dtrnish3637 2015-08-03 19:10
浏览 126
已采纳

php - 登录时重定向用户

After trying to setup a simple login system with php and MySQL, I was informed of the MySQL depreciation so I started looking into mysqli.

Im still new to PHP and connecting to databases so I found a few online tutorials and I was able to setup a simple login script that works (I used this tutorial http://w3epic.com/php-mysql-login-system-a-super-simple-tutorial/). There is one part I am lost on.

Here is the code from my login page:

<html>
<head>
<title>User Login Form - PHP MySQL Ligin System | W3Epic.com</title>
</head>
<body>
<h1>User Login Form - PHP MySQL Ligin System | W3Epic.com</h1>
<?php
if (!isset($_POST['submit'])){
?>
<!-- The HTML login form -->
    <form action="<?=$_SERVER['PHP_SELF']?>" method="post">
        Username: <input type="text" name="username" /><br />
        Password: <input type="password" name="password" /><br />

        <input type="submit" name="submit" value="Login" />
    </form>
<?php
} else {
    require_once("db-const.php");
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
    # check connection
    if ($mysqli->connect_errno) {
        echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
        exit();
    }

    $username = $_POST['username'];
    $password = $_POST['password'];

    $sql = "SELECT * from clients WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1";
    $result = $mysqli->query($sql);
    if (!$result->num_rows == 1) {
        echo "<p>Invalid username/password combination</p>";
    } else {
        echo "<p>Logged in successfully</p>";
        // do stuffs
    }
}
?>      
</body>
</html>

It works and I am able to login.

However, I would like to re-direct the user to another page based on if it finds a match in the database or not

My thought was to do something like:

if (!$result->num_rows == 1) {
    echo "<p>Invalid username/password combination</p>";
    header( 'Location: http://www.galactek.com/support/offmaint.html' );
} else {
    echo "<p>Logged in successfully</p>";
    // do stuffs
    header("Location:output.php");
}

However, this produces an error:

Warning: Cannot modify header information - headers already sent by (output started at /home4/galactek/public_html/test/login.php:7) in /home4/galactek/public_html/test/login.php on line 38

How can I successfully redirect the user?

  • 写回答

1条回答 默认 最新

  • dongshi4078 2015-08-03 19:15
    关注

    You need to do your password check at the very top of the page. You are not allowed to change the header if anything is written to the output already (like the HTML and head tags before your PHP). Additionally, look up parameterized SQL queries as that will help prevent SQL injections that you are currently vulnerble too

    <?php
    header("Location: " . my_url);

    <?php
$failed = false;
if (isset($_POST["username"]) && isset($_POST["password"])) {
    require_once("db-const.php");
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

    # check connection
    if ($mysqli->connect_errno) {
        echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
        exit();
    }

    $username = $_POST['username'];
    $password = $_POST['password'];

    $sql    = "SELECT * from clients WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1";
    $result = $mysqli->query($sql);

    if ($result->num_rows == 1) {
        //redirect the user to their account page since they logged in!
        header("Location: http://example.com/youraccount");
    } else {
        $failed = true;
    }
}
?>
<html>
<head>
<title>User Login Form - PHP MySQL Ligin System | W3Epic.com</title>
</head>
<body>
<h1>User Login Form - PHP MySQL Ligin System | W3Epic.com</h1>
<!-- The HTML login form -->
    <form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
        Username: <input type="text" name="username" /><br />
        Password: <input type="password" name="password" /><br />

        <input type="submit" name="submit" value="Login" />
    </form>
<?php

if ($failed) {
    echo "<p>Invalid username/password combination</p>";
}
?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 运筹学中在线排序的时间在线排序的在线LPT算法
  • ¥30 求一段fortran代码用IVF编译运行的结果
  • ¥15 深度学习根据CNN网络模型,搭建BP模型并训练MNIST数据集
  • ¥15 lammps拉伸应力应变曲线分析
  • ¥15 C++ 头文件/宏冲突问题解决
  • ¥15 用comsol模拟大气湍流通过底部加热(温度不同)的腔体
  • ¥50 安卓adb backup备份子用户应用数据失败
  • ¥20 有人能用聚类分析帮我分析一下文本内容嘛
  • ¥15 请问Lammps做复合材料拉伸模拟,应力应变曲线问题
  • ¥30 python代码,帮调试,帮帮忙吧