Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/264.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php 阻止用户在登录不工作的情况下访问页面_Php - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php 阻止用户在登录不工作的情况下访问页面

Php 阻止用户在登录不工作的情况下访问页面

php

Php 阻止用户在登录不工作的情况下访问页面,php,Php,当我尝试登录时,它不允许我登录,但当我取出它时,它允许我登录,但即使我注销,它仍然允许我登录页面 我知道有问题的地方是welcome.PHP中的PHP代码 Login.php: <html> <body> <form name="form1" method="post" action="connection.php"> <td colspan="3"><strong>Member Login </stron

当我尝试登录时,它不允许我登录,但当我取出它时,它允许我登录,但即使我注销,它仍然允许我登录页面

我知道有问题的地方是welcome.PHP中的PHP代码

Login.php:

<html>
<body>
    <form name="form1" method="post" action="connection.php">
        <td colspan="3"><strong>Member Login </strong></td>
        <td width="78">Username</td>
        <td width="6">:</td>
        <td width="294">
            <input name="myusername" type="text" id="myusername">
        </td>
        Password: 
        <input name="mypassword" type="text" id="mypassword">
        <input type="submit" name="Submit" value="Login">
    </form>
</body>
</html>


会员登录
用户名
:
密码:
Connection.php:

<?php
    ob_start();
    $host="localhost"; // Host name 
    $username="root"; // Mysql username 
    $password=""; // Mysql password 
    $db_name="v2"; // Database name 
    $tbl_name="members"; // Table name 

    // Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");

    // Define $myusername and $mypassword 
    $myusername=$_POST['myusername']; 
    $mypassword=$_POST['mypassword']; 

    // To protect MySQL injection (more detail about MySQL injection)
    $myusername = stripslashes($myusername);
    $mypassword = stripslashes($mypassword);
    $myusername = mysql_real_escape_string($myusername);
    $mypassword = mysql_real_escape_string($mypassword);
    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";                            
    $result=mysql_query($sql);

    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);

    // If result matched $myusername and $mypassword, table row must be 1 row
    if($count==1){
        // Register $myusername, $mypassword and redirect to file "welcome.php"
        $_SESSION["myusername"];
        $_SESSION["mypassword"];
        header("location:welcome.php");
    }
    else {
        echo "Wrong Username or Password";
    }
    ob_end_flush();
?>

您应该尽量避免直接访问超级全局文件。您可以使用php的“filter\u input(input\u POST,'username');相反还要记得加密你的密码。可能是您将密码加密到了表中,但在“选择”查询中解密失败…请正确检查它。
我认为您需要更改为


  // Register $myusername, $mypassword and redirect to file "welcome.php"
 $_SESSION["myusername"]=$myusername;
 $_SESSION["mypassword"]=$mypassword;



如果(!isset($\u SESSION[“myusername”])要想使用此
,请参见第一条注释:切换到PDO或MySQLi。MySQL从PHP7开始就被弃用了
welcome.php在调用
header()
之后应该
exit()
。另外,检查日志,确保没有收到已发送的
标题
警告。

  // Register $myusername, $mypassword and redirect to file "welcome.php"
 $_SESSION["myusername"]=$myusername;
 $_SESSION["mypassword"]=$mypassword;