mysql_escape_string($_POST['uname']);
    $pass = mysql_escape_string($_POST['pass']);
    $pass = md5($pass);

    $sql = mysql_query("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass` = '$pass'");

    if(mysql_num_rows($sql) > 0){
        header("Location: Home.php");
        exit();
    }else{
        echo "Wrong username and password combination.";
    }
} ?>

& Home.php will be like : 

<?php
if( false == isset( $_SESSION['uname'] ) ) { 
    header("Location: login.php");
    exit();
} ?>
<head>
    <link rel="stylesheet" type="text/css" href="style.css">
    <title>ArcheWorlds</title>
</head>
<body bgcolor="black">
    <div class = "HomeNav">
        <a href = "register.php">Register</a>|<a href = "login.php?action=logout">Logout</a>
    </div>
    <p>Hello and welcome to Archeworlds!</p>
    <div class="footer" style="border-top: 1px solid #FFFFFF padding-bottom: 10px margin-top: 150px"> <img src="Pictures/Studio 8 (small).png">
</body>

Note: I haven't tested this code, But will work for you.

solution3
 0  2013-12-02 03:57:57

I recommend you to study this. http://www.homeandlearn.co.uk/php/php14p1.html . they have examples on Login Database with sessions for users..

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can i use session_start() at the start of every page i.e in the header file of my website How to keep a user logged into my website using a php session cookie Do I need to use session_start() in PHP to use $_SESSION? How do i get session without calling session_start How can I user session_start() in a loop with no warning/error? Trying to execute a query after session_start for logged in user How do i check if session_start has been entered? how to use session_start() with ajax? How to use session_start in Wordpress? Is it OK to add session_start(); to the top of my entire website?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM