1. 首页
  2. 问答
  3. 重定向如果没有登录

重定向如果没有登录

2016-03-16 85 views
1

我有一个PHP登录脚本,我只想要某些页面被访问,如果用户登录(如果他们不是,他们被重定向到登录页面)。重定向如果没有登录

我有这其中的login.php启动会话:

<?php 

session_start(); 
$con = mysqli_connect("localhost","Username","SomeData","Privatestuff"); 
$User = $_SESSION['username']; 

if(isset($_POST['loginsubmit'])) { 

$username = $_POST['username']; 
$password = md5($_POST['password']); 

$username = stripslashes($username); 
$password = stripslashes($password); 

$username = mysqli_real_escape_string($con, $username); 
$password = mysqli_real_escape_string($con, $password); 

$logincheck = "SELECT * FROM `users` WHERE username='$username' and password='$password'"; 
$result = mysqli_query($con, $logincheck); 
$row = mysqli_fetch_array($result, MYSQLI_ASSOC); 
$count = mysqli_num_rows($result); 
if(mysqli_num_rows($result) == 1){ 
$_SESSION['username']=$username; 
header('Location: index.php'); 
die(); 
}else{ 
echo "Username or password is invalid."; 
} 

} 
} 
} 

?>

我有这样的index.php文件,如果他们不登录的用户会被重定向,悬停它不会阻止用户从访问的网页,如果他们不是在

<?php 

session_start(); 
$con = DB INFO 
$User = $_SESSION['username']; 

if(!$User){ 
header('Location: welcome.php'); 
die(); 
} 

?>

记录可能有人请帮助确定为什么用户仍然可以访问的index.php如果他们没有登录?

来源

2016-03-16 questers help

回答

-1

index.php: -

<?php 
session_start(); 
// $con = DB INFO //not needed 
//$User = $_SESSION['username']; not needed 

if(isset($_SESSION['username'])){ 
    // your complete code will be inside this if 
}else{ 
    header('Location: welcome.php'); 
    die(); 
} 
?>

login.php需要一些增强其评论: -

<?php 
session_start(); 
error_reporting(E_ALL); // check all type of errors 
ini_set('display_errors',1); // display those errors 
$con = mysqli_connect("localhost","Username","SomeData","Privatestuff"); 
$User = $_SESSION['username']; 

if(isset($_POST['username']) && isset($_POST['password'])) { // check with posted values not with submit button values 

$username = $_POST['username']; 
$password = md5($_POST['password']); 

//$username = stripslashes($username); //not needed 
//$password = stripslashes($password); //not needed 

........ rest of your code

来源

2016-03-16 21:15:21

+0

请问如果'$ USER = $ _SESSION [“用户名”];'需要在页面的顶部,以及当用户登录? –

+0

你可以在任何地方直接使用'$ _SESSION ['username']',但是如果你想使用'$ User = $ _SESSION ['username'];',没问题 –

+0

@Anant - 请不要让人投票在评论中回答您的问题,并请停止让他们在问题的评论中查看您的答案。许多这些评论已被标记和删除,社区普遍认为它们是噪音。 –

0

index.php或header.php文件的顶部添加此

<?php 
     // First execute a common code to connect to the database and start the session 
     include ("includes/connect.php"); 

     // At the top of the page check to see whether the user is logged in or not 
     if(empty($_SESSION['users'])) 
     { 
      // If they are not, redirect them to the login page. 
      header("Location: login.php"); 

      // Remember that this die statement is absolutely critical. Without it, 
      // people can view your members-only content without logging in. 
      die("Redirecting to login.php"); 
     } 
    ?>

并添加或完成这一项到您的登录页面或login.php

<?php 
session_start(); 
include ('includes/connect.php'); 

$message=""; 
if(!empty($_POST["login"])) { 
    $result = mysqli_query($conn,"SELECT * FROM users WHERE username='" . $_POST["username"] . "' and password = '". $_POST["password"]."'"); 
    $row = mysqli_fetch_array($result); 
    if(is_array($row)) { 
     $_SESSION["users"] = $row['usersid']; 
     $_SESSION['login'] = true; 
     header("Location:index.php"); 
     exit(); 
    } else { 
    $message = "Invalid Username or Password!"; 
    } 
} 
?>

来源

2017-03-31 02:38:46 Ace

相关问题

 相关问题