重定向php页面成功登录

时间:2016-02-02 20:57:27

标签: php redirect

一位来自内心的非常好的人帮我制作了一张带有cookie的登录表单,它完美无缺。因此,当我登录时,我被重定向到home.php,我也可以在那里注销。但我不太确定。如果我有一个成功的登录,我想重定向到profile.php,而不是home.php?

最诚挚的问候 朱莉

的index.php:

    <?php
    $error='';
    if( !isset( $_SESSION ) ) session_start();

    if( !isset( $_SESSION['username'])) include('login.php'); 
    else exit( header('Location: home.php') ); 
?>
<!doctype html>
<html>
    <head>
        <meta charset='utf-8'>
        <title>PHP Login Form with Session</title>
        <link rel='stylesheet' href='style.css' type='text/css' />
    </head>
    <body>
        <h1>PHP Login Form with Session</h1>
        <div class='loginBox'>
            <h3>Login Form</h3>
            <br><br>
            <form method='post' action=''>
                <label>Username:</label><br>
                <input type='text' name='username' placeholder='username' /><br><br>
                <label>Password:</label><br>
                <input type='password' name='password' placeholder='password' /><br><br>
                <input type='submit' name='submit' value='Login' /> 
            </form>
            <div class='error'><?php echo $error;?></div>
        </div>
    </body>
</html>

的login.php:

    <?php
    /* login.php */

    if( !isset( $_SESSION ) ) session_start();
    include('dbconfic.inc.php' );

    $error = '';

    if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['submit'] ) ) {


        if( empty( $_POST['username'] ) || empty( $_POST['password'] ) ){

            $error = 'Both fields are required.';

        } else {

            /* 
                Use prepared statements - mitigates agsint sql injection.
                Use placeholders in the sql which are used by the `bind_param` statement
            */
            $sql='SELECT `uid` FROM `users` WHERE `username`=? AND md5( `password` )=? limit 1 ';
            $stmt=$db->prepare( $sql );
            if( !$stmt ) exit('Failed to prepare sql statement');
            /* 
                md5 is not recommended for password hashing as it is generally considered to be broken
                bind the variables to the placeholders & execute the sql
            */
            $username=$_POST['username']; 
            $password=md5( $_POST['password'] ); 

            $stmt->bind_param('ss', $username, $password ); 
            $res=$stmt->execute();


            /* bind the result of the query to a variable */
            $stmt->bind_result( $login_user );
            while( $stmt->fetch() ){
                /* go through recordset ( 1 record ) */
                $_SESSION['username'] = $login_user;
            }

            $stmt->close();
            $db->close();

            if( isset( $_SESSION['username'] ) ) exit( header( 'location: home.php' ) );
            else $error='Incorrect username or password.';
        }
    }
?>

home.php:

<?php
    /* home.php */
    if( !isset( $_SESSION ) ) session_start();
    if( !isset( $_SESSION['username'] ) ) exit( header('Location: index.php') );

?>
 <!doctype html>
<html>
    <head>
        <meta charset="utf-8">
        <title>Home</title>
        <link rel="stylesheet" href="style.css" type="text/css" />
    </head>

    <body>
        <h1 class="hello">Hello, <em><?php echo $_SESSION['username'];?>!</em></h1>
        <br><br><br>
        <a href="logout.php" style="font-size:18px">Logout?</a>
        <a href="test.php">test</a>
    </body>
</html>

1 个答案:

答案 0 :(得分:1)

它只对文件结构产生影响,否则对客户端来说没有问题。也可以使用我的index.php(也是我的主页面并登录个人资料页面)。

提示:请勿对密码使用md5加密。使用PHP 5.x密码哈希库。 MD5和SHA今天不安全。使用散列密码的Passwors_hashing libary是最安全的方法

相关问题
最新问题