douxing6434 2012-06-07 16:51
浏览 61
已采纳

使用$ _SESSION ['url']将checklogin.php重定向到index.php

I have a checklogin.php script that works fine to redirect a user to a specific page on successful login. I now want to set it to redirect to the original index.php page that redirected the user to the login form. At the top of index.php I include:

<?php
session_start();

$_SESSION['url'] = $_SERVER['REQUEST_URI'];

if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>

I have checked that $_SESSION['url'] is getting correctly set on this page.

main_login.php just contains the login form which is processed by checklogin.php:

<form name="form1" method="post" action="checklogin.php">

and $_SESSION['url'] is getting correctly set on this page too.

checklogin.php looks like this:

<?php
session_start();

print_r($_SESSION['url']);

ob_start();
$host="localhost"; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name=""; // Database name 
$tbl_name=""; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$encrypted_mypassword=md5($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:$_SESSION['url']");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>

As you can see I am trying to print $_SESSION['url'] at the top of this script but nothing is getting returned.

Could someone help with this?

Thanks,

Nick

  • 写回答

1条回答 默认 最新

  • drutjkpsr67393592 2012-06-07 18:19
    关注

    You cannot insert a "complex" variable like $_SESSION['url'] inside a litteral string, like the following statement:

    header("location:$_SESSION['url']");

    In my version of PHP (5.3.10), it produces the following error:

    PHP Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/.../test.php on line ...

    Indeed, if you want to output a field in an array, you should use concatenation:

    header("Location: " . $_SESSION['url']);

    This may be the source of your problem. Depending on PHP configuration, it may not display the error and just output a blank page, check the php logs to be sure.

    The best practice is to use this whenever you want to output the value of a variable in a string.

    For example, do not use echo "Foo: $foo";, use instead echo "Foo : ". $foo;

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

  • 使用$ _SESSION ['url']将checklogin.php重定向index.php php
    2012-06-07 16:51
    回答 1 已采纳 You cannot insert a "complex" variable like $_SESSION['url'] inside a litteral string, like the fo
  • PHP会话问题 - 检查登录 php
    2014-02-24 19:32
    回答 2 已采纳 You need to put session_start() at the top-side of your PHP file, outside of the checkLogin() func
  • PHP session_start错误(没有找到这样的文件或目录) php
    2015-12-01 17:03
    回答 1 已采纳 It's a configuration error. Check the line below on your php.ini file: session.save_path = "/tmp
  • phpWeb
    2017-12-13 21:38
    wel1的博客 主要关于网络应用中使用php实现会话控制、编写验证码、文件上传下载等。 二、 会话控制技术 1. 会话控制的需求 当用户通过正确的用户名和密码等登录信息,登录到网站后,那么需要有一个标识能够标明这个用户是...
  • php登录脚本未定义的变量:_session脚本 php
    2012-09-26 15:09
    回答 2 已采纳 It is $_SESSION not $_session you also need to add session_start() on top of the page FROM PHP DO
  • 会话更改head.php的条件 php
    2014-10-15 15:39
    回答 1 已采纳 When you say "i have tried this one." if(isset($_SESSION['isCustomer'])){ include 'includes/c
  • PHP使用会话变量时,登录页面无法进入主页 php
    2016-02-17 07:58
    回答 1 已采纳 You are missing session_start() on your checklogin.php. Without session_start() your following co
  • CTFshow_终极考核_个人WP
    2022-01-05 20:48
    ScyLamb的博客 CTFshow_终极考核 参考 不打算参考 0x00 web640 flag_640=ctfshow{060ae7a27d203604baeb125f939570ef} ...PHP/7.3.22 nginx/1.21.1 ] [10:52:15] 200 - 43B - /.bowerrc [10:53:35] 200 - 34B - /.gitign
  • php password_hash和password_verify失败 php
    2017-10-22 11:17
    回答 2 已采纳 You can do this via while loop and mysqli_fetch_array(). That must solve your problem.: [UPDATED]
  • $ _POST突然抛出错误[重复] apache mysql php
    2016-02-15 10:01
    回答 3 已采纳 Since PHP 5.4, you cannot use a superglobal as the parameter to a function $_POST is globally acc
  • PHP和MySQL - 检查是否已经使用了用户名 mysql php
    2016-07-30 07:46
    回答 3 已采纳 As an example of how to use prepared statements you might be able to make use of the following ( n
  • PHP十天快速入门等收集资料
    2014-05-01 03:34
    lzid2008的博客 PHP十天快速入门   (2009-01-21 09:14:47) 转载▼ 标签:  杂谈 第一天: 下面简单介绍一下PHP的语法。  1、嵌入方法:  类似ASP的,当然您也可以自己指定。 ...
  • 使用session隐藏php中的表 html php
    2011-01-03 18:55
    回答 3 已采纳 you should set a session variable after login. and then check it before printing table. <?php
  • Node.js笔记
    2015-07-19 09:30
    hzw.000的博客 一, forEach不支持break,发现break后面的还是会执行,就老老实实用for遍历了。   二, sys.puts:简单地打印在日志中给定的字符串。...通常在网上看到安装是使用的这种方式 npm install connect,即 npm ins
  • 网络渗透笔记
    2022-04-07 19:44
    雅上·的博客 LANMP是Linux下Apache、Nginx、MySQL和PHP的应用环境,本节演示的是WDLinux的一款集成的安装包。 首先,下载需要的安装包,命令如下所示。 wegt http://dl.wdlinux.cn/files/lanmp_v3.tar.gz 下载完成后进行解压...
  • easypan部署 & qq登录
    2023-05-23 23:39
    ps酷教程的博客 文章目录项目部署学习链接1.安装ffmpeglinux centos下安装ffmpeg的详细教程2. springboot + maven 多环境配置文件pom.xml...FFmpeg视频处理入门教程----从安装到使用(Linux版) linux下ffmpeg安装教程(小学生都
  • Web安全防攻(渗透测试)
    2022-04-07 00:44
    永远的小萌新11的博客 LANMP是Linux下Apache、Nginx、MySQL和PHP的应用环境,本节演示的是WDLinux的一款集成的安装包。 首先,下载需要的安装包,命令如下所示。 wegt http://dl.wdlinux.cn/files/lanmp_v3.tar.gz 下载完成后进行解压...
  • JavaWeb
    2023-04-02 19:49
    我有点小叛逆的博客 基于ServletContext获取资源文件 6.5、HttpServletResponse 简单分类 下载文件 验证码功能 重定向(重点) 6.6、HttpServletRequest 获取参数、请求转发 七、Cookie、Session 7.1、会话 7.2、保存会话的两种技术 7.3...
  • 渗透测试实战指南笔记
    2022-04-07 20:02
    芋泥酪袋的博客 LANMP是Linux下Apache、Nginx、MySQL和PHP的应用环境,本节演示的是WDLinux的一款集成的安装包。 首先,下载需要的安装包,命令如下所示。 wegt http://dl.wdlinux.cn/files/lanmp_v3.tar.gz 下载完成后进行解压...
  • wed安全攻防
    2022-04-07 00:26
    Yang____xiao的博客 Metasploit框架( Metasploit Framework,MsF)旨在方便渗透测试,具有很好的扩展性,便于渗透测试人员开发、使用定制的工具模板。 Metasploit可向后端模块提供多种用来控制测试的接口(如控制台、Web、CLD)。Metas
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥50 求解vmware的网络模式问题 别拿AI回答
  • ¥24 EFS加密后,在同一台电脑解密出错,证书界面找不到对应指纹的证书,未备份证书,求在原电脑解密的方法,可行即采纳
  • ¥15 springboot 3.0 实现Security 6.x版本集成
  • ¥15 PHP-8.1 镜像无法用dockerfile里的CMD命令启动 只能进入容器启动,如何解决?(操作系统-ubuntu)
  • ¥30 请帮我解决一下下面六个代码
  • ¥15 关于资源监视工具的e-care有知道的嘛
  • ¥35 MIMO天线稀疏阵列排布问题
  • ¥60 用visual studio编写程序,利用间接平差求解水准网
  • ¥15 Llama如何调用shell或者Python
  • ¥20 谁能帮我挨个解读这个php语言编的代码什么意思?