PHP MySQL登录不保存会话数据
我将此PHP代码用于登录脚本:PHP MySQL登录不保存会话数据,php,mysql,Php,Mysql,我将此PHP代码用于登录脚本: <?php if(isset($_POST["submit"])) { session_start(); //get the username, password and keyword sent from the form $username=$_POST['username']; $password=$_POST['password']; //check in the database to see if th
<?php
if(isset($_POST["submit"]))
{
session_start();
//get the username, password and keyword sent from the form
$username=$_POST['username'];
$password=$_POST['password'];
//check in the database to see if the username, password and keyword match in the database
$sql="SELECT * FROM admin WHERE username=('$username') and password=MD5('$password')";
$rs=mysql_query($sql,$conn) or die(mysql_error());
$result=mysql_fetch_array($rs);
$check="SELECT * from admin where username='$username' ";
$check2=mysql_query($check,$conn) or die(mysql_error());
$check3=mysql_fetch_array($check2);
if($check3["logintries"] > '3')
{
echo '<p align="center"><h4>Your account has been suspended due to too many failed logins. Please contact support</h4></p>';
}
else
{
//get the number of rows that match in the database
$count=mysql_num_rows($rs);
//if the number of rows equals 1, then create the session variables
if($count==1)
{
//$sql="INSERT into user_logins (user_seq, timestamp, ip_address, posted_username, posted_password, posted_keyword) values ('".$result["sequence"]."', '".date("Y-m-d H:i:s")."', '".$_SERVER["REMOTE_ADDR"]."', '".$username."', '".$password."', '".$keyword."') ";
//$rs=mysql_query($sql,$conn) or die(mysql_error());
session_start();
$_SESSION["sequence"]=$result["sequence"];
$_SESSION["loggedin"]='yes';
echo $_SESSION["loggedin"];
$_SESSION["ipaddress"]=$_SERVER["REMOTE_ADDR"];
//then redirect to the main page
//header("location: index.php");
echo '<h3>Login Has Been Successful - Please wait while we redirect you...</h3>';
//echo '<meta http-equiv="refresh" content="0;URL=index.php" />';
}
else
{
$sql="SELECT * FROM admin WHERE username='".$_POST["username"]."' ";
$rs=mysql_query($sql,$conn) or die(mysql_error());
$result=mysql_fetch_array($rs);
$logintries=$result["logintries"];
$sql2="UPDATE admin set logintries = '".($logintries+1)."' where username = '".$result["username"]."' ";
$rs2=mysql_query($sql2,$conn) or die(mysql_error());
//other wise display an error message
//echo '<p align="center"><h4>Username or Password incorrect</h4></p>';
}
}
}
?>
使用session_start();在使用任何会话变量之前,它将显示所有值。您必须将会话_start()代码>位于文件的开头。最好放入所有文件中包含的config
文件,这样所有文件中都会有它。您的成员页面是否也有会话启动()?。它们不再得到维护。看到了吗?相反,了解,并使用or-将帮助您决定使用哪个。这段简短的代码有一些巨大的漏洞,可能会被用来破坏您的网站和公司。请立即阅读。MD5对于加密密码也是完全无用的。你真的应该使用遵循最佳实践的会话,而不是自己去做,犯这样严重的错误。你的成员页面中没有session\u start()
,因此$\u会话将永远不会被填充,不管你对这段代码有多挑剔。我确实把它放在了每一页的authorization.php文件中,但仍然是同一个问题:(
<?php
if($_SESSION["loggedin"] != 'yes')
{
header("Location: /admin/login.php");
}
?>