duanbi1983 2011-03-23 08:58
浏览 19
已采纳

我的PHP会话无法正常工作

i've created a login page for my website which works correctly but if I just type the webpage in after the url I can access it without even logging in!

I need it so that you can only access a page if your logged in.

so my login page uses a form which in turn uses the check login script.

           <?php
            $host="localhost"; // Host name
            $username="blank"; // Mysql username
            $password="blank"; // Mysql password
            $db_name="blank"; // Database name
            $tbl_name="members"; // Table name

             // Connect to server and select databse.
            mysql_connect("$host", "$username", "$password")or die("cannot connect");
            mysql_select_db("$db_name")or die("cannot select DB");

            // username and password sent from form
            $myusername=$_POST['myusername'];
             $mypassword=$_POST['mypassword'];

             // To protect MySQL injection (more detail about MySQL injection)
             $myusername = stripslashes($myusername);
             $mypassword = stripslashes($mypassword);
             $myusername = mysql_real_escape_string($myusername);
             $mypassword = mysql_real_escape_string($mypassword);

             $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and      password='$mypassword'";
            $result=mysql_query($sql);

            // Mysql_num_row is counting table row
            $count=mysql_num_rows($result);
            // If result matched $myusername and $mypassword, table row must be 1 row

            if($count==1){
           // Register $myusername, $mypassword and redirect to file "login_success.php"
         session_register("myusername");
          session_register("mypassword");
         header("location:login_success.php");
         }
         else {
         Print "<html>";
         Print "<head>";
         Print "<link href='styles.css' rel='stylesheet' type='text/css' />";
         Print "</head>";
         Print "<body>";
         Print "<img src=images/banner2.png  alt='banner' />";
         Print "<p>Wrong Username or Bad Password.</p>";
         Print "<p>Or <a href='./index.html'>Click Here</a> to try again.</p>";
         Print "</body>";
         Print "</html>";
         }
         ?>

and on each page I have:

<?php
 session_start();
 if(!session_is_registered(myusername)){
 header("location: index.html");
 }
 ?>

the password form works if you dont have a valid password then it says wrong password, but I can still access every page if I know their names.

thanks

  • 写回答

3条回答 默认 最新

  • doufeixuan8882 2011-03-23 09:07
    关注

    This function has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.

    and you should use write code below way

    <?php
        if($count==1){
            session_start();            
            $_SESSION['$myusername'];
            $_SESSION['$mypassword'];
            header("location:login_success.php");
         }
         else {
         session_unset();
         session_destroy();
         $_SESSION = array();
         session_start();        
         }
?>

    and on each page check this

    $authorized=false;
@session_start();
if(isset($_SESSION['$myusername'] && isset($_SESSION['$mypassword']);
{
    $authorized = true;
}

if(!authorized)
{
    header('location:index.html');
    exit();
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 什么设备可以研究OFDM的60GHz毫米波信道模型
  • ¥15 不知道是该怎么引用多个函数片段
  • ¥15 爬取1-112页所有帖子的标题但是12页后要登录后才能 我使用selenium模拟登录 账号密码输入后 会报错 不知道怎么弄了
  • ¥30 关于用python写支付宝扫码付异步通知收不到的问题
  • ¥50 vue组件中无法正确接收并处理axios请求
  • ¥15 隐藏系统界面pdf的打印、下载按钮
  • ¥15 基于pso参数优化的LightGBM分类模型
  • ¥15 安装Paddleocr时报错无法解决
  • ¥15 python中transformers可以正常下载,但是没有办法使用pipeline
  • ¥50 分布式追踪trace异常问题