Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/backbone.js/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
PHP MySQL登录不保存会话数据_Php_Mysql - Fatal编程技术网
Fatal编程技术网
  • php/
  • PHP MySQL登录不保存会话数据

PHP MySQL登录不保存会话数据

php mysql

PHP MySQL登录不保存会话数据,php,mysql,Php,Mysql,我将此PHP代码用于登录脚本: <?php if(isset($_POST["submit"])) { session_start(); //get the username, password and keyword sent from the form $username=$_POST['username']; $password=$_POST['password']; //check in the database to see if th

我将此PHP代码用于登录脚本:

<?php
if(isset($_POST["submit"]))
{
    session_start();
    //get the username, password and keyword sent from the form
    $username=$_POST['username']; 
    $password=$_POST['password'];

    //check in the database to see if the username, password and keyword match in the database
    $sql="SELECT * FROM admin WHERE username=('$username') and password=MD5('$password')";
    $rs=mysql_query($sql,$conn) or die(mysql_error());
    $result=mysql_fetch_array($rs);

    $check="SELECT * from admin where username='$username' ";
    $check2=mysql_query($check,$conn) or die(mysql_error());
    $check3=mysql_fetch_array($check2); 
    if($check3["logintries"] > '3')
    {
        echo '<p align="center"><h4>Your account has been suspended due to too many failed logins. Please contact support</h4></p>';
    }
    else
    {
        //get the number of rows that match in the database
        $count=mysql_num_rows($rs);

        //if the number of rows equals 1, then create the session variables
        if($count==1)
        {
            //$sql="INSERT into user_logins (user_seq, timestamp, ip_address, posted_username, posted_password, posted_keyword) values ('".$result["sequence"]."', '".date("Y-m-d H:i:s")."', '".$_SERVER["REMOTE_ADDR"]."', '".$username."', '".$password."', '".$keyword."') ";
            //$rs=mysql_query($sql,$conn) or die(mysql_error());

            session_start();
            $_SESSION["sequence"]=$result["sequence"];
            $_SESSION["loggedin"]='yes';
            echo $_SESSION["loggedin"];
            $_SESSION["ipaddress"]=$_SERVER["REMOTE_ADDR"];

            //then redirect to the main page
            //header("location: index.php");
            echo '<h3>Login Has Been Successful - Please wait while we redirect you...</h3>';
            //echo '<meta http-equiv="refresh" content="0;URL=index.php" />';
        }
        else 
        {
            $sql="SELECT * FROM admin WHERE username='".$_POST["username"]."' ";
            $rs=mysql_query($sql,$conn) or die(mysql_error());
            $result=mysql_fetch_array($rs);
            $logintries=$result["logintries"];
            $sql2="UPDATE admin set logintries = '".($logintries+1)."' where username = '".$result["username"]."' ";
            $rs2=mysql_query($sql2,$conn) or die(mysql_error());
            //other wise display an error message
            //echo '<p align="center"><h4>Username or Password incorrect</h4></p>';
        }
    }
}

?>

使用session_start();在使用任何会话变量之前,它将显示所有值。
您必须将
会话_start()位于文件的开头。最好放入所有文件中包含的
config
文件,这样所有文件中都会有它。
您的成员页面是否也有
会话启动()?。它们不再得到维护。看到了吗?相反,了解,并使用or-将帮助您决定使用哪个。这段简短的代码有一些巨大的漏洞,可能会被用来破坏您的网站和公司。请立即阅读。MD5对于加密密码也是完全无用的。你真的应该使用遵循最佳实践的会话,而不是自己去做,犯这样严重的错误。你的成员页面中没有
session\u start()
,因此$\u会话将永远不会被填充,不管你对这段代码有多挑剔。我确实把它放在了每一页的authorization.php文件中,但仍然是同一个问题:(

<?php
if($_SESSION["loggedin"] != 'yes')
{
    header("Location: /admin/login.php");
}
?>