重定向php页面成功登录

A very nice person from inhere helped me making a login form with cookies, and it works perfectly fine. So when I login I get redirected to home.php, where I also can logout. But I am not quite sure of something. If I have a succesfull login, I would like to get redirected to profile.php, and not home.php?

Best Regards Julie

index.php:

    <?php
    $error='';
    if( !isset( $_SESSION ) ) session_start();

    if( !isset( $_SESSION['username'])) include('login.php'); 
    else exit( header('Location: home.php') ); 
?>
<!doctype html>
<html>
    <head>
        <meta charset='utf-8'>
        <title>PHP Login Form with Session</title>
        <link rel='stylesheet' href='style.css' type='text/css' />
    </head>
    <body>
        <h1>PHP Login Form with Session</h1>
        <div class='loginBox'>
            <h3>Login Form</h3>
            <br><br>
            <form method='post' action=''>
                <label>Username:</label><br>
                <input type='text' name='username' placeholder='username' /><br><br>
                <label>Password:</label><br>
                <input type='password' name='password' placeholder='password' /><br><br>
                <input type='submit' name='submit' value='Login' /> 
            </form>
            <div class='error'><?php echo $error;?></div>
        </div>
    </body>
</html>

login.php:

    <?php
    /* login.php */

    if( !isset( $_SESSION ) ) session_start();
    include('dbconfic.inc.php' );

    $error = '';

    if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['submit'] ) ) {


        if( empty( $_POST['username'] ) || empty( $_POST['password'] ) ){

            $error = 'Both fields are required.';

        } else {

            /* 
                Use prepared statements - mitigates agsint sql injection.
                Use placeholders in the sql which are used by the `bind_param` statement
            */
            $sql='SELECT `uid` FROM `users` WHERE `username`=? AND md5( `password` )=? limit 1 ';
            $stmt=$db->prepare( $sql );
            if( !$stmt ) exit('Failed to prepare sql statement');
            /* 
                md5 is not recommended for password hashing as it is generally considered to be broken
                bind the variables to the placeholders & execute the sql
            */
            $username=$_POST['username']; 
            $password=md5( $_POST['password'] ); 

            $stmt->bind_param('ss', $username, $password ); 
            $res=$stmt->execute();


            /* bind the result of the query to a variable */
            $stmt->bind_result( $login_user );
            while( $stmt->fetch() ){
                /* go through recordset ( 1 record ) */
                $_SESSION['username'] = $login_user;
            }

            $stmt->close();
            $db->close();

            if( isset( $_SESSION['username'] ) ) exit( header( 'location: home.php' ) );
            else $error='Incorrect username or password.';
        }
    }
?>

home.php:

<?php
    /* home.php */
    if( !isset( $_SESSION ) ) session_start();
    if( !isset( $_SESSION['username'] ) ) exit( header('Location: index.php') );

?>
 <!doctype html>
<html>
    <head>
        <meta charset="utf-8">
        <title>Home</title>
        <link rel="stylesheet" href="style.css" type="text/css" />
    </head>

    <body>
        <h1 class="hello">Hello, <em><?php echo $_SESSION['username'];?>!</em></h1>
        <br><br><br>
        <a href="logout.php" style="font-size:18px">Logout?</a>
        <a href="test.php">test</a>
    </body>
</html>
查看全部
douzhang7184
douzhang7184
2016/02/02 20:57
  • redirect
  • php
  • 点赞
  • 收藏
  • 回答
    私信
满意答案
查看全部

1个回复