php登录注销表单显示数据库中的数据
我的代码有三个问题 如何仅显示记录在profile.php文件中的用户名?因为我当前的代码显示的是每个用户名,无论谁登录 如何限制profile.php页面,使其仅在用户登录时可见 如何创建一个有效的注销页面 下面是我的代码,按每个文件config.php//connect to database、login.php、profile.php和logout.php的顺序排列:php登录注销表单显示数据库中的数据,php,login,logout,Php,Login,Logout,我的代码有三个问题 如何仅显示记录在profile.php文件中的用户名?因为我当前的代码显示的是每个用户名,无论谁登录 如何限制profile.php页面,使其仅在用户登录时可见 如何创建一个有效的注销页面 下面是我的代码,按每个文件config.php//connect to database、login.php、profile.php和logout.php的顺序排列: //------------------------config.php--------------- <?php
//------------------------config.php---------------
<?php
mysql_connect("localhost","root","");
mysql_select_db("login2");
?>
//------------------------login.php---------------
<?php
session_start();
require('config.php');
if(isset($_POST['submit'])){
$uname = mysql_escape_string($_POST['uname']);
$pass = mysql_escape_string($_POST['pass']);
$salt = '';
$pass = md5 ($pass . $salt);
$sql = mysql_query ("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass`= '$pass' ");
if(mysql_num_rows($sql) > 0){
header('location: profile.php');
exit();
}else{
echo "Wrong password or username";
}
}else{
$form = <<<EOT
<form action="login.php" method="POST">
Username : <br />
<input type="text" name="uname" />
<br />
<br />
Password : <br />
<input type="password" name="pass" />
<br />
<br />
<input type="submit" name="submit" value="log in" />
</form>
EOT;
echo $form;
}
?>
//------------------------profile.php---------------
<?php
require('config.php');
?>
<html>
<head>
</head>
<body>
<?php
$sql = mysql_query("SELECT * FROM users ");
while($row = mysql_fetch_array($sql)){
$name = $row['name'];
$lname = $row['lname'];
$uname = $row['uname'];
}
?>
<p>Welcome <b><?php echo $name; ?></b></p>
<a href="logout.php">logout</a>
</body>
</html>
//------------------------logout.php---------------
<?php
require('config.php');
session_destroy();
header('location: login.php');
exit();
?>
所有问题的答案是:在PHP中使用s。我忘了提一下,但是您需要在计划使用$会话的每一页的顶部开始会话 如何创建有效的注销页面
您需要开始阅读,我推荐一本很棒的新书,名为。要显示用户名,请在他通过身份验证后将用户名保存在会话值中
$sql = mysql_query ("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass`= '$pass' ");
if(mysql_num_rows($sql) > 0){
$_SESSION['username'] = $uname;
header('location: profile.php');
exit();
}else{
echo "Wrong password or username";
}
若要限制对profile.php页面的访问,请在调用session\u start后的顶部和右侧添加
if(!isset($_SESSION['username'])) // not logged in
要创建注销页面,您需要销毁会话
logout.php
session_start();
if(isset($_SESSION['username'])) session_destroy();
else // not logged in
unset($_SESSION['userName']);
试试这个
if(mysql_num_rows($sql) > 0){
session_start();
$_SESSION['userName']=$_POST['uname'];
header('location: profile.php');
exit();
}else{
echo "Wrong password or username";
}
profile.php
<?php
session_start();
if (!$_SESSION['userName']){
header('location: login.php');
}else{
echo $_SESSION['userName'];
}
?>
<html>
<head>
</head>
<body>
<?php
$sql = mysql_query("SELECT * FROM users ");
while($row = mysql_fetch_array($sql)){
$name = $row['name'];
$lname = $row['lname'];
$uname = $row['uname'];
}
?>
<p>Welcome <b><?php echo $name; ?></b></p>
<a href="logout.php">logout</a>
</body>
</html>
您的问题的答案很简单,因为目前无论您在login.php上做什么,都与您的profile.php无关 在login.php中,检查他们的用户名和密码,如果正确,则将其发送到profile.php,然后在profile.php上执行以下操作,在新查询中回显数据库中的所有内容: 从用户中选择* 这没有数据或参考您在login.php上检查他们的凭据 您应该做的是,当您在login.php上检查他们的登录时,使用正确的登录详细信息设置一个会话,如下所示:
//------------------------login.php---------------
<?php
session_start();
require('config.php');
if(isset($_POST['submit'])){
$uname = mysql_escape_string($_POST['uname']);
$pass = mysql_escape_string($_POST['pass']);
$salt = '';
$pass = md5 ($pass . $salt);
$sql = mysql_query ("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass`= '$pass' ");
if(mysql_num_rows($sql) > 0){
// ADDITIONAL CODE
while($row = mysql_fetch_array($sql)){
$_SESSION['logged_in']['name'] = $row['name'];
$_SESSION['logged_in']['lname'] = $row['lname'];
$_SESSION['logged_in']['uname'] = $row['uname'];
}
// END ADDITIONAL CODE
header('location: profile.php');
exit();
}else{
echo "Wrong password or username";
}
?>
//------------------------profile.php---------------
<?php
session_start();
require('config.php');
?>
<html>
<head>
</head>
<body>
<?php
// ADDITIONAL CODE
if ( !isset($_SESSION['logged_in']) )
{
header('location: login.php');
exit();
}
// END ADDITIONAL CODE
// Then use the session data to echo their name:
<p>Welcome <b><?php echo $_SESSION['logged_in']['name']; ?></b></p>
<a href="logout.php">logout</a>
</body>
</html>
//------------------------logout.php---------------
<?php
// ADDITIONAL CODE
session_start();
unset($_SESSION['logged_in']);
// END ADDITIONAL CODE
session_destroy(); //if you want..
header('location: login.php');
exit();
不过,这是一个简单的示例,请注意:在profile.php上,我的附加代码只是检查是否设置了登录会话,这不是高度安全的
根据profile.php上显示的数据,您可以/应该再次检查他们的登录。也许在数据库中签入他们的会话数据,或IP,或两者或更多
重要提示:
您正在使用的代码是相当不安全的,并且使用了已折旧的函数。
mysql_查询现在已折旧,您应该使用PDO或Mysqli,并准备好语句
如果你坚持要继续使用这个函数,至少改变mysql\u escape\u字符串,改为使用mysql\u real\u escape\u字符串
此外,md5不再被视为安全的方法,请参见此处:
至于腌制,不建议使用您自己的和当前为空的。尝试使用:
试试这个,它可以工作:
你能把这件事分开一点,再具体一点吗?对于一个问题来说,你现在想要什么似乎有点过分。
//------------------------login.php---------------
<?php
session_start();
require('config.php');
if(isset($_POST['submit'])){
$uname = mysql_escape_string($_POST['uname']);
$pass = mysql_escape_string($_POST['pass']);
$salt = '';
$pass = md5 ($pass . $salt);
$sql = mysql_query ("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass`= '$pass' ");
if(mysql_num_rows($sql) > 0){
// ADDITIONAL CODE
while($row = mysql_fetch_array($sql)){
$_SESSION['logged_in']['name'] = $row['name'];
$_SESSION['logged_in']['lname'] = $row['lname'];
$_SESSION['logged_in']['uname'] = $row['uname'];
}
// END ADDITIONAL CODE
header('location: profile.php');
exit();
}else{
echo "Wrong password or username";
}
?>
//------------------------profile.php---------------
<?php
session_start();
require('config.php');
?>
<html>
<head>
</head>
<body>
<?php
// ADDITIONAL CODE
if ( !isset($_SESSION['logged_in']) )
{
header('location: login.php');
exit();
}
// END ADDITIONAL CODE
// Then use the session data to echo their name:
<p>Welcome <b><?php echo $_SESSION['logged_in']['name']; ?></b></p>
<a href="logout.php">logout</a>
</body>
</html>
//------------------------logout.php---------------
<?php
// ADDITIONAL CODE
session_start();
unset($_SESSION['logged_in']);
// END ADDITIONAL CODE
session_destroy(); //if you want..
header('location: login.php');
exit();
//------------------------config.php---------------
<?php
mysql_connect("localhost","root","");
mysql_select_db("login2");
?>
//------------------------login.php---------------
<?php
session_start();
require('config.php');
if(isset($_POST['submit'])){
$uname = mysql_escape_string($_POST['uname']);
$pass = mysql_escape_string($_POST['pass']);
$salt = '';
$pass = md5 ($pass . $salt);
$sql = mysql_query ("SELECT * FROM `users` WHERE `uname` = '$uname' AND `pass`= '$pass' ");
if(mysql_num_rows($sql) > 0){
header("location: profile.php?username=$uname&pass=$pass");
exit();
}else{
echo "Wrong password or username";
}
}else{
?>
<form action="login.php" method="POST">
Username : <br />
<input type="text" name="uname" />
<br />
<br />
Password : <br />
<input type="password" name="pass" />
<br />
<br />
<input type="submit" name="submit" value="log in" />
</form>
<?php
}
?>
//------------------------profile.php---------------
<?php
require('config.php');
$user = $_REQUEST['username'];
$passwd = $_REQUEST['pass']
?>
<html>
<head>
</head>
<body>
<?php
$sql = mysql_query("SELECT * FROM users where `uname` = '$user' AND `pass`= '$passwd' ");
do{
$uname = $row['uname'];
$_SESSION['uname'] = $uname;
$username = $_SESSION['uname'];
}while($row = mysql_fetch_array($sql));
?>
<p>Welcome <b><?php echo $name; ?></b></p>
<a href="logout.php">logout</a>
</body>
</html>
//------------------------logout.php---------------
<?php
require('config.php');
session_destroy();
header('location: login.php');
exit();
?>