dsmvqp3124 2014-03-25 04:14
浏览 33
已采纳

PHP表单需要提交两次以设置会话

So I am trying to implement a login on my website but for some reason the form needs to have submit pressed twice to effectively login. I am at a complete loss as to why

<?php
    session_start();
if(isset($_SESSION["username"])){
        print('<p>'.$_SESSION["username"]." is currently logged in");
        print('<form action="logout.php"><input type="submit" value="Log out"></form>');
    }
else{
print('<form action="index.php" method="post">
        Username: <input type="text" name="username"/><br/>
        Password: <input type="password" name="password"/><br/>
        <input type="submit" value="Log In" name="submit"/>
    </form>');
include('config.php');

if(isset($_POST['submit'])) {
    $username = mysql_real_escape_string(htmlentities($_POST['username']));
    $password = hash('sha256', mysql_real_escape_string(htmlentities($_POST['password'])));
    $mysqli = new mysqli( DB_HOST, DB_USER, DB_PASSWORD, DB_NAME );
    $qstring = 'SELECT * FROM login WHERE username = "'.$username.'" AND password = "'.$password.'"';
    $result = $mysqli->query($qstring);
    if($result->num_rows ==1)
    {

        $_SESSION['username']=$username;
        $_SESSION['password']=$password;       
    }
  • 写回答

4条回答 默认 最新

  • dounieliang4712 2014-03-25 04:33
    关注

    Since you have all your code for login, processing and showing the user is logged in at the same page with no redirect after the user is successful logged in, it takes you 2 submits to see the logged in page.

    I would suggest you splitting your login page from what you currently have into a login.php and a home.php.

    Also you should avoid querying for username and password, you should only need to retrieve the username and compare the password instead and also avoid saving the password on the session its extremely unneeded.

    login.php would have:

    <?php
    session_start();
    // Your database info
    $db_host = '';
    $db_user = '';
    $db_pass = '';
    $db_name = '';
    
    if (isset($_SESSION['username']))
    {
        // If the user is already logged in send to home
        header("Location: home.php");
    }
    else
    {
        // if the user is not logged in but have submitted the login page, 
        // check its credentials and redirect to home page
        if (isset($_POST['submit']))
        {
            if (isset($_POST['username']) && isset($_POST['password']))
            {
                $con = mysqli_connect($db_host, $db_user, $db_pass, $db_name);
                if ($con->connect_error)
                {
                    die('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
                }
    
                $sql = "SELECT username, password FROM login WHERE username = ?";
                if (!$result = $con->prepare($sql))
                {
                    die('Query failed: (' . $con->errno . ') ' . $con->error);
                }
    
                if (!$result->bind_param('s', $_POST['username']))
                {
                    die('Binding parameters failed: (' . $result->errno . ') ' . $result->error);
                }
    
                if (!$result->execute())
                {
                    die('Execute failed: (' . $result->errno . ') ' . $result->error);
                }
    
                $result->store_result();
                if ($result->num_rows == 0)
                {
                    die('No username found...');
                }
    
                $password = hash('sha256', $_POST['password']);
                $result->bind_result($db_username, $db_password);
                $result->fetch();
    
                if ($password == $db_password)
                {
                    $_SESSION['username'] = $db_username;
                    header("Location: home.php");
                    exit;
                }
                else
                {
                    $error = "Username or password does not match...";
                }
            }
            else
            {
                $error = "Fill the username and password to login...";
            }
        }
    }
    // Show the form and/or possible error messages to user if applicable
    ?>
    <html>
    <head>
    <title>Login Page</title>
    </head>
    <body>
    <?php if (isset($error)) echo $error, '<br>'; ?>
    <form method="POST" action="index.php">
    <label>Username</label><br /><input type="text" name="username" value=""><br />
    <label>Password</label><br /><input type="password" name="password" value=""><br />
    <input type="submit" name="submit" value="Login">
    </form>
    </body>
    </html>
    

    And at home.php:

    <?php
    session_start();
    if (!isset($_SESSION['username']))
    {
        // send user back to login page if he is not logged in
        header("Location: login.php");
        exit;
    }
    // show the home page
    ?>
    <p><? echo $_SESSION["username"]; ?> is currently logged in.
    <form action="logout.php">
    <input type="submit" value="Log out">
    </form>
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 BP神经网络控制倒立摆
  • ¥20 要这个数学建模编程的代码 并且能完整允许出来结果 完整的过程和数据的结果
  • ¥15 html5+css和javascript有人可以帮吗?图片要怎么插入代码里面啊
  • ¥30 Unity接入微信SDK 无法开启摄像头
  • ¥20 有偿 写代码 要用特定的软件anaconda 里的jvpyter 用python3写
  • ¥20 cad图纸,chx-3六轴码垛机器人
  • ¥15 移动摄像头专网需要解vlan
  • ¥20 access多表提取相同字段数据并合并
  • ¥20 基于MSP430f5529的MPU6050驱动,求出欧拉角
  • ¥20 Java-Oj-桌布的计算