PHP登录系统问题，可能的会话问题

Hi i have got a sample php login system script. Unfortunately when i enter correct login credentials, it refreshes and remains on the index.php prompting me to login again. My guess is that the seession may not be storing properly. Please Find the source code below:

index.php

<?php include "base.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  
<title>User Management System (Tom Cameron for NetTuts)</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>  
<body>  
<div id="main">
<?php
if(empty($_SESSION['LoggedIn']) && empty($_SESSION['Username']))
{
     ?>

    <h1>Member Area</h1>
     <p>Thanks for logging in! You are <b><?=$_SESSION['Username']?><b> and your email address is <b><?=$_SESSION['EmailAddress']?></b>.</p>

    <ul>
        <li><a href="logout.php">Logout.</a></li>
    </ul>

    <?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
     $username = mysql_real_escape_string($_POST['username']);
    $password = md5(mysql_real_escape_string($_POST['password']));

     $checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");

    if(mysql_num_rows($checklogin) == 1)
    {
         $row = mysql_fetch_array($checklogin);
        $email = $row['EmailAddress'];

        $_SESSION['Username'] = $username;
        $_SESSION['EmailAddress'] = $email;
        $_SESSION['LoggedIn'] = 1;

         echo "<h1>Success</h1>";
        echo "<p>We are now redirecting you to the member area.</p>";
        echo "<meta http-equiv='refresh' content='=2;index.php' />";
    }
    else
    {
         echo "<h1>Error</h1>";
        echo "<p>Sorry, your account could not be found. Please <a href=\"index.php\">click here to try again</a>.</p>";
    }
}
else
{
    ?>

   <h1>Member Login</h1>

   <p>Thanks for visiting! Please either login below, or <a href="register.php">click here to register</a>.</p>

    <form method="post" action="index.php" name="loginform" id="loginform">
    <fieldset>
        <label for="username">Username:</label><input type="text" name="username" id="username" /><br />
        <label for="password">Password:</label><input type="password" name="password" id="password" /><br />
        <input type="submit" name="login" id="login" value="Login" />
    </fieldset>
    </form>

   <?php
}
?>
</div>
</body>
</html>

<?php include "base.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">  
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  
<title>User Management System (Tom Cameron for NetTuts)</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>  
<body>  
<div id="main">
<?php
if(!empty($_POST['username']) && !empty($_POST['password']))
{
    $username = mysql_real_escape_string($_POST['username']);
    $password = md5(mysql_real_escape_string($_POST['password']));
    $email = mysql_real_escape_string($_POST['email']);

     $checkusername = mysql_query("SELECT * FROM users WHERE Username = '".$username."'");

     if(mysql_num_rows($checkusername) == 1)
     {
        echo "<h1>Error</h1>";
        echo "<p>Sorry, that username is taken. Please go back and try again.</p>";
     }
     else
     {
        $registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('".$username."', '".$password."', '".$email."')");
        if($registerquery)
        {
            echo "<h1>Success</h1>";
            echo "<p>Your account was successfully created. Please <a href=\"index.php\">click here to login</a>.</p>";
        }
        else
        {
            echo "<h1>Error</h1>";
            echo "<p>Sorry, your registration failed. Please go back and try again.</p>";    
        }       
     }
}
else
{
    ?>

   <h1>Register</h1>

   <p>Please enter your details below to register.</p>

    <form method="post" action="register.php" name="registerform" id="registerform">
    <fieldset>
        <label for="username">Username:</label><input type="text" name="username" id="username" /><br />
        <label for="password">Password:</label><input type="password" name="password" id="password" /><br />
        <label for="email">Email Address:</label><input type="text" name="email" id="email" /><br />
        <input type="submit" name="register" id="register" value="Register" />
    </fieldset>
    </form>

   <?php
}
?>
</div>
</body>
</html>

base.php

<?php
session_start();

$dbhost = "MY HOST"; // this will ususally be 'localhost', but can sometimes differ
$dbname = "MY DB"; // the name of the database that you are going to use for this project
$dbuser = "MY DB USER"; // the username that you created, or were given, to access your database
$dbpass = "MYPASSWORD"; // the password that you created, or were given, to access your database

mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());
mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());
?>

logout.php

<?php include "base.php"; $_SESSION = array(); session_destroy(); ?>
<meta http-equiv="refresh" content="0;index.php">

Please note that the registration is working correctly. its just that when i log in with the correct username and password its accepts but when refreshing asks me to login again. I would like for it to remain on the members area, until the logout is clicked.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dsorecdf78171 2014-03-18 16:57
关注
Your if condition (in your index.php file) checks if it's empty; that is wrong.

Try this:

if(isset($_SESSION['LoggedIn']) && isset($_SESSION['Username']))

or

if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))

instead of

if(empty($_SESSION['LoggedIn']) && empty($_SESSION['Username']))
解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

PHP：在TYPO3扩展中实例化前端用户会话 php
2018-01-14 22:04

回答 1 已采纳 Maybe this is an option, like done in the extension femanager: https://github.com/in2code-de/feman
在重定向后使用会话创建弹出消息将不起作用 javascript jquery php
2019-03-05 21:14

回答 1 已采纳 You need to make sure you're calling popupMessage() below where the HTML of the popup message is c
如何在laravel5中使用多个会话驱动程序 laravel php
2016-10-20 06:51

回答 1 已采纳 Here you may change the name of the cookie used to identify a session instance by ID. The name spe
使用PHPRPC实现Ajax安全登录第1/2页
2020-10-28 07:36

PHPRPC 是一个轻型的、安全的、跨网际的、跨语言的、跨平台的、跨环境的、跨域的、支持复杂对象传输的、支持引用参数传递的、支持内容输出重定向的、支持分级错误处理的、支持会话的、面向服务的高性能远程过程调用...
HTML表单按用户会话锁定 ajax html javascript jquery php
2016-09-13 08:45

回答 2 已采纳 I would recommend WebSockets. They provide real-time communication between connected clients to a
单击链接时设置会话变量 ajax javascript jquery php
2012-09-14 19:20

回答 4 已采纳 Is Ajax required? If your re-directing the user to another page & you simply want to pass some da
检查会话是否仍在运行的正确方法是什么？有哪些方法？ ajax javascript php
2015-05-11 17:50

回答 1 已采纳 To do this, all you need is an ajax request on loop and a php file to check the session. The Java
MagentoSessionAreaBug:演示 Magento 在会话、区域和早期事件方面的问题的模块
2021-06-23 14:01

MagentoSessionAreaBug 演示 Magento 在会话、区域和早期... 虽然看似无害，但这有效地结合了管理区域和前端区域会话 cookie，这将导致其他难以追踪的 Magento 问题（例如无法在不清除 cookie 的情况下登录后端区域）
AngularJS安全令牌与会话 javascript php
2015-07-09 20:55

回答 1 已采纳 The idea of using tokens is to allow for a server to be completely stateless. The server just prov
会话超时 - 以分钟为单位的结果[重复] javascript php
2017-08-21 05:01

回答 3 已采纳 Here's how I'd code it to be readable function CheckIdleTime() { _idleSecondsCounter++; v
需要一个Ajax调用来销毁会话 ajax javascript php
2014-06-04 09:07

回答 1 已采纳 You could change the logout href to /Logout.php, and in Logout.php have <?php session_start()
前端常见安全性问题
2022-04-22 23:07

她的双马尾的博客一、常见的安全性问题二、XXS攻击（Cross Site Scripting）（跨站脚本攻击）三、CSRF安全漏洞（跨站请求伪造）四、文件上传漏洞五、限制URL访问，越权访问六、不安全的加密存储七、SQL注入八、OS命令注入攻击...
如果javascript计时器正在运行，请防止会话超时 javascript php
2016-05-20 06:18

回答 1 已采纳 Throughout the timer session keep sending keepalive request every some minutes(preferred 2 to 5 mi
企业微信会话存档SDK（基于企业微信C版官方SDK封装）.zip
2024-03-20 12:51

包含前端、后端、移动开发、操作系统、人工智能、物联网、信息化管理、数据库、硬件开发、大数据、课程资源、音视频、网站开发等各种技术项目的源码。包括STM32、ESP8266、PHP、QT、Linux、iOS、C++、Java、python...
PHP中的会话控制
2018-10-01 14:51

一图了解PHP会话的主要内容，前端快速上手！！
没有解决我的问题, 去提问

悬赏问题

¥20 软件测试决策法疑问求解答
¥15 win11 23H2删除推荐的项目，支持注册表等
¥15 matlab 用yalmip搭建模型，cplex求解，线性化处理的方法
¥15 qt6.6.3 基于百度云的语音识别不会改
¥15 关于#目标检测#的问题：大概就是类似后台自动检测某下架商品的库存，在他监测到该商品上架并且可以购买的瞬间点击立即购买下单
¥15 神经网络怎么把隐含层变量融合到损失函数中？
¥15 lingo18勾选global solver求解使用的算法
¥15 全部备份安卓app数据包括密码，可以复制到另一手机上运行
¥20 测距传感器数据手册i2c
¥15 RPA正常跑，cmd输入cookies跑不出来

PHP登录系统问题，可能的会话问题

2条回答 默认 最新

悬赏问题

2条回答默认最新