Php 如何询问登录是否写在url上
index.phpPhp 如何询问登录是否写在url上,php,html,mysqli,Php,Html,Mysqli,index.php <?php session_start(); ?> <?php include('dbcon.php'); ?> <html> <head> <link rel="stylesheet" type="text/css" href="style.css"> </head> <body> <div class="form-wrapper"> <form action="#"
<?php session_start(); ?>
<?php include('dbcon.php'); ?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="form-wrapper">
<form action="#" method="post">
<h3>Login here</h3>
<div class="form-item">
<input type="text" name="user" required="required" placeholder="Username" autofocus required></input>
</div>
<div class="form-item">
<input type="password" name="pass" required="required" placeholder="Password" required></input>
</div>
<div class="button-panel">
<input type="submit" class="button" title="Log In" name="login" value="Login"></input>
</div>
</form>
<?php
if (isset($_POST['login']))
{
$username = mysqli_real_escape_string($con, $_POST['user']);
$password = mysqli_real_escape_string($con, $_POST['pass']);
$query = mysqli_query($con, "SELECT * FROM users WHERE password='$password' and username='$username'");
$row = mysqli_fetch_array($query);
$num_row = mysqli_num_rows($query);
if ($num_row > 0)
{
$_SESSION['user_id']=$row['user_id'];
header('location:home.php');
}
else
{
echo 'Invalid Username and Password Combination';
}
}
?>
</div>
</body>
</html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Client Management System</title>
<link rel="stylesheet" type="text/css" href="css/style_entry.css" />
<link rel="stylesheet" type="text/css" href="css/home_menu.css" />
<link rel="stylesheet" type="text/css" href="css/container.css" />
</head>
<body style="background-color:gray"/>
<div class="container">
<div class="dropdown">
<button class="dropbtn">Entry</button>
<div class="dropdown-content">
<a href="marketInfo.php">Market Information</a>
<a href="bankInfo.php">bank Information</a>
<a href="clientInfo.php">Client Information</a>
</div>
</div>
<a href="Edit.php">Edit</a>
<a href="billProcess.php">Bill Process</a>
<a href="billPrint.php">Bill Print</a>
<a href="billPosting.php">Bill Posting</a>
<a href="report.php">Report</a>
<a href="admin.php">Admin</a>
<a href="help.php">Help</a>
<a href="help.php">Help</a>
<li style="float:right"><a class="active" href="logout.php">Logout</a></li>
</body>
<?php
session_start();
session_destroy();
header('location:index.php');
?>
在这里登录
1st:在需要检查会话是否存在的每个页面顶部。如果存在会话,则允许用户查看页面,否则将页面重定向到登录页面
if(!isset($_SESSION['user_id'])){
header('Location:login.php');
exit();
}
注意:会话是全局可访问的变量。基于此,您需要创建逻辑。创建一个文件“login\u check.php”
<?php
if(isset($_SESSION['user_id'])){
}else{
header("location:login.php");
}
?>
将此文件包含在只有登录用户才能访问的页面中。其工作原理。此登录是否通过sql注入安全?您已经在使用mysqli_real_escape_string(),因此它在某种程度上通过sql注入安全?如何设置时间限制?登录系统后,如果10分钟内未获得任何刷新,则会自动转到登录页面。