douzhang7184 2016-02-02 20:57
浏览 74
已采纳

重定向php页面成功登录

A very nice person from inhere helped me making a login form with cookies, and it works perfectly fine. So when I login I get redirected to home.php, where I also can logout. But I am not quite sure of something. If I have a succesfull login, I would like to get redirected to profile.php, and not home.php?

Best Regards Julie

index.php:

    <?php
    $error='';
    if( !isset( $_SESSION ) ) session_start();

    if( !isset( $_SESSION['username'])) include('login.php'); 
    else exit( header('Location: home.php') ); 
?>
<!doctype html>
<html>
    <head>
        <meta charset='utf-8'>
        <title>PHP Login Form with Session</title>
        <link rel='stylesheet' href='style.css' type='text/css' />
    </head>
    <body>
        <h1>PHP Login Form with Session</h1>
        <div class='loginBox'>
            <h3>Login Form</h3>
            <br><br>
            <form method='post' action=''>
                <label>Username:</label><br>
                <input type='text' name='username' placeholder='username' /><br><br>
                <label>Password:</label><br>
                <input type='password' name='password' placeholder='password' /><br><br>
                <input type='submit' name='submit' value='Login' /> 
            </form>
            <div class='error'><?php echo $error;?></div>
        </div>
    </body>
</html>

login.php:

    <?php
    /* login.php */

    if( !isset( $_SESSION ) ) session_start();
    include('dbconfic.inc.php' );

    $error = '';

    if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['submit'] ) ) {


        if( empty( $_POST['username'] ) || empty( $_POST['password'] ) ){

            $error = 'Both fields are required.';

        } else {

            /* 
                Use prepared statements - mitigates agsint sql injection.
                Use placeholders in the sql which are used by the `bind_param` statement
            */
            $sql='SELECT `uid` FROM `users` WHERE `username`=? AND md5( `password` )=? limit 1 ';
            $stmt=$db->prepare( $sql );
            if( !$stmt ) exit('Failed to prepare sql statement');
            /* 
                md5 is not recommended for password hashing as it is generally considered to be broken
                bind the variables to the placeholders & execute the sql
            */
            $username=$_POST['username']; 
            $password=md5( $_POST['password'] ); 

            $stmt->bind_param('ss', $username, $password ); 
            $res=$stmt->execute();


            /* bind the result of the query to a variable */
            $stmt->bind_result( $login_user );
            while( $stmt->fetch() ){
                /* go through recordset ( 1 record ) */
                $_SESSION['username'] = $login_user;
            }

            $stmt->close();
            $db->close();

            if( isset( $_SESSION['username'] ) ) exit( header( 'location: home.php' ) );
            else $error='Incorrect username or password.';
        }
    }
?>

home.php:

<?php
    /* home.php */
    if( !isset( $_SESSION ) ) session_start();
    if( !isset( $_SESSION['username'] ) ) exit( header('Location: index.php') );

?>
 <!doctype html>
<html>
    <head>
        <meta charset="utf-8">
        <title>Home</title>
        <link rel="stylesheet" href="style.css" type="text/css" />
    </head>

    <body>
        <h1 class="hello">Hello, <em><?php echo $_SESSION['username'];?>!</em></h1>
        <br><br><br>
        <a href="logout.php" style="font-size:18px">Logout?</a>
        <a href="test.php">test</a>
    </body>
</html>
  • 写回答

1条回答 默认 最新

  • duanqiu9104 2016-02-02 21:02
    关注

    Its make only a difference in the file structure else it would be for the client side no problem. Also do that with my index.php (Also my main page and with login the profile page).

    Tip: Don't use md5 encryttion for passwords. Use the PHP 5.x password hashing libary. MD5 and SHA are today unsafe. Passwors_hashing libary is the securest way with hashing passwords

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 seatunnel-web使用SQL组件时候后台报错,无法找到表格
  • ¥15 fpga自动售货机数码管(相关搜索:数字时钟)
  • ¥15 用前端向数据库插入数据,通过debug发现数据能走到后端,但是放行之后就会提示错误
  • ¥30 3天&7天&&15天&销量如何统计同一行
  • ¥30 帮我写一段可以读取LD2450数据并计算距离的Arduino代码
  • ¥15 飞机曲面部件如机翼,壁板等具体的孔位模型
  • ¥15 vs2019中数据导出问题
  • ¥20 云服务Linux系统TCP-MSS值修改?
  • ¥20 关于#单片机#的问题:项目:使用模拟iic与ov2640通讯环境:F407问题:读取的ID号总是0xff,自己调了调发现在读从机数据时,SDA线上并未有信号变化(语言-c语言)
  • ¥20 怎么在stm32门禁成品上增加查询记录功能