我正在创建一个网店,我登录工作但我遇到了问题。我需要使用会话才能显示和隐藏某些页面。它是我网站后端的登录屏幕,所以它应该被保护并隐藏在不允许访问后端的人身上。我知道我需要在页面顶部开始一个会话,但那又是什么?我搜索了谷歌,但我无法找到可以应用于我的代码的解决方案。
<?php
session_start();
*my information*
// Create connection
$conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if(isset($_POST['submit'])) {
$uname = $_POST['username'];
$wwoord = $_POST['wachtwoord'];
$query = "SELECT * FROM Medewerkers WHERE medewerker_username='$uname' && medewerker_password='$wwoord'";
$result = mysqli_query($conn, $query);
if($result) {
$_SESSION['ingelogd'] = true;
echo"U bent ingelogd!";
header("location: index.php");
} else {
echo "Inloggegevens incorrect.";
}
}
?>
<html lang="en"><head>
<meta charset="UTF-8">
<title>Admin panel</title>
<link rel="stylesheet" type="text/css" href="tables.css">
</head>
<body>
<div id="content">
<ul>
<li><a href="index.php">Admin panel</a></li>
<li><a href="Medewerkersoverzicht.php">Medewerkersoverzicht</a></li>
<li><a href="addMedewerker.php">Medewerkers toevoegen</a></li>
<li><a href="Klantenoverzicht.php">Klantenoverzicht</a></li>
<li><a href="Productoverzicht.php">Productoverzicht</a></li>
<li><a href="addProduct.php">Product toevoegen</a></li>
<li><a href="reparatieOverzicht.php">Reparatieoverzicht</a></li>
<li><a href="contactoverzicht.php">Contactoverzicht</a></li>
</ul>
<h1>Admin login</h1>
<form role="form" method="post" action="index.php" class="contactForm">
<table>
<tr>
<td><label for="username">Username</label></td>
<td><input type="text" name="username" class="" id="username"> <br><br></td>
</tr>
<tr>
<td><label for="wachtwoord">Wachtwoord</label></td>
<td><input type="password" name="wachtwoord" class="" id="wachtwoord"><br><br></td>
</tr>
<tr>
<td><button type="submit" name="submit" class="button">Inloggen</button><br></td>
</tr>
</table>
</form>
</div>
</html>
答案 0 :(得分:1)
会话开始后,检查是否存在会话变量 - 如果已存在,则重定向用户。
<?php
if( !isset( $_SESSION ) ) session_start();
/* if the session already exists, redirect user */
if( isset( $_SESSION['ingelogd'] ) ) header("location: index.php");
/* don't echo content outwith the document body ~ other than suitable head content */
$msg='';
$conn = new mysqli( $dbhost, $dbuser, $dbpass, $dbname );
if ( $conn->connect_error ) die("Connection failed");/* don't reveal too much information about db ! */
if( isset( $_POST['submit'] ) ) {
$uname = $_POST['username'];
$wwoord = $_POST['wachtwoord'];
$query = "SELECT * FROM Medewerkers WHERE medewerker_username='$uname' && medewerker_password='$wwoord'";
/* best practise: don't mix OO & procedural code */
$result = $conn->query( $query );
if( $result ) {
$_SESSION['ingelogd'] = true;
header("location: index.php");
} else {
/* assign error message as a variable to echo later */
$msg="Inloggegevens incorrect.";
}
$conn->close();
}
?>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Admin panel</title>
<link rel="stylesheet" type="text/css" href="tables.css">
</head>
<body>
<div id="content">
<ul>
<li><a href="index.php">Admin panel</a></li>
<li><a href="Medewerkersoverzicht.php">Medewerkersoverzicht</a></li>
<li><a href="addMedewerker.php">Medewerkers toevoegen</a></li>
<li><a href="Klantenoverzicht.php">Klantenoverzicht</a></li>
<li><a href="Productoverzicht.php">Productoverzicht</a></li>
<li><a href="addProduct.php">Product toevoegen</a></li>
<li><a href="reparatieOverzicht.php">Reparatieoverzicht</a></li>
<li><a href="contactoverzicht.php">Contactoverzicht</a></li>
</ul>
<h1>Admin login</h1>
<?php
echo $msg;/* error message */
?>
<form role="form" method="post" action="index.php" class="contactForm">
<table>
<tr>
<td><label for="username">Username</label></td>
<td><input type="text" name="username" class="" id="username"><br><br></td>
</tr>
<tr>
<td><label for="wachtwoord">Wachtwoord</label></td>
<td><input type="password" name="wachtwoord" class="" id="wachtwoord"><br><br></td>
</tr>
<tr>
<td><button type="submit" name="submit" class="button">Inloggen</button><br></td>
</tr>
</table>
</form>
</div>
</body>
</html>
答案 1 :(得分:1)
将@Divyesh Savaliya的评论转换为代码。
<?php session_start(); ?>
<?php if(isset($_SESSION['ingelogd'])){ ?>
// ... the rest of your code in index.php
<?php } else {
header('location: login.php'); // if your login page is login.php
}?>
实际上,由于如果登录失败,您没有填写会话,最好在会话中存储有关用户的一些信息(例如用户名或用户ID),并使用isset
检查而不是存储会话中的布尔值。
你以后会想要这个值。