如果用户尚未登录,如何将用户重定向到登录页面?

时间:2015-03-23 01:51:34

标签: php mysql redirect login mysqli

我的登录页面login.php有以下代码:

<form method="post" action="confirmLoginCredentials.php">
<h2>LOGIN</h2>
    <p>Username: <input type="text" name="username" /></p>
    <p>Password: <input type="password" name="password" /></p>
    <p><input type="submit" name="submit" value="Login" /></p>

</form>

提交后,它会重定向到confirmLoginCredentials.php,即:

 <?php

$username = mysql_real_escape_string($_POST['username']); 
$password = mysql_real_escape_string($_POST['password']);

require_once 'config.php';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$q = "SELECT first_name, last_name FROM users WHERE user_name = '$username' AND password = '$password'";

$result = $mysqli->query($q) or die(mysqli_error($mysqli));


if (!mysqli_num_rows($result) == 1) {
    header("Location: login.php");  
    }
else {
    setcookie('authorized', 1, 0);
    header("Location: index.php");
}

?>

这很好用,如果用户已成功登录,它会将用户重定向到索引页面。如果用户尚未登录,如何将用户重定向到我网站中所有页面的login.php页面? (换句话说,如果用户没有登录,则用户无法访问我网站的内容)我应该在我网站的所有其他页面中添加哪些代码来执行此操作?

任何帮助将非常感谢!! 谢谢!!

2 个答案:

答案 0 :(得分:5)

注意:

  • 您可以使用SESSION功能来实现目标
  • 请勿将mysql_*功能与mysqli_*
    • 混合使用
  • 最好使用mysqli_* prepared statement,这样您就不必转义每个变量,这是阻止SQL injections的更好方法。

你的config.php:

<?php

$mysqli = new mysqli("DB_HOST", "DB_USER", "DB_PASSWORD", "DB_NAME"); /* REPLACE NECESSARY DATA INSIDE */

/* check connection */
if (mysqli_connect_errno()) {
  printf("Connect failed: %s\n", mysqli_connect_error());
  exit();
}

?>

您的confirmLoginCredentials.php:

<?php

session_start(); /* START THE SESSION */

include("config.php");

if($stmt = $mysqli->prepare("SELECT first_name, last_name FROM users WHERE user_name = ? AND password = ?")){

  $stmt->bind_param("ss",$_POST["username"],$_POST["password"]); /* BIND VARIABLES TO YOUR QUERY */
  $stmt->execute(); /* EXECUTE THE QUERY */
  $stmt->store_result();
  $result = $stmt->num_rows; /* STORE NUMBER OF ROWS */
  $stmt->bind_result($firstname,$lastname); /* STORE THE RESULT */
  $stmt->fetch(); /* FETCH THE RESULT */
  $stmt->close(); /* CLOSE THE STATEMENT */

  if($result == 1){ /* IF FOUND ONE */
    $_SESSION["username"] = $firstname; /* STORE THE USERNAME INTO A SESSION VARIABLE */
    header("LOCATION:index.php"); /* REDIRECT USER TO INDEX PAGE */
  }
  else { /* IF NO RESULT FOUND */
    header("LOCATION:login.php"); /* REDIRECT USER TO LOGIN PAGE */
  }

} /* END OF PREPARED STATEMENT */

?>

然后创建一个header.php以包含在您的所有页面中,不包括您的login.php:

<?php
  session_start();
  if(empty($_SESSION["username"])){ /* IF NO USERNAME REGISTERED TO THE SESSION VARIABLE */
    header("LOCATION:login.php"); /* REDIRECT USER TO LOGIN PAGE */
  }
?>

index.php中的示例:

<?php
  include("header.php");
?>
<!-- YOUR INDEX PAGE -->

如果登录用户访问了您的登录页面,您可以将他/她重定向到索引页面,如下所示:

<?php
  session_start();
  if(!empty($_SESSION["username"])){ /* IF USERNAME IS ALREADY ASSIGNED ON SESSION VARIABLE */
    header("LOCATION:index.php"); /* REDIRECT USER TO INDEX PAGE */
  }
?>
<form method="post" action="confirmLoginCredentials.php">
<h2>LOGIN</h2>
    <p>Username: <input type="text" name="username" /></p>
    <p>Password: <input type="password" name="password" /></p>
    <p><input type="submit" name="submit" value="Login" /></p>
</form>

对于您的logout.php,您可以使用unset(),如下所示:

<?php
  session_start();
  unset($_SESSION["username"]);
  header("LOCATION:login.php");
?>

额外注意:

  • 如果您要使用会话变量或函数,则应在代码的开头加session_start();

答案 1 :(得分:1)

将它放在所有页面的顶部:

if ($_COOKIE['authorized'] != '1'){
    header("Location: login.php");
    exit();
}
相关问题
最新问题