一位来自内心的非常好的人帮我制作了一张带有cookie的登录表单,它完美无缺。因此,当我登录时,我被重定向到home.php,我也可以在那里注销。但我不太确定。如果我有一个成功的登录,我想重定向到profile.php,而不是home.php?
最诚挚的问候 朱莉
的index.php:
<?php
$error='';
if( !isset( $_SESSION ) ) session_start();
if( !isset( $_SESSION['username'])) include('login.php');
else exit( header('Location: home.php') );
?>
<!doctype html>
<html>
<head>
<meta charset='utf-8'>
<title>PHP Login Form with Session</title>
<link rel='stylesheet' href='style.css' type='text/css' />
</head>
<body>
<h1>PHP Login Form with Session</h1>
<div class='loginBox'>
<h3>Login Form</h3>
<br><br>
<form method='post' action=''>
<label>Username:</label><br>
<input type='text' name='username' placeholder='username' /><br><br>
<label>Password:</label><br>
<input type='password' name='password' placeholder='password' /><br><br>
<input type='submit' name='submit' value='Login' />
</form>
<div class='error'><?php echo $error;?></div>
</div>
</body>
</html>
的login.php:
<?php
/* login.php */
if( !isset( $_SESSION ) ) session_start();
include('dbconfic.inc.php' );
$error = '';
if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['submit'] ) ) {
if( empty( $_POST['username'] ) || empty( $_POST['password'] ) ){
$error = 'Both fields are required.';
} else {
/*
Use prepared statements - mitigates agsint sql injection.
Use placeholders in the sql which are used by the `bind_param` statement
*/
$sql='SELECT `uid` FROM `users` WHERE `username`=? AND md5( `password` )=? limit 1 ';
$stmt=$db->prepare( $sql );
if( !$stmt ) exit('Failed to prepare sql statement');
/*
md5 is not recommended for password hashing as it is generally considered to be broken
bind the variables to the placeholders & execute the sql
*/
$username=$_POST['username'];
$password=md5( $_POST['password'] );
$stmt->bind_param('ss', $username, $password );
$res=$stmt->execute();
/* bind the result of the query to a variable */
$stmt->bind_result( $login_user );
while( $stmt->fetch() ){
/* go through recordset ( 1 record ) */
$_SESSION['username'] = $login_user;
}
$stmt->close();
$db->close();
if( isset( $_SESSION['username'] ) ) exit( header( 'location: home.php' ) );
else $error='Incorrect username or password.';
}
}
?>
home.php:
<?php
/* home.php */
if( !isset( $_SESSION ) ) session_start();
if( !isset( $_SESSION['username'] ) ) exit( header('Location: index.php') );
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Home</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<h1 class="hello">Hello, <em><?php echo $_SESSION['username'];?>!</em></h1>
<br><br><br>
<a href="logout.php" style="font-size:18px">Logout?</a>
<a href="test.php">test</a>
</body>
</html>
答案 0 :(得分:1)
它只对文件结构产生影响,否则对客户端来说没有问题。也可以使用我的index.php(也是我的主页面并登录个人资料页面)。
提示:请勿对密码使用md5加密。使用PHP 5.x密码哈希库。 MD5和SHA今天不安全。使用散列密码的Passwors_hashing libary是最安全的方法