douji1077 2015-11-07 11:22
浏览 28
已采纳

登录页面中的重定向循环错误

I am going from vulnerable SQL codes into secure one, and I am trying to update my login to this:

if(isset($_POST['login'])){
    $username = $_POST['username'];
    $password = $_POST['password'];
        if($username != '' && $password!=''){
            session_start();
            $sql = "SELECT * FROM login WHERE username=? and password =?";
            $stmt = $con->prepare($sql);

            $stmt=bind_param("ss", $username, $password);
            $stmt->execute();
            $stmt->store_result();
            $num->$stmt->num_rows;
            $stmt->close();
            if($num>0){
            $_SESSION["username"] = $username;

            header("Location:homepage.php");
            die();

            } else {
                $message = "Invalid Username or Password!";
            }
    }
}

When I am launching my login page I got this message:

This webpage has a redirect loop Any help is appreciated.

EDIT homepage code:

<?php
require_once ('/include/global.php');
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Clinic Form</title>
<link href="css/1140.css" rel="stylesheet" type="text/css" />
<link href="css/style.css" rel="stylesheet" type="text/css" />
<link href="http://fonts.googleapis.com/css?family=Source+Sans+Pro:300" rel="stylesheet" type="text/css" />
</head>

<body>
<div class="container12">
  <header>
    <div class="row" align="center">
      <div class="column12"> <a href="homepage.php"><img src="images/logo.png"/></a> </div>
    </div>
    <div class="row" align="center">
      <div class="row" align="center"><a href="logout.php">Logout</a></div>
    </div>
  </header>
  <h1 id="home" align="center">&nbsp;</h1>
  <div class="alert"></div>
  <div class="column12" align="center">
    <div class="row"><a href="patients.php">
      <input type="image" value="Patient" src="images/patient.png" width="widthInPixels" height="heightInPixels" onmouseover="this.src='images/patient_roll.png';" onmouseout="this.src='images/patient.png';">
      </a> </div>
    <div class="row"><a href="/clinic form/appoint/appoint.php">
      <input type="image" value="Appointments" src="images/appointments.png" width="widthInPixels" height="heightInPixels" onmouseover="this.src='images/appointments_roll.png';" onmouseout="this.src='images/appointments.png';">
      </a> </div>
    <div class="row"><a href="/clinic form/med/med.php">
      <input type="image" value="Medicaments" src="images/med.png" width="widthInPixels" height="heightInPixels" onmouseover="this.src='images/med_roll.png';" onmouseout="this.src='images/med.png';">
      </a> </div>
    <div class="row"><a href="">
      <input type="image" value="Statistics" src="images/stat.png" width="widthInPixels" height="heightInPixels" onmouseover="this.src='images/stat_roll.png';" onmouseout="this.src='images/stat.png';">
      </a> </div>
  </div>
</div>
</body>
</html>

EDIT 2

global.php file:

<?php
session_start();
$host="localhost"; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name=""; // Database name 
$tbl_name=""; // Table name 
//if(!session_is_registered(myusername)){
//header("location:index.html");
if(isset($_SESSION['username'])) {
  echo "Page seen only by " . $_SESSION['username']."<br>";
  $con=mysqli_connect($host,$username,$password,$db_name);

}
else{
    session_destroy();
    header("location:index.php");
}
?>

EDIT 3

The entire index.php code:

<?php

require_once('/include/global.php');

/*if(isset($_POST['login'])){

    if($_POST['username'] != '' && $_POST['password']!=''){
        if(!isset($_SESSION)) 
    { 
        session_start();
        session_register('username'); 
    } 

        $result = mysql_query("SELECT * FROM login WHERE username='" . $_POST["username"] . "' and password = '". $_POST["password"]."'");
        $row  = mysql_fetch_array($result);
        if(is_array($row)) {
            $_SESSION["username"] = $row[$_POST["username"]];
            $_SESSION['username'] = $_POST["username"];

            header("Location:homepage.php");
            } else {
            $message = "Invalid Username or Password!";
        }

}else{
    $error_msg="Please fill all the fields";
}
}*/

if(isset($_POST['login'])){
    $username = $_POST['username'];
    $password = $_POST['password'];
        if($username != '' && $password!=''){
        session_start();

            $sql = "SELECT * FROM login WHERE username=? and password =?";
            $stmt = $con->prepare($sql);

            $stmt=bind_param("ss", $username, $password);
            $stmt->execute();
            $stmt->store_result();
            $num->$stmt->num_rows;
            $stmt->close();
            if($num>0){
                $_SESSION['username'] = $username;
                header("Location: homepage.php") ; die();
            } else {
                $message = "Invalid Username or Password!";
            }
    }
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Clinic Form</title>
<link href="css/1140.css" rel="stylesheet" type="text/css" />
<link href="css/style.css" rel="stylesheet" type="text/css" />
<link href="http://fonts.googleapis.com/css?family=Source+Sans+Pro:300" rel="stylesheet" type="text/css" />
</head>

<body>
<div class="container12">
  <header>
    <div class="row" align="center">
      <div class="column12"> <a href="index.php"><img src="images/logo.png"/></a> </div>
    </div>
  </header>
  <h1 id="home" align="center">Login</h1>
  <form action="" method="POST">
    <?php if(isset($message)) echo "<script type='text/javascript'>alert('$message');</script>" ?>
    <div class="alert">
      <?php if(isset($error_msg)) echo "<script type='text/javascript'>alert('$error_msg');</script>" ?>
    </div>
    <div class="column12" align="center">
      <div class="row">
        <input type="text" class="large-fld" name="username" value="" placeholder="Username"  />
      </div>
      <div class="row">
        <input type="password" class="large-fld" name="password" value="" placeholder="*****"  />
      </div>
      <div class="row">
        <input type="image" name="login" value="Login" src="images/btn.png" width="widthInPixels" height="heightInPixels" onMouseOver="this.src='images/rollOverBtn.png';" onMouseOut="this.src='images/btn.png';">
      </div>
    </div>
  </form>
</div>
</body>
</html>
  • 写回答

2条回答 默认 最新

  • dqe9657 2015-11-07 12:49
    关注

    Maybe it will help you, if you be more specific about your header. When I started I found this little peace of code and use it ever since.

    $hostname = $_SERVER["HTTP_HOST"];
$path = dirname($_SERVER["PHP_SELF"]);

header("Location: https://".$hostname.($path == "/" ? "" : $path)."/homepage.php");
die();

    But I have another question, where do you set your Session Variable $_SESSION["username"] ?

    EDIT:

    Ok, your code does this:

    You call homepage.php which includes global.php. Since there are no session variables set yet, global.php jumps into this part

    else
{
    session_destroy();
    header("location:index.php");
}

    Here you redirect to index.php. In index.php you include global.php again and exactly at this point your loop begins. So your global.php sends you to index.php in which global sends you to index.php and so on.

    On way is to simply remove the include of global.php at the very beginning of your index.php.

    Further you need to call

    $stmt->bind_param("ss", $username, $password);

    instead of

    $stmt=bind_param("ss", $username, $password);
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 随身WiFi网络灯亮但是没有网络,如何解决?
  • ¥15 gdf格式的脑电数据如何处理matlab
  • ¥20 重新写的代码替换了之后运行hbuliderx就这样了
  • ¥100 监控抖音用户作品更新可以微信公众号提醒
  • ¥15 UE5 如何可以不渲染HDRIBackdrop背景
  • ¥70 2048小游戏毕设项目
  • ¥20 mysql架构,按照姓名分表
  • ¥15 MATLAB实现区间[a,b]上的Gauss-Legendre积分
  • ¥15 delphi webbrowser组件网页下拉菜单自动选择问题
  • ¥15 linux驱动,linux应用,多线程