表单提交表单会话将通过会话变量保存到变量中,我们可以检查。但当我检查出来时,它显示错误
<?php
include '../includes/config.php';
if(isset($_POST['submit']))
{
$email = $_POST['email'];
$pass = $_POST['password'];
$msg = "The email or password you entered is incorrect"; //error message
//email validation
if(empty($email) || empty($pass)){
echo $msg;
header ("refresh:5; url=index.php");
exit();
}
if(!preg_match('/@/',$email)){
echo $msg;
header ("refresh:5; url=index.php");
exit();
}
//search username and password from table users
$result = mysql_query("SELECT * FROM table_users");
$fetch = mysql_fetch_array($result);
if($email == $fetch['email'] && $pass == $fetch['pass']){
session_start();
$_SESSION['email'] = $result['email'];
$_SESSION['type'] = $result['type'];
header('refresh:2; url=../panel/index.php');
echo "Logged in..";
exit();
}
else
echo $msg;
header ("refresh:5; url=index.php");
}
else
{
header('Location:../index.php');
}
?>
这是管理员代码
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Hotel Administration</title>
<link rel="stylesheet" type="text/css" href="../../css/system.css" />
<?php
session_start();
if(!isset($_SESSION['email']))
{
die("The user must be logged in");
}
?>
</head>
<body>
我在管理页面检查会话时遇到问题..它说会话错误消息帮助我
答案 0 :(得分:-1)
SELECT * FROM table_users
这是一个非常糟糕的主意,猜猜在某个时间有~5k用户时会发生什么 做得更好
SELECT 1 FROM table_users WHERE username LIKE "$user" AND password = MD5("$password") LIMIT 1;
除此之外,我建议在其他地方使用花式块
if(!empty($fetch))
{
session_start();
$_SESSION['email'] = $result['email'];
$_SESSION['type'] = $result['type'];
header('refresh:2; url=../panel/index.php');
echo "Logged in..";
exit();
}
else
{
echo $msg;
header ("refresh:5; url=index.php");
}