douji1077 2015-11-07 11:22
浏览 28
已采纳

登录页面中的重定向循环错误

I am going from vulnerable SQL codes into secure one, and I am trying to update my login to this:

if(isset($_POST['login'])){
    $username = $_POST['username'];
    $password = $_POST['password'];
        if($username != '' && $password!=''){
            session_start();
            $sql = "SELECT * FROM login WHERE username=? and password =?";
            $stmt = $con->prepare($sql);

            $stmt=bind_param("ss", $username, $password);
            $stmt->execute();
            $stmt->store_result();
            $num->$stmt->num_rows;
            $stmt->close();
            if($num>0){
            $_SESSION["username"] = $username;

            header("Location:homepage.php");
            die();

            } else {
                $message = "Invalid Username or Password!";
            }
    }
}

When I am launching my login page I got this message:

This webpage has a redirect loop Any help is appreciated.

EDIT homepage code:

<?php
require_once ('/include/global.php');
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Clinic Form</title>
<link href="css/1140.css" rel="stylesheet" type="text/css" />
<link href="css/style.css" rel="stylesheet" type="text/css" />
<link href="http://fonts.googleapis.com/css?family=Source+Sans+Pro:300" rel="stylesheet" type="text/css" />
</head>

<body>
<div class="container12">
  <header>
    <div class="row" align="center">
      <div class="column12"> <a href="homepage.php"><img src="images/logo.png"/></a> </div>
    </div>
    <div class="row" align="center">
      <div class="row" align="center"><a href="logout.php">Logout</a></div>
    </div>
  </header>
  <h1 id="home" align="center">&nbsp;</h1>
  <div class="alert"></div>
  <div class="column12" align="center">
    <div class="row"><a href="patients.php">
      <input type="image" value="Patient" src="images/patient.png" width="widthInPixels" height="heightInPixels" onmouseover="this.src='images/patient_roll.png';" onmouseout="this.src='images/patient.png';">
      </a> </div>
    <div class="row"><a href="/clinic form/appoint/appoint.php">
      <input type="image" value="Appointments" src="images/appointments.png" width="widthInPixels" height="heightInPixels" onmouseover="this.src='images/appointments_roll.png';" onmouseout="this.src='images/appointments.png';">
      </a> </div>
    <div class="row"><a href="/clinic form/med/med.php">
      <input type="image" value="Medicaments" src="images/med.png" width="widthInPixels" height="heightInPixels" onmouseover="this.src='images/med_roll.png';" onmouseout="this.src='images/med.png';">
      </a> </div>
    <div class="row"><a href="">
      <input type="image" value="Statistics" src="images/stat.png" width="widthInPixels" height="heightInPixels" onmouseover="this.src='images/stat_roll.png';" onmouseout="this.src='images/stat.png';">
      </a> </div>
  </div>
</div>
</body>
</html>

EDIT 2

global.php file:

<?php
session_start();
$host="localhost"; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name=""; // Database name 
$tbl_name=""; // Table name 
//if(!session_is_registered(myusername)){
//header("location:index.html");
if(isset($_SESSION['username'])) {
  echo "Page seen only by " . $_SESSION['username']."<br>";
  $con=mysqli_connect($host,$username,$password,$db_name);

}
else{
    session_destroy();
    header("location:index.php");
}
?>

EDIT 3

The entire index.php code:

<?php

require_once('/include/global.php');

/*if(isset($_POST['login'])){

    if($_POST['username'] != '' && $_POST['password']!=''){
        if(!isset($_SESSION)) 
    { 
        session_start();
        session_register('username'); 
    } 

        $result = mysql_query("SELECT * FROM login WHERE username='" . $_POST["username"] . "' and password = '". $_POST["password"]."'");
        $row  = mysql_fetch_array($result);
        if(is_array($row)) {
            $_SESSION["username"] = $row[$_POST["username"]];
            $_SESSION['username'] = $_POST["username"];

            header("Location:homepage.php");
            } else {
            $message = "Invalid Username or Password!";
        }

}else{
    $error_msg="Please fill all the fields";
}
}*/

if(isset($_POST['login'])){
    $username = $_POST['username'];
    $password = $_POST['password'];
        if($username != '' && $password!=''){
        session_start();

            $sql = "SELECT * FROM login WHERE username=? and password =?";
            $stmt = $con->prepare($sql);

            $stmt=bind_param("ss", $username, $password);
            $stmt->execute();
            $stmt->store_result();
            $num->$stmt->num_rows;
            $stmt->close();
            if($num>0){
                $_SESSION['username'] = $username;
                header("Location: homepage.php") ; die();
            } else {
                $message = "Invalid Username or Password!";
            }
    }
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Clinic Form</title>
<link href="css/1140.css" rel="stylesheet" type="text/css" />
<link href="css/style.css" rel="stylesheet" type="text/css" />
<link href="http://fonts.googleapis.com/css?family=Source+Sans+Pro:300" rel="stylesheet" type="text/css" />
</head>

<body>
<div class="container12">
  <header>
    <div class="row" align="center">
      <div class="column12"> <a href="index.php"><img src="images/logo.png"/></a> </div>
    </div>
  </header>
  <h1 id="home" align="center">Login</h1>
  <form action="" method="POST">
    <?php if(isset($message)) echo "<script type='text/javascript'>alert('$message');</script>" ?>
    <div class="alert">
      <?php if(isset($error_msg)) echo "<script type='text/javascript'>alert('$error_msg');</script>" ?>
    </div>
    <div class="column12" align="center">
      <div class="row">
        <input type="text" class="large-fld" name="username" value="" placeholder="Username"  />
      </div>
      <div class="row">
        <input type="password" class="large-fld" name="password" value="" placeholder="*****"  />
      </div>
      <div class="row">
        <input type="image" name="login" value="Login" src="images/btn.png" width="widthInPixels" height="heightInPixels" onMouseOver="this.src='images/rollOverBtn.png';" onMouseOut="this.src='images/btn.png';">
      </div>
    </div>
  </form>
</div>
</body>
</html>
  • 写回答

2条回答 默认 最新

  • dqe9657 2015-11-07 12:49
    关注

    Maybe it will help you, if you be more specific about your header. When I started I found this little peace of code and use it ever since.

    $hostname = $_SERVER["HTTP_HOST"];
$path = dirname($_SERVER["PHP_SELF"]);

header("Location: https://".$hostname.($path == "/" ? "" : $path)."/homepage.php");
die();

    But I have another question, where do you set your Session Variable $_SESSION["username"] ?

    EDIT:

    Ok, your code does this:

    You call homepage.php which includes global.php. Since there are no session variables set yet, global.php jumps into this part

    else
{
    session_destroy();
    header("location:index.php");
}

    Here you redirect to index.php. In index.php you include global.php again and exactly at this point your loop begins. So your global.php sends you to index.php in which global sends you to index.php and so on.

    On way is to simply remove the include of global.php at the very beginning of your index.php.

    Further you need to call

    $stmt->bind_param("ss", $username, $password);

    instead of

    $stmt=bind_param("ss", $username, $password);
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 linux驱动,linux应用,多线程
  • ¥20 我要一个分身加定位两个功能的安卓app
  • ¥15 基于FOC驱动器,如何实现卡丁车下坡无阻力的遛坡的效果
  • ¥15 IAR程序莫名变量多重定义
  • ¥15 (标签-UDP|关键词-client)
  • ¥15 关于库卡officelite无法与虚拟机通讯的问题
  • ¥15 目标检测项目无法读取视频
  • ¥15 GEO datasets中基因芯片数据仅仅提供了normalized signal如何进行差异分析
  • ¥100 求采集电商背景音乐的方法
  • ¥15 数学建模竞赛求指导帮助