PHP登录重定向但不启动会话
因此,我有一个带有以下代码的登录页面。输入正确密码后,应使用PHP登录重定向但不启动会话,php,html,Php,Html,因此,我有一个带有以下代码的登录页面。输入正确密码后,应使用session_start()启动会话$_会话['loggedIn']=true然后使用标题重定向到home.php 我注意到这是可行的,但是我的home.php使用下面的代码检查启动的会话,然后将我重定向回登录页面(index2.php),显然会话没有启动。。。但我不知道为什么 我能够自己解决这个问题。在添加会话_start()之后在我的php页面顶部,它仍然让我登录了两次。我意识到这是因为我正在启动会话,使用标题重定向到htttp:
session_start()启动会话$_会话['loggedIn']=true
然后使用标题重定向到home.php
我注意到这是可行的,但是我的home.php
使用下面的代码检查启动的会话,然后将我重定向回登录页面(index2.php),显然会话没有启动。。。但我不知道为什么
我能够自己解决这个问题。在添加会话_start()之后代码>在我的php页面顶部,它仍然让我登录了两次。我意识到这是因为我正在启动会话,使用标题
重定向到htttp://www.mysite.com/home.php
但浏览器认为这是一个新的会话
if(isset($_POST['password']))
{
//Connect to a database
$host_name = "*******.db.1and1.com";
$database = "db*******";
$user_name = "db******";
$password = "********.*******";
$connect = mysqli_connect($host_name, $user_name, $password, $database);
// echo("nice job");
//Take the values from the html form and assign them to variables
$ID = $_POST['name'];
$userpassword = $_POST['password'];
//Check to see if the password matches the hashes
if (md5($userpassword) === '**********************************'
or md5($userpassword) === '*********************'
or md5($userpassword) === '***************************'
or md5($userpassword) === '*******************')
{
//Add the visitor name to our list
mysqli_query($connect, "INSERT INTO `WebsiteVisitors` (`Name`) VALUES ('$ID')") or die("Error in INSERT: ".mysqli_error($connect));
// echo "You have entered the correct password, congrats.";
// Start the session so they can access other pages
session_start();
$_SESSION['loggedIn'] = true;
// Redirect them to rest of site
header("Location: http://www.abc123.com/home.php");
die();
}
else {
echo "<script type='text/javascript'>alert(\"Wrong Password. Check your invitation card.\");</script>";
}
}
?>
所以我改了。。。现在它显示标题(“Location:home.php”)代码>解决了问题。
if(isset($_POST['password']))
{
//Connect to a database
$host_name = "*******.db.1and1.com";
$database = "db*******";
$user_name = "db******";
$password = "********.*******";
$connect = mysqli_connect($host_name, $user_name, $password, $database);
// echo("nice job");
//Take the values from the html form and assign them to variables
$ID = $_POST['name'];
$userpassword = $_POST['password'];
//Check to see if the password matches the hashes
if (md5($userpassword) === '**********************************'
or md5($userpassword) === '*********************'
or md5($userpassword) === '***************************'
or md5($userpassword) === '*******************')
{
//Add the visitor name to our list
mysqli_query($connect, "INSERT INTO `WebsiteVisitors` (`Name`) VALUES ('$ID')") or die("Error in INSERT: ".mysqli_error($connect));
// echo "You have entered the correct password, congrats.";
// Start the session so they can access other pages
session_start();
$_SESSION['loggedIn'] = true;
// Redirect them to rest of site
header("Location: http://www.abc123.com/home.php");
die();
}
else {
echo "<script type='text/javascript'>alert(\"Wrong Password. Check your invitation card.\");</script>";
}
}
?>
TLDR:删除了htttp://www.mysite.com
来自标题()
if(isset($_POST['password']))
{
//Connect to a database
$host_name = "*******.db.1and1.com";
$database = "db*******";
$user_name = "db******";
$password = "********.*******";
$connect = mysqli_connect($host_name, $user_name, $password, $database);
// echo("nice job");
//Take the values from the html form and assign them to variables
$ID = $_POST['name'];
$userpassword = $_POST['password'];
//Check to see if the password matches the hashes
if (md5($userpassword) === '**********************************'
or md5($userpassword) === '*********************'
or md5($userpassword) === '***************************'
or md5($userpassword) === '*******************')
{
//Add the visitor name to our list
mysqli_query($connect, "INSERT INTO `WebsiteVisitors` (`Name`) VALUES ('$ID')") or die("Error in INSERT: ".mysqli_error($connect));
// echo "You have entered the correct password, congrats.";
// Start the session so they can access other pages
session_start();
$_SESSION['loggedIn'] = true;
// Redirect them to rest of site
header("Location: http://www.abc123.com/home.php");
die();
}
else {
echo "<script type='text/javascript'>alert(\"Wrong Password. Check your invitation card.\");</script>";
}
}
?>
login index.php页面的代码:
if(isset($_POST['password']))
{
//Connect to a database
$host_name = "*******.db.1and1.com";
$database = "db*******";
$user_name = "db******";
$password = "********.*******";
$connect = mysqli_connect($host_name, $user_name, $password, $database);
// echo("nice job");
//Take the values from the html form and assign them to variables
$ID = $_POST['name'];
$userpassword = $_POST['password'];
//Check to see if the password matches the hashes
if (md5($userpassword) === '**********************************'
or md5($userpassword) === '*********************'
or md5($userpassword) === '***************************'
or md5($userpassword) === '*******************')
{
//Add the visitor name to our list
mysqli_query($connect, "INSERT INTO `WebsiteVisitors` (`Name`) VALUES ('$ID')") or die("Error in INSERT: ".mysqli_error($connect));
// echo "You have entered the correct password, congrats.";
// Start the session so they can access other pages
session_start();
$_SESSION['loggedIn'] = true;
// Redirect them to rest of site
header("Location: http://www.abc123.com/home.php");
die();
}
else {
echo "<script type='text/javascript'>alert(\"Wrong Password. Check your invitation card.\");</script>";
}
}
?>
if(设置($\u POST['password']))
{
//连接到数据库
$host_name=“*********.db.1和1.com”;
$database=“db*******”;
$user_name=“db*******”;
$password=“****************”;
$connect=mysqli\u connect($host\u name、$user\u name、$password、$database);
//回声(“干得好”);
//从html表单中获取值并将其分配给变量
$ID=$_POST['name'];
$userpassword=$\u POST['password'];
//检查密码是否与哈希匹配
如果(md5($userpassword)=='***************************************************
或者md5($userpassword)=='***************************''
或者md5($userpassword)=='************************************''
或md5($userpassword)=='*********************')
{
//将访客姓名添加到我们的列表中
mysqli_查询($connect,“插入到`WebsiteVisitors`(`Name`)值('$ID'))中)或die(“插入错误:”.mysqli_错误($connect));
//echo“恭喜您输入了正确的密码。”;
//启动会话,以便他们可以访问其他页面
会话_start();
$\u会话['loggedIn']=true;
//将它们重定向到站点的其余部分
标题(“位置:http://www.abc123.com/home.php");
模具();
}
否则{
回显“警告(\”密码错误。请检查您的邀请卡。\”;
}
}
?>
home.php上检查loggedin用户的代码:
if(isset($_POST['password']))
{
//Connect to a database
$host_name = "*******.db.1and1.com";
$database = "db*******";
$user_name = "db******";
$password = "********.*******";
$connect = mysqli_connect($host_name, $user_name, $password, $database);
// echo("nice job");
//Take the values from the html form and assign them to variables
$ID = $_POST['name'];
$userpassword = $_POST['password'];
//Check to see if the password matches the hashes
if (md5($userpassword) === '**********************************'
or md5($userpassword) === '*********************'
or md5($userpassword) === '***************************'
or md5($userpassword) === '*******************')
{
//Add the visitor name to our list
mysqli_query($connect, "INSERT INTO `WebsiteVisitors` (`Name`) VALUES ('$ID')") or die("Error in INSERT: ".mysqli_error($connect));
// echo "You have entered the correct password, congrats.";
// Start the session so they can access other pages
session_start();
$_SESSION['loggedIn'] = true;
// Redirect them to rest of site
header("Location: http://www.abc123.com/home.php");
die();
}
else {
echo "<script type='text/javascript'>alert(\"Wrong Password. Check your invitation card.\");</script>";
}
}
?>
<?php
session_start();
//Check to make sure the person is loggedin
if (isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] == true) {
//if logged in then do nothing
} else {
//if not logged int he redirect to the login page
header("Location: http://www.abc123.com/index2.php");
}
?>
添加会话启动()
位于页面顶部
添加会话启动()
位于页面顶部
尝试调用ob_start();顶部?在使用session\u start()
之前,您在index.php
文件中是否有任何输出?顺便说一句,您的代码对于SQL注入是完全开放的<代码>值(“$ID”)
。始终清理您的输入,最好使用准备好的语句。在index.php
,尝试在$\u会话上使用var\u dump
,如果您只想检查会话调用ob\u start(),只需使用'if($\u会话['loggedIn']==true);顶部?在使用session\u start()
之前,您在index.php
文件中是否有任何输出?顺便说一句,您的代码对于SQL注入是完全开放的<代码>值(“$ID”)
。始终清理您的输入,最好使用准备好的语句。在index.php
,尝试在$\u会话上使用var\u dump
。此外,如果您只想检查会话,而不想在输入密码之前启动会话,只需使用'if($\u会话['loggedIn']==true)。如果我这样做了,那么任何人都可以访问我的其他页面。请看这里,嗯,这确实有效。我现在可以登录,直接进入另一个页面不起作用(这是我想要的,所以他们不登录就无法访问)。能解释一下这是怎么回事吗?你是我的福气,非常感谢。我不太明白输出是什么,现在我知道它必须是第一件事,否则我会得到我之前遇到的那些标题问题。我猜这是$\u会话['loggedIn']=true代码>这会阻止某人直接进入另一页。谢谢嘿,所以它仍然让我登录两次,所以它第一次一定不能设置$\u SESSION['loggedIn']=true
。我不想在输入密码之前启动会话。如果我这样做了,那么任何人都可以访问我的其他页面。请看这里,嗯,这确实有效。我现在可以登录,直接进入另一个页面不起作用(这是我想要的,所以他们不登录就无法访问)。能解释一下这是怎么回事吗?你是我的福气,非常感谢。我不太明白输出是什么,现在我知道它必须是第一件事,否则我会得到我之前遇到的那些标题问题。我猜这是$\u会话['loggedIn']=true代码>这会阻止某人直接进入另一页。谢谢嘿,所以它仍然让我登录两次,所以它第一次一定没有设置$\u SESSION['loggedIn']=true
。