PHP登录系统重定向不工作
我已经创建了一个登录/注册系统,注册部分工作正常。然而,现在我正在尝试登录,当您登录时,它应该启动一个会话并将您重定向到account.php页面,但它没有这样做。它只是刷新页面,不做其他事情 索引页:PHP登录系统重定向不工作,php,mysql,Php,Mysql,我已经创建了一个登录/注册系统,注册部分工作正常。然而,现在我正在尝试登录,当您登录时,它应该启动一个会话并将您重定向到account.php页面,但它没有这样做。它只是刷新页面,不做其他事情 索引页: <?php include 'dbh.php'; session_start(); if(isset($_SESSION['id'])){ $result = $conn->query("SELECT * FROM users where id=".$_SESSION['id
<?php
include 'dbh.php';
session_start();
if(isset($_SESSION['id'])){
$result = $conn->query("SELECT * FROM users where id=".$_SESSION['id']);
$row = $result->fetch_array(MYSQLI_BOTH);
}
# REGISTRATION HANDLER
if(isset($_POST['rsubmit'])){
$username = $_POST['username'];
$email = $_POST['email'];
$plainpass = $_POST['password'];
$password = password_hash($plainpass, PASSWORD_BCRYPT, array('cost' => 10));
$sql = "INSERT INTO users (username, email, password) VALUES ('$username', '$email', '$password')";
$result = mysqli_query($conn, $sql);
$btn = "Account created! Please login";
}else {
$btn = "Register";
}
# LOGIN HANDLER
if(isset($_POST['lsubmit'])){
$lemail = $_POST['lemail'];
$lpassword = $_POST['lpassword'];
$result = $conn->query("SELECT * FROM users where email='$lemail'");
$row = $result->fetch_array(MYSQLI_BOTH);
if(password_verify($lpassword, $row['password'])){
$_SESSION['id'] = $row['id'];
Header("Location: account.php");
}
} else {
}
?>
<html>
<head>
<meta charset="UTF-8">
<title>Liam4Life</title>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<div class="login-page">
<div class="form">
<form class="register-form" action="index.php" method="POST">
<input required name="username" type="text" placeholder="Username"/>
<input required name="rpassword" type="password" placeholder="Password"/>
<input required name="remail" type="email" placeholder="Email address"/>
<button>Register</button>
<p class="message">Already registered? <a href="#">Sign In</a></p>
</form>
<form class="login-form" action="index.php" method="POST">
<input required name="lemail" type="email" placeholder="Email"/>
<input required name="lpassword" type="password" placeholder="Password"/>
<button type="submit" name="lsubmit">Login</button>
<p class="message">Not registered? <a href="#">Create an account</a></p>
</form>
</div>
</div>
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<script src="js/index.js"></script>
</body>
</html>
<?php
session_start();
include 'dbh.php';
-----code---------
?>
DBH.php:
<?php
$conn = mysqli_connect("localhost", "root", "", "game");
if (!$conn) {
die("Connection failed: ".mysqli_connect_error());
}
if(isset($_SESSION['id'])){
$_SESSION['username'] = $row['username'];
$_SESSION['email'] = $row['email'];
$_SESSION['password'] = $row['password'];
}
?>
<?php
session_start();
-----code---------
?>
尝试下一种方法:
<?php
session_start();
$conn = mysqli_connect("localhost", "root", "", "game");
if (!$conn) {
die("Connection failed: ".mysqli_connect_error());
}
if(!empty($_SESSION['id'])){
$result = $conn->query("SELECT * FROM users where id=".(int)$_SESSION['id']);
if(!$result->num_rows) {
session_destroy();
Header("Refresh:0");
exit;
}
Header("Location: account.php");
exit;
}
# LOGIN HANDLER
if(isset($_POST['lsubmit']) && !empty($_POST['lemail'])){
$lemail = mysqli_real_escape_string($_POST['lemail']);
$result = $conn->query("SELECT * FROM users where email='{$lemail}'");
$row = $result->fetch_array(MYSQLI_BOTH);
if(password_verify($_POST['lpassword'], $row['password'])){
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['email'] = $row['email'];
$_SESSION['password'] = $row['password'];
Header("Location: account.php");
exit;
}
}
# REGISTRATION HANDLER
elseif(isset($_POST['rsubmit']) && !empty($_POST['email'])){
$username = mysqli_real_escape_string($_POST['username']);
$email = mysqli_real_escape_string($_POST['email']);
$password = password_hash($_POST['password'], PASSWORD_BCRYPT, array('cost' => 10));
$result = $conn->query("INSERT INTO users (username, email, password) VALUES ('{$username}', '{$email}', '{$password}')");
$btn = "Account created! Please login";
}
?>
<html>
<head>
<meta charset="UTF-8">
<title>Liam4Life</title>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<div class="login-page">
<div class="form">
<form class="register-form" action="index.php" method="POST">
<input required name="username" type="text" placeholder="Username"/>
<input required name="rpassword" type="password" placeholder="Password"/>
<input required name="remail" type="email" placeholder="Email address"/>
<button>Register</button>
<p class="message">Already registered? <a href="#">Sign In</a></p>
</form>
<form class="login-form" action="index.php" method="POST">
<input required name="lemail" type="email" placeholder="Email"/>
<input required name="lpassword" type="password" placeholder="Password"/>
<button type="submit" name="lsubmit">Login</button>
<p class="message">Not registered? <a href="#">Create an account</a></p>
</form>
</div>
</div>
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<script src="js/index.js"></script>
</body>
</html>
而不是HeaderLocation:account.php; 使用以下语句 echo location.href='account.php';退出 正如Jeff提到的问题,可能是由于空间问题,重定向没有发生。如果上述逻辑有效。然后删除config/else中的额外空间,需要将session_start添加为index.php文件中语句的第一行,并具有headerLocation:account.php逻辑 注意:要调试,请通过打印并添加exit语句来确保控件在此处运行 试试看 索引页:
<?php
include 'dbh.php';
session_start();
if(isset($_SESSION['id'])){
$result = $conn->query("SELECT * FROM users where id=".$_SESSION['id']);
$row = $result->fetch_array(MYSQLI_BOTH);
}
# REGISTRATION HANDLER
if(isset($_POST['rsubmit'])){
$username = $_POST['username'];
$email = $_POST['email'];
$plainpass = $_POST['password'];
$password = password_hash($plainpass, PASSWORD_BCRYPT, array('cost' => 10));
$sql = "INSERT INTO users (username, email, password) VALUES ('$username', '$email', '$password')";
$result = mysqli_query($conn, $sql);
$btn = "Account created! Please login";
}else {
$btn = "Register";
}
# LOGIN HANDLER
if(isset($_POST['lsubmit'])){
$lemail = $_POST['lemail'];
$lpassword = $_POST['lpassword'];
$result = $conn->query("SELECT * FROM users where email='$lemail'");
$row = $result->fetch_array(MYSQLI_BOTH);
if(password_verify($lpassword, $row['password'])){
$_SESSION['id'] = $row['id'];
Header("Location: account.php");
}
} else {
}
?>
<html>
<head>
<meta charset="UTF-8">
<title>Liam4Life</title>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<div class="login-page">
<div class="form">
<form class="register-form" action="index.php" method="POST">
<input required name="username" type="text" placeholder="Username"/>
<input required name="rpassword" type="password" placeholder="Password"/>
<input required name="remail" type="email" placeholder="Email address"/>
<button>Register</button>
<p class="message">Already registered? <a href="#">Sign In</a></p>
</form>
<form class="login-form" action="index.php" method="POST">
<input required name="lemail" type="email" placeholder="Email"/>
<input required name="lpassword" type="password" placeholder="Password"/>
<button type="submit" name="lsubmit">Login</button>
<p class="message">Not registered? <a href="#">Create an account</a></p>
</form>
</div>
</div>
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<script src="js/index.js"></script>
</body>
</html>
<?php
session_start();
include 'dbh.php';
-----code---------
?>
DBH.php:
<?php
$conn = mysqli_connect("localhost", "root", "", "game");
if (!$conn) {
die("Connection failed: ".mysqli_connect_error());
}
if(isset($_SESSION['id'])){
$_SESSION['username'] = $row['username'];
$_SESSION['email'] = $row['email'];
$_SESSION['password'] = $row['password'];
}
?>
<?php
session_start();
-----code---------
?>
//会议开始;需要给出页面的顶部,这里DBH.php中缺少它。因此$\u会话不工作请检查dbh.php中是否有?>-如果有,请将其删除。之后的任何空格都将被视为输出并阻止header-redirection.dbh.php将抛出错误:$\u SESSION['username']=$row['username'];->$行未定义!或者上面有什么我们看不到的吗?另外,会话还没有在dbh.php中启动。警告:当使用mysqli时,您应该使用and将用户数据添加到查询中。不要使用字符串插值或串联来完成此操作,因为您已经创建了严重的错误。切勿将$\u POST或$\u GET数据直接放入查询中,如果有人试图利用您的错误进行攻击,这可能非常有害。警告:编写您自己的访问控制层并不容易,而且有很多机会使其严重出错。这有很多危险,因为你没有。此代码允许任何人从您的站点获取任何内容。不要编写自己的身份验证系统。任何类似的东西都有一个内置的。手动转义和int-casting之类的东西真的很弱。要做到这一点,唯一可靠的方法是使用准备好的语句,这实际上会产生可读性更强的代码,而且代码更小,更难出错。好吧,谢谢你的投票。我仍然认为那个问题是关于登录系统,而不是安全编码。因此,根据TS在没有ORM的情况下使用mysqli函数和行查询的方法,我使用基函数改进了安全性。此外,我不认为mysqli\u real\u escape\u字符串不可靠。此外,int-casting可以很好地处理非整数变量。我不同意你的看法。如果登录系统不安全,它有什么用?您拥有登录系统的唯一原因是因为您需要安全性,而mysqli\u real\u escape\u字符串没有任何保证,您仍然可能犯错误。如果一个错误就可以使你所做的一切变得毫无意义,那么准备好的声明是唯一可以合理保证安全的东西。它们的代码也更少,所以我不知道为什么人们坚持使用mysqli_real_escape_string函数。在这种情况下,安全的主要目的是保护应用程序免受使用SQL注入攻击数据库。我们不检查数据库中的现有用户或表单中的正确输入。你说的不保证到底是什么意思?如果你在查询中输入$email,你相信你没有忘记逃避它,情况可能并非如此。如果你把它放进去?在查询中,您不信任任何东西,而是将其留给预处理语句系统来处理。在第一种情况下,简单的疏忽会导致SQL注入漏洞。在第二个示例中,您有一个不会执行的查询。