Fatal编程技术网
  • php/
  • Php 请帮助我检查登录中的会话错误

Php 请帮助我检查登录中的会话错误

php session

Php 请帮助我检查登录中的会话错误,php,session,Php,Session,表单提交后,表单会话将按会话变量保存到变量中,我们可以检查是否正确。但当我签出它时,它显示了错误 <?php include '../includes/config.php'; if(isset($_POST['submit'])) { $email = $_POST['email']; $pass = $_POST['password']; $msg = "The email or password you

表单提交后,表单会话将按会话变量保存到变量中,我们可以检查是否正确。但当我签出它时,它显示了错误

    <?php
    include '../includes/config.php';
    if(isset($_POST['submit']))
    {
        $email = $_POST['email'];
        $pass = $_POST['password'];
        $msg = "The email or password you entered is incorrect"; //error message

        //email validation
        if(empty($email) || empty($pass)){
            echo $msg;
            header ("refresh:5; url=index.php");
            exit();
        }

        if(!preg_match('/@/',$email)){
            echo $msg;
            header ("refresh:5; url=index.php");
            exit();
        }

        //search username and password from table users
        $result = mysql_query("SELECT * FROM table_users");
        $fetch = mysql_fetch_array($result);

        if($email == $fetch['email'] && $pass == $fetch['pass']){
            session_start();
            $_SESSION['email'] = $result['email'];
            $_SESSION['type'] = $result['type'];
            header('refresh:2; url=../panel/index.php');
            echo "Logged in..";
            exit();
        }
        else
            echo $msg;
            header ("refresh:5; url=index.php");
    }
    else
    {
        header('Location:../index.php');
    }
?>
这是管理代码

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Hotel Administration</title>
<link rel="stylesheet" type="text/css" href="../../css/system.css" />
<?php
    session_start();
    if(!isset($_SESSION['email']))
    {
        die("The user must be logged in");
    }
?>
</head>

<body>


酒店管理
我在adminpage中签出会话时遇到问题。。它说会话错误消息帮助我解决问题

SELECT * FROM table_users
这真是个糟糕的主意,猜猜看,当某个时间有~5k个用户时会发生什么 最好

SELECT 1 FROM table_users WHERE username LIKE "$user" AND password = MD5("$password") LIMIT 1;
除此之外,我建议在其他地方使用卷曲块

if(!empty($fetch))
{
        session_start();
        $_SESSION['email'] = $result['email'];
        $_SESSION['type'] = $result['type'];
        header('refresh:2; url=../panel/index.php');
        echo "Logged in..";
        exit();
  }
  else
  {
        echo $msg;
        header ("refresh:5; url=index.php");
  }
实际的错误消息是什么?我想您需要的是会话变量没有正确设置,因为mysqli_fetch_数组需要一个参数mysqli_ASSOC来按列名称访问数据,或者另一个参数来按索引号访问数据。我得到的是此会话错误消息省略mysqli_ASSOC可以访问单个列现在很好易受SQL注入攻击。而且
md5
根本不适合对密码进行哈希运算。@cpfaffinger干杯!!老兄,这对我的登录有帮助