Php 请帮助我检查登录中的会话错误
表单提交后,表单会话将按会话变量保存到变量中,我们可以检查是否正确。但当我签出它时,它显示了错误Php 请帮助我检查登录中的会话错误,php,session,Php,Session,表单提交后,表单会话将按会话变量保存到变量中,我们可以检查是否正确。但当我签出它时,它显示了错误 <?php include '../includes/config.php'; if(isset($_POST['submit'])) { $email = $_POST['email']; $pass = $_POST['password']; $msg = "The email or password you
<?php
include '../includes/config.php';
if(isset($_POST['submit']))
{
$email = $_POST['email'];
$pass = $_POST['password'];
$msg = "The email or password you entered is incorrect"; //error message
//email validation
if(empty($email) || empty($pass)){
echo $msg;
header ("refresh:5; url=index.php");
exit();
}
if(!preg_match('/@/',$email)){
echo $msg;
header ("refresh:5; url=index.php");
exit();
}
//search username and password from table users
$result = mysql_query("SELECT * FROM table_users");
$fetch = mysql_fetch_array($result);
if($email == $fetch['email'] && $pass == $fetch['pass']){
session_start();
$_SESSION['email'] = $result['email'];
$_SESSION['type'] = $result['type'];
header('refresh:2; url=../panel/index.php');
echo "Logged in..";
exit();
}
else
echo $msg;
header ("refresh:5; url=index.php");
}
else
{
header('Location:../index.php');
}
?>
这是管理代码
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Hotel Administration</title>
<link rel="stylesheet" type="text/css" href="../../css/system.css" />
<?php
session_start();
if(!isset($_SESSION['email']))
{
die("The user must be logged in");
}
?>
</head>
<body>
酒店管理
我在adminpage中签出会话时遇到问题。。它说会话错误消息帮助我解决问题
SELECT * FROM table_users
这真是个糟糕的主意,猜猜看,当某个时间有~5k个用户时会发生什么
最好
SELECT 1 FROM table_users WHERE username LIKE "$user" AND password = MD5("$password") LIMIT 1;
除此之外,我建议在其他地方使用卷曲块
if(!empty($fetch))
{
session_start();
$_SESSION['email'] = $result['email'];
$_SESSION['type'] = $result['type'];
header('refresh:2; url=../panel/index.php');
echo "Logged in..";
exit();
}
else
{
echo $msg;
header ("refresh:5; url=index.php");
}
实际的错误消息是什么?我想您需要的是会话变量没有正确设置,因为mysqli_fetch_数组需要一个参数mysqli_ASSOC来按列名称访问数据,或者另一个参数来按索引号访问数据。我得到的是此会话错误消息省略mysqli_ASSOC可以访问单个列现在很好易受SQL注入攻击。而且
md5
根本不适合对密码进行哈希运算。@cpfaffinger干杯!!老兄,这对我的登录有帮助