PHP-使用登录系统保护仅限成员的页面

你好，我被我编写的PHP代码难住了。我已经盯着这个看了好几个小时，但没有成功，请帮我找出任何我显然犯过的错误

    // Create connection
    $conn = new mysqli($servername, $username, $password, $db);

    // Check connection
    if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
    } 

    //Might as well also load your functions page here, so they are always available
    require_once('fn/functions.php');
?>

我想让这个脚本做的是从一个html表单页面，查询一个数据库表（“用户”）以确保他们的密码和用户名是正确的，然后在一个单独的表（“令牌”）中，在“tk”列中插入一个随机令牌（我以前使用的方法，它是有效的），然后用户进行常规身份验证。代码从“users”表拉入“tokens”表中的“gauth”列

添加常规身份验证的原因是，我可以提取他们的用户名，并将其显示在我计划“保护”的所有页面上

抱歉，如果我弄糊涂了，这是我能改进它的最好方法。另外，我不太擅长格式化：）。稍后我将添加一些html，这就是标记存在的原因

MySQL表：

用户示例：

cols:        username  | password  |    email              | classcode | tcode   | genralauth |
             hello     | world     | hello.world@gmail.com | 374568536 | somthin | 8945784953 |

cols:          gauth   |      tk      |
            3946893485 |wr8ugj5ne24utb|

令牌示例：

cols:        username  | password  |    email              | classcode | tcode   | genralauth |
             hello     | world     | hello.world@gmail.com | 374568536 | somthin | 8945784953 |

cols:          gauth   |      tk      |
            3946893485 |wr8ugj5ne24utb|

PHP:

这是我将在大多数页面上使用的用于令牌身份验证的PHP，但是它实际上没有检查数据库“令牌”，而且我需要一种使用常规身份验证显示登录用户用户名的方法

PHP:

虚拟工作表！

教师网页html在这里

<?php 
    break;
    case student:
?>

<?php
    break;
    default:
        echo "Please login to view this page.";
}
}?>
</html>

学生页面html在这里

<?php 
    break;
    case student:
?>

<?php
    break;
    default:
        echo "Please login to view this page.";
}
}?>
</html>

---

我建议您改变方法

虽然乍一看，这些示例文件看起来很多，但一旦您研究它们，您就会发现它实际上比您现在的方向更简单、更符合逻辑

首先，将db connect/login文件移动到一个单独的文件中，并在每个PHP页面顶部包含该文件：

INIT.PHP

    // Create connection
    $conn = new mysqli($servername, $username, $password, $db);

    // Check connection
    if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
    } 

    //Might as well also load your functions page here, so they are always available
    require_once('fn/functions.php');
?>

现在，看看我们如何在索引（和受限）页面上使用它？

    // Create connection
    $conn = new mysqli($servername, $username, $password, $db);

    // Check connection
    if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
    } 

    //Might as well also load your functions page here, so they are always available
    require_once('fn/functions.php');
?>

INDEX.PHP

    // Create connection
    $conn = new mysqli($servername, $username, $password, $db);

    // Check connection
    if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
    } 

    //Might as well also load your functions page here, so they are always available
    require_once('fn/functions.php');
?>

<?php
    require_once('inc/head.inc.php');
    require_once('fn/init.php');
?>

<body>
    <!-- Examples need jQuery, so load that... -->
    <script src="https://code.jquery.com/jquery-1.11.3.js"></script>
    <!-- and our own file we will create next... -->
    <script type="text/javascript" src="js/index.js"></script>

    <div id="pageWrap">
        <div id="loginDIV">
            LoginID: <input type="text" id="liID" /><br>
            LoginPW: <input type="password" id="liPW" /><br>
            <input type="button" id="myButt" value="Login" />
        </div>
    </div>

<?php
    $id = $_POST['id'];
    $pw = $_POST['pw'];

    //Verify from database that ID and PW are okay
    //Note that you also should sanitize the data received from user

    if ( id and password authenticate ){
        //Use database lookups ot get this data: $un = `username` 

        //Use PHP sessions to set global variable values
        $_SESSION['username'] = $un;
        echo 1;
    }else{
        echo 'FAIL';
    }

<?php
    if (!isset($_SESSION['username']) ){
        header('Location: ' .'index.php');
    }

    require_once('inc/head.inc.php');
    require_once('fn/init.php');
?>
<body>
    <h1>Welcome to the Admin Page, <?php echo $_SESSION['username']; ?>
    <!--  AND here go all teh restricted things you need a login to do. -->

AJAX/LOGIN.PHP

    // Create connection
    $conn = new mysqli($servername, $username, $password, $db);

    // Check connection
    if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
    } 

    //Might as well also load your functions page here, so they are always available
    require_once('fn/functions.php');
?>

<?php
    require_once('inc/head.inc.php');
    require_once('fn/init.php');
?>

<body>
    <!-- Examples need jQuery, so load that... -->
    <script src="https://code.jquery.com/jquery-1.11.3.js"></script>
    <!-- and our own file we will create next... -->
    <script type="text/javascript" src="js/index.js"></script>

    <div id="pageWrap">
        <div id="loginDIV">
            LoginID: <input type="text" id="liID" /><br>
            LoginPW: <input type="password" id="liPW" /><br>
            <input type="button" id="myButt" value="Login" />
        </div>
    </div>

<?php
    $id = $_POST['id'];
    $pw = $_POST['pw'];

    //Verify from database that ID and PW are okay
    //Note that you also should sanitize the data received from user

    if ( id and password authenticate ){
        //Use database lookups ot get this data: $un = `username` 

        //Use PHP sessions to set global variable values
        $_SESSION['username'] = $un;
        echo 1;
    }else{
        echo 'FAIL';
    }

<?php
    if (!isset($_SESSION['username']) ){
        header('Location: ' .'index.php');
    }

    require_once('inc/head.inc.php');
    require_once('fn/init.php');
?>
<body>
    <h1>Welcome to the Admin Page, <?php echo $_SESSION['username']; ?>
    <!--  AND here go all teh restricted things you need a login to do. -->

欢迎来到管理页面，

---

---

来自“用户”

语法错误。这并不能帮助您

错误报告（0）。谢谢！稍后我将不得不详细研究这一点，但是我不知道javascript（这对我来说真的很混乱），这可能是将来我在页面中添加更多函数时的一个问题。我觉得我的答案就在javascript中：）。我通常不会问，但skype会成为一种选择吗？我已经了解php，目前正在从您的链接学习AJAX，但我不想在W3学校参考时花钱进行编码。谢谢你。