如何在登录屏幕上使用会话?

时间:2016-02-11 09:58:37

标签: php html session login

我正在创建一个网店,我登录工作但我遇到了问题。我需要使用会话才能显示和隐藏某些页面。它是我网站后端的登录屏幕,所以它应该被保护并隐藏在不允许访问后端的人身上。我知道我需要在页面顶部开始一个会话,但那又是什么?我搜索了谷歌,但我无法找到可以应用于我的代码的解决方案。

<?php
session_start();

*my information*

// Create connection
$conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

if(isset($_POST['submit'])) {
$uname = $_POST['username'];
$wwoord = $_POST['wachtwoord'];
$query = "SELECT * FROM Medewerkers WHERE medewerker_username='$uname' && medewerker_password='$wwoord'";
$result = mysqli_query($conn, $query);

if($result) {
    $_SESSION['ingelogd'] = true;
    echo"U bent ingelogd!";
    header("location: index.php");

} else {
    echo "Inloggegevens incorrect.";
}
}
?>

<html lang="en"><head>
<meta charset="UTF-8">
<title>Admin panel</title>
<link rel="stylesheet" type="text/css" href="tables.css">
</head>
<body>
<div id="content">
<ul>
<li><a href="index.php">Admin panel</a></li>
<li><a href="Medewerkersoverzicht.php">Medewerkersoverzicht</a></li>
<li><a href="addMedewerker.php">Medewerkers toevoegen</a></li>
<li><a href="Klantenoverzicht.php">Klantenoverzicht</a></li>
<li><a href="Productoverzicht.php">Productoverzicht</a></li>
<li><a href="addProduct.php">Product toevoegen</a></li>
<li><a href="reparatieOverzicht.php">Reparatieoverzicht</a></li>
<li><a href="contactoverzicht.php">Contactoverzicht</a></li>
</ul>
<h1>Admin login</h1>
<form role="form" method="post" action="index.php" class="contactForm">
    <table>
        <tr>
            <td><label for="username">Username</label></td>
            <td><input type="text" name="username" class="" id="username">      <br><br></td>
        </tr>
        <tr>
            <td><label for="wachtwoord">Wachtwoord</label></td>
            <td><input type="password" name="wachtwoord" class=""    id="wachtwoord"><br><br></td>
        </tr>
        <tr>
            <td><button type="submit" name="submit" class="button">Inloggen</button><br></td>
        </tr>
    </table>
</form>
</div>
</html>

2 个答案:

答案 0 :(得分:1)

会话开始后,检查是否存在会话变量 - 如果已存在,则重定向用户。

<?php
if( !isset( $_SESSION ) ) session_start();

/* if the session already exists, redirect user */
if( isset( $_SESSION['ingelogd'] ) ) header("location: index.php");

/* don't echo content outwith the document body ~ other than suitable head content */

$msg='';
$conn = new mysqli( $dbhost, $dbuser, $dbpass, $dbname );
if ( $conn->connect_error ) die("Connection failed");/* don't reveal too much information about db ! */


if( isset( $_POST['submit'] ) ) {

    $uname = $_POST['username'];
    $wwoord = $_POST['wachtwoord'];
    $query = "SELECT * FROM Medewerkers WHERE medewerker_username='$uname' && medewerker_password='$wwoord'";

    /* best practise: don't mix OO & procedural code */
    $result = $conn->query( $query );

    if( $result ) {
        $_SESSION['ingelogd'] = true;
        header("location: index.php");
    } else {
        /* assign error message as a variable to echo later */
        $msg="Inloggegevens incorrect.";
    }
    $conn->close();
}
?>

<html lang="en">
    <head>
        <meta charset="UTF-8">
        <title>Admin panel</title>
        <link rel="stylesheet" type="text/css" href="tables.css">
    </head>
    <body>
        <div id="content">
            <ul>
                <li><a href="index.php">Admin panel</a></li>
                <li><a href="Medewerkersoverzicht.php">Medewerkersoverzicht</a></li>
                <li><a href="addMedewerker.php">Medewerkers toevoegen</a></li>
                <li><a href="Klantenoverzicht.php">Klantenoverzicht</a></li>
                <li><a href="Productoverzicht.php">Productoverzicht</a></li>
                <li><a href="addProduct.php">Product toevoegen</a></li>
                <li><a href="reparatieOverzicht.php">Reparatieoverzicht</a></li>
                <li><a href="contactoverzicht.php">Contactoverzicht</a></li>
            </ul>
            <h1>Admin login</h1>
            <?php
                echo $msg;/* error message */
            ?>
            <form role="form" method="post" action="index.php" class="contactForm">
                <table>
                    <tr>
                        <td><label for="username">Username</label></td>
                        <td><input type="text" name="username" class="" id="username"><br><br></td>
                    </tr>
                    <tr>
                        <td><label for="wachtwoord">Wachtwoord</label></td>
                        <td><input type="password" name="wachtwoord" class="" id="wachtwoord"><br><br></td>
                    </tr>
                    <tr>
                        <td><button type="submit" name="submit" class="button">Inloggen</button><br></td>
                    </tr>
                </table>
            </form>
        </div>
    </body>
</html>

答案 1 :(得分:1)

将@Divyesh Savaliya的评论转换为代码。

<?php session_start(); ?>
<?php if(isset($_SESSION['ingelogd'])){ ?>
// ... the rest of your code in index.php
<?php } else {
header('location: login.php'); // if your login page is login.php
}?>

实际上,由于如果登录失败,您没有填写会话,最好在会话中存储有关用户的一些信息(例如用户名或用户ID),并使用isset检查而不是存储会话中的布尔值。 你以后会想要这个值。

相关问题
最新问题