检查登录状态并保存登录会话(PHP)

时间:2013-07-30 07:09:02

标签: php login-script

我正在使用登录系统,每当用户尝试访问未授权的页面时 那么他应该在登录页面上返回登录,我该怎么办呢

以下是我的登录脚本

<?php

session_start();
$host="localhost"; // Host name 
$db_username="root"; // Mysql username 
$db_password=""; // Mysql password 
$db_name="designshop"; // Database name 
$tbl_name="member"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$db_username", "$db_password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$member_username=$_POST['member_username']; 
$password=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$member_username = stripslashes($member_username);
$password = stripslashes($password);
$member_username = mysql_real_escape_string($member_username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE member_username='$member_username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['member_username']=$_POST['member_username'];
$_SESSION['password']=$_POST['password'];

header("location:login_success.php");
}
else {
header("location:try_again.html");
}
?>

4 个答案:

答案 0 :(得分:1)

您所要做的就是检查$_SESSION['member_username']的存在(和非空虚)。如果已设置,则表示您的用户已登录,因此无需重新登录。

注意:

  • 无需在会话中存储用户的密码:事实上,最好不要使用。
  • 您通过MySQL进行身份验证,这意味着您以明文形式存储密码:这是一种不好的做法。最好只根据username从数据库中检索passwordusername,并在PHP代码中进行比较:例如,这将允许您存储sha1密码。

答案 1 :(得分:0)

将它放在session_start() ...

下面的顶部 
   if(!empty($_SESSION['member_username'])){header("location: login_success.php");}

像这样... 

session_start();

 if(!empty($_SESSION['member_username'])){
 header("location: login_success.php");}

 $host="localhost"; // Host name 
 $db_username="root"; // Mysql username 
 $db_password=""; // Mysql password 
 //REST OF CODE

答案 2 :(得分:0)

使用session_start()启动代码并检查是否有任何用户尝试访问该页面时设置会话,如果设置了会话,则重定向到该页面,否则重定向到登录页面

您可以使用isset()

进行检查

答案 3 :(得分:0)

按照此代码... 

 <?php session_start();
    include('conn.php');
    $Name = $_POST['login_id'];
    $Pass = $_POST['password'];
    $select="select * from admin_login where admin_name='$Name' AND admin_pwd='$Pass'";
    $query=mysql_query($select) or die($select);
    $rows=mysql_fetch_array($query);
    $row=mysql_num_rows($query);


    if($row != 0)
    {
        $_SESSION['admin_name']=$rows['admin_name'];
        echo "<script>window.location.href='index.php'</script>";

    }else
    {
        $message = 'Invalid Username Or Password';
         echo '<script type="text/javascript">alert("'.$message.'")</script>'; 
        echo "<script>window.location.href='login.php'</script>";

    }
    ?>

将此代码放在每页的顶部

<?php session_start();
if(isset($_SESSION["admin_name"])=='') print('<script>window.location.href="login.php"</script>');
相关问题
最新问题