我终于有勇气建立一个用户登录系统,谁知道它有多长时间。我唯一的问题是,当我提交登录表单时,它会重新加载页面,并且表示我已登录,非常棒。
但是,如果我重新加载页面或转到另一个页面并返回原始页面,则会强制我再次登录。有人能帮忙吗?我在基本文件中有一个session_start(),它在数据库连接之前包含在所有其他页面文件中。
然后我为我的用户登录方面提供了以下代码,正如我所说,第一次工作,但之后任何其他交互将基本上将我注销。对此有何帮助?
登录并创建会话的用户页面...
请注意,这不是一个现场环境,所以现在安全性正在替补席上。但是我知道我将来需要采取一些安全措施。
// Check if the user is logged in or not
if((!empty($_SESSION['loggedin'])) && (!empty($_SESSION['username']))) {
$loggedin = true; // The user IS logged in
} else {
if(isset($_POST['login'])) {
// The login form has been submitted
if((empty($_POST['username'])) || (empty($_POST['password']))) {
// If either username or password fields are blank
$loginfail = true; // If the user could not be logged in
if(empty($_POST['username'])) { $nousername = true; }
if(empty($_POST['password'])) { $nopassword = true; }
} else {
// Username and password field were filled in okay
$username = $_POST['username'];
$password = $_POST['password'];
$checklogin = mysqli_query($sql, "SELECT * FROM users WHERE username = '$username' AND password = '$password'") or die($checklogin . "<br/>" . mysqli_error($sql));
if(mysqli_num_rows($checklogin) == 1) {
// If the login details match up, log them in
$loggedin = true; // The user IS NOT logged in
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = 1;
} else {
// If the login details don't match up, don't login
$loginfail = true; // If the user could not be logged in
}
}
}
}
谢谢!