dtrnish3637 2015-08-03 19:10
浏览 126
已采纳

php - 登录时重定向用户

After trying to setup a simple login system with php and MySQL, I was informed of the MySQL depreciation so I started looking into mysqli.

Im still new to PHP and connecting to databases so I found a few online tutorials and I was able to setup a simple login script that works (I used this tutorial http://w3epic.com/php-mysql-login-system-a-super-simple-tutorial/). There is one part I am lost on.

Here is the code from my login page:

<html>
<head>
<title>User Login Form - PHP MySQL Ligin System | W3Epic.com</title>
</head>
<body>
<h1>User Login Form - PHP MySQL Ligin System | W3Epic.com</h1>
<?php
if (!isset($_POST['submit'])){
?>
<!-- The HTML login form -->
    <form action="<?=$_SERVER['PHP_SELF']?>" method="post">
        Username: <input type="text" name="username" /><br />
        Password: <input type="password" name="password" /><br />

        <input type="submit" name="submit" value="Login" />
    </form>
<?php
} else {
    require_once("db-const.php");
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
    # check connection
    if ($mysqli->connect_errno) {
        echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
        exit();
    }

    $username = $_POST['username'];
    $password = $_POST['password'];

    $sql = "SELECT * from clients WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1";
    $result = $mysqli->query($sql);
    if (!$result->num_rows == 1) {
        echo "<p>Invalid username/password combination</p>";
    } else {
        echo "<p>Logged in successfully</p>";
        // do stuffs
    }
}
?>      
</body>
</html>

It works and I am able to login.

However, I would like to re-direct the user to another page based on if it finds a match in the database or not

My thought was to do something like:

if (!$result->num_rows == 1) {
    echo "<p>Invalid username/password combination</p>";
    header( 'Location: http://www.galactek.com/support/offmaint.html' );
} else {
    echo "<p>Logged in successfully</p>";
    // do stuffs
    header("Location:output.php");
}

However, this produces an error:

Warning: Cannot modify header information - headers already sent by (output started at /home4/galactek/public_html/test/login.php:7) in /home4/galactek/public_html/test/login.php on line 38

How can I successfully redirect the user?

  • 写回答

1条回答 默认 最新

  • dongshi4078 2015-08-03 19:15
    关注

    You need to do your password check at the very top of the page. You are not allowed to change the header if anything is written to the output already (like the HTML and head tags before your PHP). Additionally, look up parameterized SQL queries as that will help prevent SQL injections that you are currently vulnerble too

    <?php
    header("Location: " . my_url);

    <?php
$failed = false;
if (isset($_POST["username"]) && isset($_POST["password"])) {
    require_once("db-const.php");
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

    # check connection
    if ($mysqli->connect_errno) {
        echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
        exit();
    }

    $username = $_POST['username'];
    $password = $_POST['password'];

    $sql    = "SELECT * from clients WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1";
    $result = $mysqli->query($sql);

    if ($result->num_rows == 1) {
        //redirect the user to their account page since they logged in!
        header("Location: http://example.com/youraccount");
    } else {
        $failed = true;
    }
}
?>
<html>
<head>
<title>User Login Form - PHP MySQL Ligin System | W3Epic.com</title>
</head>
<body>
<h1>User Login Form - PHP MySQL Ligin System | W3Epic.com</h1>
<!-- The HTML login form -->
    <form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
        Username: <input type="text" name="username" /><br />
        Password: <input type="password" name="password" /><br />

        <input type="submit" name="submit" value="Login" />
    </form>
<?php

if ($failed) {
    echo "<p>Invalid username/password combination</p>";
}
?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?