这是登录login.php:
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
include 'includes/connect.php';
$username = mysqli_real_escape_string( $con, $username );
$query = "SELECT password, salt FROM member WHERE username = '$username';";
$result = mysqli_query( $con, $query );
if ( mysqli_num_rows( $result ) == 0 ) { // User not found. So, redirect to login_form again.
header('Location: login.html');
}
$userData = mysqli_fetch_array($result, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
if ( $hash != $userData['password'] ) {
header('Location: login.html');
} else { // Redirect to home page after successful login.
$_SESSION['username'] = $userData['username'];
header('Location: stats.php');
}
?>
这是stats.php的脚本
<?php
session_start();
if ( !isset( $_SESSION['username'] ) ) {
header("Location:register.html");
}
?>
我试图让这个页面只有你登录才能访问,但是任何人都可以访问stats.php。
答案 0 :(得分:0)
在您的注册页面中,添加:
<?php
session_start();
if ( isset( $_SESSION['username'] ) ) {
header("Location:stats.php");
}
?>