我的登录页面login.php有以下代码:
<form method="post" action="confirmLoginCredentials.php">
<h2>LOGIN</h2>
<p>Username: <input type="text" name="username" /></p>
<p>Password: <input type="password" name="password" /></p>
<p><input type="submit" name="submit" value="Login" /></p>
</form>
提交后,它会重定向到confirmLoginCredentials.php,即:
<?php
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
require_once 'config.php';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$q = "SELECT first_name, last_name FROM users WHERE user_name = '$username' AND password = '$password'";
$result = $mysqli->query($q) or die(mysqli_error($mysqli));
if (!mysqli_num_rows($result) == 1) {
header("Location: login.php");
}
else {
setcookie('authorized', 1, 0);
header("Location: index.php");
}
?>
这很好用,如果用户已成功登录,它会将用户重定向到索引页面。如果用户尚未登录,如何将用户重定向到我网站中所有页面的login.php页面? (换句话说,如果用户没有登录,则用户无法访问我网站的内容)我应该在我网站的所有其他页面中添加哪些代码来执行此操作?
任何帮助将非常感谢!! 谢谢!!
答案 0 :(得分:5)
mysql_*
功能与mysqli_*
mysqli_* prepared statement
,这样您就不必转义每个变量,这是阻止SQL injections的更好方法。你的config.php:
<?php
$mysqli = new mysqli("DB_HOST", "DB_USER", "DB_PASSWORD", "DB_NAME"); /* REPLACE NECESSARY DATA INSIDE */
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
?>
您的confirmLoginCredentials.php:
<?php
session_start(); /* START THE SESSION */
include("config.php");
if($stmt = $mysqli->prepare("SELECT first_name, last_name FROM users WHERE user_name = ? AND password = ?")){
$stmt->bind_param("ss",$_POST["username"],$_POST["password"]); /* BIND VARIABLES TO YOUR QUERY */
$stmt->execute(); /* EXECUTE THE QUERY */
$stmt->store_result();
$result = $stmt->num_rows; /* STORE NUMBER OF ROWS */
$stmt->bind_result($firstname,$lastname); /* STORE THE RESULT */
$stmt->fetch(); /* FETCH THE RESULT */
$stmt->close(); /* CLOSE THE STATEMENT */
if($result == 1){ /* IF FOUND ONE */
$_SESSION["username"] = $firstname; /* STORE THE USERNAME INTO A SESSION VARIABLE */
header("LOCATION:index.php"); /* REDIRECT USER TO INDEX PAGE */
}
else { /* IF NO RESULT FOUND */
header("LOCATION:login.php"); /* REDIRECT USER TO LOGIN PAGE */
}
} /* END OF PREPARED STATEMENT */
?>
然后创建一个header.php以包含在您的所有页面中,不包括您的login.php:
<?php
session_start();
if(empty($_SESSION["username"])){ /* IF NO USERNAME REGISTERED TO THE SESSION VARIABLE */
header("LOCATION:login.php"); /* REDIRECT USER TO LOGIN PAGE */
}
?>
index.php中的示例:
<?php
include("header.php");
?>
<!-- YOUR INDEX PAGE -->
如果登录用户访问了您的登录页面,您可以将他/她重定向到索引页面,如下所示:
<?php
session_start();
if(!empty($_SESSION["username"])){ /* IF USERNAME IS ALREADY ASSIGNED ON SESSION VARIABLE */
header("LOCATION:index.php"); /* REDIRECT USER TO INDEX PAGE */
}
?>
<form method="post" action="confirmLoginCredentials.php">
<h2>LOGIN</h2>
<p>Username: <input type="text" name="username" /></p>
<p>Password: <input type="password" name="password" /></p>
<p><input type="submit" name="submit" value="Login" /></p>
</form>
对于您的logout.php,您可以使用unset()
,如下所示:
<?php
session_start();
unset($_SESSION["username"]);
header("LOCATION:login.php");
?>
session_start();
。答案 1 :(得分:1)
将它放在所有页面的顶部:
if ($_COOKIE['authorized'] != '1'){
header("Location: login.php");
exit();
}