douyi6168
2016-01-31 10:42
浏览 38
已采纳

具有会话登录表单的Mysqli和Php保持失败

When I hit my submit button to login nothing happens. I am just getting the same page, and not even an error. The connection to db should be fine. I have been looking at the code for 10 hours now, and I cannot figure out why. Does anybody have an idea?

dbconfic.inc.php:

<?php
    $db_host = "localhost";
    $db_user = "root";
    $db_pass = "root";
    $db_name  = "testdb";
    // connection:
    $mysqli = new mysqli($db_host, $db_user, $db_pass , $db_name);
    // tjek conenction:
    if (mysqli_connect_errno()) {
        printf("Connect failed: %s
", mysqli_connect_error());
    }

    // vi kører utf-8 på connection:
    $mysqli->set_charset("utf-8");  
?>

index.php:

 <?php
include('login.php'); // Include Login Script

if(isset($_SESSION['username']))
{
header('Location: home.php');
}
exit();
?>

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>PHP Login Form with Session</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>

<body>
<h1>PHP Login Form with Session</h1>
<div class="loginBox">
<h3>Login Form</h3>
<br><br>
<form method="post" action="">
<label>Username:</label><br>
<input type="text" name="username" placeholder="username" /><br><br>
<label>Password:</label><br>
<input type="password" name="password" placeholder="password" />  <br><br>
<input type="submit" value="Login" /> 
</form>
<div class="error"><?php echo $error;?></div>
</div>
</body>
</html>

login.php:

<?php
session_start();
include("dbconfic.inc.php"); //Establishing connection with our database

$error = ""; //Variable for storing our errors.
if(isset($_POST["submit"]))
{
if(empty($_POST["username"]) || empty($_POST["password"]))
{
$error = "Both fields are required.";
}else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];

// To protect from MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);

//Check username and password from database
$sql="SELECT uid FROM users WHERE username='$username' and password='$password'";
$result=mysqli_query($db,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);

//If username and password exist in our database then create a session.
//Otherwise echo error.

if(mysqli_num_rows($result) == 1)
{
$_SESSION['username'] = $login_user; // Initializing Session
header("location: home.php"); // Redirecting To Other Page
}else
{
$error = "Incorrect username or password.";
}

}
}

?>

home.php:

   <?php
    include("check.php");   
?>
 <!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Home</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>

<body>
    <h1 class="hello">Hello, <em><?php echo $login_user;?>!</em></h1>
        <br><br><br>
    <a href="logout.php" style="font-size:18px">Logout?</a>
</body>
</html>

check.php:

<?php
include('dbconfic.inc.php');
session_start();
$user_check=$_SESSION['username'];

$sql = mysqli_query($db,"SELECT username FROM users WHERE username='$user_check' ");

$row=mysqli_fetch_array($sql,MYSQLI_ASSOC);

$login_user=$row['username'];

if(!isset($user_check))
{
header("Location: index.php");
}
?>

logout.php

<?php
session_start();
if(session_destroy())
{
header("Location: index.php");
}

?>
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • duandu8892 2016-01-31 11:21
    已采纳

    The index page seems more or less ok, a minor alteration to the use of isset and the inclusion of the login.php script.

    The check.php does an extra db lookup - you should be able just to use the session info to judge whether or not to redirect the user - so rather than echo $login_user in the html use $_SESSION['username']

    In the login.php script use prepared statements if possible to help mitigate against sql injection, and if possible avoid hashing passwords with md5!

    <?php
        $error='';
        if( !isset( $_SESSION ) ) session_start();
    
        if( !isset( $_SESSION['username'] ) ) include( login.php' );
        else exit( header('Location: home.php') );
    ?>
    <!doctype html>
    <html>
        <head>
            <meta charset='utf-8'>
            <title>PHP Login Form with Session</title>
            <link rel='stylesheet' href='style.css' type='text/css' />
        </head>
        <body>
            <h1>PHP Login Form with Session</h1>
            <div class='loginBox'>
                <h3>Login Form</h3>
                <br><br>
                <form method='post' action=''>
                    <label>Username:</label><br>
                    <input type='text' name='username' placeholder='username' /><br><br>
                    <label>Password:</label><br>
                    <input type='password' name='password' placeholder='password' /><br><br>
                    <input type='submit' name='submit' value='Login' /> 
                </form>
                <div class='error'><?php echo $error;?></div>
            </div>
        </body>
    </html>
    
    
    <?php
        /* login.php */
    
        $error = '';
    
        if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['submit'], $_POST['username'], $_POST['password'] ) ) {
    
    
            if( empty( $_POST['username'] ) || empty( $_POST['password'] ) ){
    
                $error = 'Both fields are required.';
    
            }else {
    
                /* 
                    Use prepared statements - mitigates agsint sql injection.
                    Use placeholders in the sql which are used by the `bind_param` statement
                */
                $sql='select `uid` from `users` where `u_username`=? and `password`=? limit 1';
                $stmt=$db->prepare( $sql );
                if( !$stmt ) exit('Failed to prepare sql statement');
                /* 
                    md5 is not recommended for password hashing as it is generally considered to be broken
                    bind the variables to the placeholders & execute the sql
                */
                $username=$_POST['username'];
                $password=md5( $_POST['password'];
                $stmt->bind_param('ss', $username, $password ) );
                $res=$stmt->execute();
    
    
                /* bind the result of the query to a variable */
                $stmt->bind_result( $login_user );
                while( $stmt->fetch() ){
                    /* go through recordset ( 1 record ) */
                    $_SESSION['username'] = $login_user;
                }
    
                $stmt->close();
                $db->close();
    
                if( isset( $_SESSION['username'] ) ) exit( header( 'location: home.php' ) );
                else $error='Incorrect username or password.';
            }
        }
    ?>
    
    
    
    <?php
        /* home.php */
        if( !isset( $_SESSION ) ) session_start();
        if( !isset( $_SESSION[ 'username' ] ) ) exit( header('Location: index.php') );
        #include("check.php");  /* serves no real purpose once session is set */ 
    ?>
     <!doctype html>
    <html>
        <head>
            <meta charset="utf-8">
            <title>Home</title>
            <link rel="stylesheet" href="style.css" type="text/css" />
        </head>
    
        <body>
            <h1 class="hello">Hello, <em><?php echo $_SESSION['username'];?>!</em></h1>
            <br><br><br>
            <a href="logout.php" style="font-size:18px">Logout?</a>
        </body>
    </html>
    
    点赞 打赏 评论
  • drv16821 2016-01-31 12:00

    Database:

    <?php
        $db_host = "localhost";
        $db_user = "root";
        $db_pass = "root";
        $db_name  = "testdb";
        // connection:
        $mysqli = new mysqli($db_host, $db_user, $db_pass , $db_name);
        // tjek conenction:
        if (mysqli_connect_errno()) {
            printf("Connect failed: %s
    ", mysqli_connect_error());
        }
    
        // vi kører utf-8 på connection:
        $mysqli->set_charset("utf-8");
    ?>
    

    Index:

    <?php
    session_start();
    if(isset($_SESSION['username']))
    {
    header('Location: home.php');
    }else{
      include('login.php');
    }
    ?>
    
    <!doctype html>
    <html>
    <head>
    <meta charset="utf-8">
    <title>PHP Login Form with Session</title>
    <link rel="stylesheet" href="style.css" type="text/css" />
    </head>
    
    <body>
    <h1>PHP Login Form with Session</h1>
    <div class="loginBox">
    <h3>Login Form</h3>
    <br><br>
    <form method="post" action="index.php">
    <label>Username:</label><br>
    <input type="text" name="username" placeholder="username" /><br><br>
    <label>Password:</label><br>
    <input type="password" name="password" placeholder="password" />  <br><br>
    <input type="submit" name="dologin" value="Login" /> 
    </form>
    <div class="error"><?php echo $error;?></div>
    </div>
    </body>
    </html>
    ?>
    

    Login:

    <?php
    include("dbconfic.inc.php"); //Establishing connection with our database
    
    $error = ""; //Variable for storing our errors.
    if(isset($_POST["dologin"]))
    {
    if(empty($_POST["username"]) || empty($_POST["password"]))
    {
    $error = "Both fields are required.";
    }else
    {
    // Define $username and $password
    $username=$_POST['username'];
    $password=$_POST['password'];
    
    // To protect from MySQL injection
    $username = stripslashes($username);
    $password = stripslashes($password);
    $username = mysqli_real_escape_string($db, $username);
    $password = mysqli_real_escape_string($db, $password);
    $password = md5($password);
    
    //Check username and password from database
    $sql="SELECT uid FROM users WHERE username='$username' and password='$password'";
    $result=mysqli_query($db,$sql);
    $row=mysqli_fetch_array($result,MYSQLI_ASSOC);
    
    //If username and password exist in our database then create a session.
    //Otherwise echo error.
    
    if(mysqli_num_rows($result) == 1)
    {
    $_SESSION['username'] = $login_user; // Initializing Session
    header("location: index.php"); // Redirecting To Other Page
    }else
    {
    $error = "Incorrect username or password.";
    }
    
    }
    }
    
    ?>
    

    HOME:

    <?php
        include("check.php");   
    ?>
     <!doctype html>
    <html>
    <head>
    <meta charset="utf-8">
    <title>Home</title>
    <link rel="stylesheet" href="style.css" type="text/css" />
    </head>
    
    <body>
        <h1 class="hello">Hello, <em><?php echo $login_user;?>!</em></h1>
            <br><br><br>
        <a href="logout.php" style="font-size:18px">Logout?</a>
    </body>
    </html>
    

    Check:

    <?php
    session_start();
    include('dbconfic.inc.php');
    $user_check=$_SESSION['username'];
    
    $sql = mysqli_query($db,"SELECT username FROM users WHERE username='$user_check' ");
    
    $row=mysqli_fetch_array($sql,MYSQLI_ASSOC);
    
    $login_user=$row['username'];
    
    if(!isset($user_check))
    {
    header("Location: index.php");
    }
    ?>
    
    点赞 打赏 评论

相关推荐 更多相似问题