[英]php session() doesn't work in login script
我在登錄腳本中創建會話時遇到問題。 Session()似乎不起作用,因為我可以通過在瀏覽器中直接輸入admin.php來訪問它,並且當我登錄時可以訪問其他成員的信息,這是不可能發生的。 這是我的登錄腳本:
include('content/config.php');
// table name
$tbl_name=tablename;
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE login='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
$_SESSION["valid_user"] = $_POST["myusername"];
header("location: admin.php?name=$myusername");
}
else {
echo "Wrong Username or Password";
}
} else {
$myusername = "";
$mypassword = "";
}
?>
<html>
<head>
</head>
<body>
<table width="300" border="0" align="center">
<tr><td>
<form name="form1" method="post" action="login.php">
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3">Login</td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</body>
</html>
這是admin.php:
<?
session_start();
if (!$_SESSION["valid_user"])
{
header("location:login.php");
die();
}
?>
<?php include("content/top.php"); ?>
Admin Area
<?php include("content/bottom.php"); ?>
提前致謝!
您缺少session_start();
功能在您的登錄頁面中。 您需要將其放在腳本頂部。
您使用session_start();
每當您想使用與會話相關的功能時。
<?php
session_start();
include('content/config.php');
// table name
$tbl_name=tablename;
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE login='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
$_SESSION["valid_user"] = $_POST["myusername"];
header("location: admin.php?name=$myusername");
}
else {
echo "Wrong Username or Password";
}
} else {
$myusername = "";
$mypassword = "";
}
?>
<html>
<head>
</head>
<body>
<table width="300" border="0" align="center">
<tr><td>
<form name="form1" method="post" action="login.php">
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3">Login</td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</body>
</html>
$_SESSION["valid_user"] = $_POST["myusername"];
//您在登錄頁面中使用了會話,但是錯過了session_start(); 在頁面頂部
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.