dsmvqp3124 2014-03-25 04:14
浏览 33
已采纳

PHP表单需要提交两次以设置会话

So I am trying to implement a login on my website but for some reason the form needs to have submit pressed twice to effectively login. I am at a complete loss as to why 

<?php
    session_start();
if(isset($_SESSION["username"])){
        print('<p>'.$_SESSION["username"]." is currently logged in");
        print('<form action="logout.php"><input type="submit" value="Log out"></form>');
    }
else{
print('<form action="index.php" method="post">
        Username: <input type="text" name="username"/><br/>
        Password: <input type="password" name="password"/><br/>
        <input type="submit" value="Log In" name="submit"/>
    </form>');
include('config.php');

if(isset($_POST['submit'])) {
    $username = mysql_real_escape_string(htmlentities($_POST['username']));
    $password = hash('sha256', mysql_real_escape_string(htmlentities($_POST['password'])));
    $mysqli = new mysqli( DB_HOST, DB_USER, DB_PASSWORD, DB_NAME );
    $qstring = 'SELECT * FROM login WHERE username = "'.$username.'" AND password = "'.$password.'"';
    $result = $mysqli->query($qstring);
    if($result->num_rows ==1)
    {

        $_SESSION['username']=$username;
        $_SESSION['password']=$password;       
    }
  • 写回答

4条回答 默认 最新

  • dounieliang4712 2014-03-25 04:33
    关注

    Since you have all your code for login, processing and showing the user is logged in at the same page with no redirect after the user is successful logged in, it takes you 2 submits to see the logged in page.

    I would suggest you splitting your login page from what you currently have into a login.php and a home.php.

    Also you should avoid querying for username and password, you should only need to retrieve the username and compare the password instead and also avoid saving the password on the session its extremely unneeded.

    login.php would have:

    <?php
session_start();
// Your database info
$db_host = '';
$db_user = '';
$db_pass = '';
$db_name = '';

if (isset($_SESSION['username']))
{
    // If the user is already logged in send to home
    header("Location: home.php");
}
else
{
    // if the user is not logged in but have submitted the login page, 
    // check its credentials and redirect to home page
    if (isset($_POST['submit']))
    {
        if (isset($_POST['username']) && isset($_POST['password']))
        {
            $con = mysqli_connect($db_host, $db_user, $db_pass, $db_name);
            if ($con->connect_error)
            {
                die('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
            }

            $sql = "SELECT username, password FROM login WHERE username = ?";
            if (!$result = $con->prepare($sql))
            {
                die('Query failed: (' . $con->errno . ') ' . $con->error);
            }

            if (!$result->bind_param('s', $_POST['username']))
            {
                die('Binding parameters failed: (' . $result->errno . ') ' . $result->error);
            }

            if (!$result->execute())
            {
                die('Execute failed: (' . $result->errno . ') ' . $result->error);
            }

            $result->store_result();
            if ($result->num_rows == 0)
            {
                die('No username found...');
            }

            $password = hash('sha256', $_POST['password']);
            $result->bind_result($db_username, $db_password);
            $result->fetch();

            if ($password == $db_password)
            {
                $_SESSION['username'] = $db_username;
                header("Location: home.php");
                exit;
            }
            else
            {
                $error = "Username or password does not match...";
            }
        }
        else
        {
            $error = "Fill the username and password to login...";
        }
    }
}
// Show the form and/or possible error messages to user if applicable
?>
<html>
<head>
<title>Login Page</title>
</head>
<body>
<?php if (isset($error)) echo $error, '<br>'; ?>
<form method="POST" action="index.php">
<label>Username</label><br /><input type="text" name="username" value=""><br />
<label>Password</label><br /><input type="password" name="password" value=""><br />
<input type="submit" name="submit" value="Login">
</form>
</body>
</html>

    And at home.php:

    <?php
session_start();
if (!isset($_SESSION['username']))
{
    // send user back to login page if he is not logged in
    header("Location: login.php");
    exit;
}
// show the home page
?>
<p><? echo $_SESSION["username"]; ?> is currently logged in.
<form action="logout.php">
<input type="submit" value="Log out">
</form>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥50 求解vmware的网络模式问题
  • ¥24 EFS加密后,在同一台电脑解密出错,证书界面找不到对应指纹的证书,未备份证书,求在原电脑解密的方法,可行即采纳
  • ¥15 springboot 3.0 实现Security 6.x版本集成
  • ¥15 PHP-8.1 镜像无法用dockerfile里的CMD命令启动 只能进入容器启动,如何解决?(操作系统-ubuntu)
  • ¥30 请帮我解决一下下面六个代码
  • ¥15 关于资源监视工具的e-care有知道的嘛
  • ¥35 MIMO天线稀疏阵列排布问题
  • ¥60 用visual studio编写程序,利用间接平差求解水准网
  • ¥15 Llama如何调用shell或者Python
  • ¥20 谁能帮我挨个解读这个php语言编的代码什么意思?