我的登录代码有几个问题。我知道我没有加密密码,但这仅仅是为了现在的学习基础。PHP登录脚本会话问题
所以我知道我是从我的形式获取值,因为当我提供一个正确的登录它引导我,因为我的会议是成员的index.php然后立即重定向我访问denied.php不正确?
当我提供了一个无效的登录它不重定向我登录,failed.php它只是坐在作为的login.php有一个空白页,这就是IM从表单输入指挥它。
这是我参考的数据库表:
表:登录
+---------+----------+--------
| login_ID | Login_PW| auth |
+-------=--+---------+--------
| User_test| 123 | null |
+----------+---------+--------
<?php
function clean($str)
{
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return $str;
}
//Sanitize the POST values
if (isset($_POST['username']))
{
$username = clean($_POST['username']);
}
if (isset($_POST['password']))
{
$password = clean($_POST['password']);
}
/* Create a new mysqli object with database connection parameters */
$mysqli = mysqli_connect('localhost', 'root', '', 'draftdb');
if(mysqli_connect_errno())
{
echo "Connection Failed: " . mysqli_connect_errno();
exit();
}
/* Is your username the same as the login_id? If not you need to change this query's where to use the username column not the login_id. */
/* Create a prepared statement */
if($stmt = $mysqli -> prepare("
SELECT Login_ID, Login_PW
FROM login
WHERE Login_ID=? AND Login_PW=?
"))
{
/* Bind parameters
s - string, b - boolean, i - int, etc */
$stmt -> bind_param("ss", $username, $password);
/* Execute it */
$result = $stmt -> execute();
/* Bind results to variables that will be used within the fetch() loop. */
$stmt -> bind_result($username, $password);
//Check whether the query was successful or not
if ($result === false)
{
die("Query failed");
}
/* Iterate over the results of the query. */
while ($stmt->fetch())
{ //while loop open
if($_POST['username'] == $username && $_POST['password'] == $password)
{
//$member = mysqli_fetch_assoc($result);
session_regenerate_id();
/* We can create a _SESSION cause we binded the result to those variables above. */
//$_SESSION['SESS_MEMBER_ID'] = $username;
$_SESSION['username'] = $_POST['username'];
session_write_close();
header("location: member-index.php");
exit();
}
elseif($result -> num_rows == 0)
{
header("location: login-failed.php");
exit();
}
}//while loop close
/* Close statement */
$stmt -> close();
}//main if close
/* Close connection */
$mysqli -> close();
会员-的index.php
<?php
//Start session
session_start();
//Check whether the session variable SESS_MEMBER_ID is present or not
if(!$_SESSION['username']) {
header("location: access-denied.php");
exit();
}
?>
我们需要更多的代码来理解。你能把你的整个应用程序放在这里吗 – 2012-08-12 03:51:59