PHP中的会话,登录脚本

时间:2011-12-30 21:21:11

标签: php html login web

为我的网站做一个简单的登录,希望让用户在一段时间内保持登录状态,脚本如下所示:

<?php 


/* $con make a connection with database */
mysql_connect("localhost","root",""); 

//select  database
mysql_select_db("blogass"); 

/* Below two commands will store the data in variables came from form input */
$username=$_POST['username'];
$password=$_POST['password'];


/* below two commands are sql injection which stops extra characters as input */
$user=mysql_real_escape_string($username);
$pass=mysql_real_escape_string($password);

$query=mysql_query("SELECT * FROM users where
username='$username' AND 
password='$password' "); 

$count=mysql_num_rows($query);
if($count==1) 
/* $count checks if username and password are in same row */
{ 
 echo "Login Successful";
 $hour = time() + 3600;  

}
else
{ 
echo "Username or password is incorrect";
}
?>

我无法安排会议,我知道这很简单,但我不能指责它!我希望它显示登录我的index.php页面的人,如果没有人登录,则显示要求用户登录/注册的消息。基本上我希望用户在他们在网站上的整个过程中保持登录状态。关于我做错了什么想法?

6 个答案:

答案 0 :(得分:1)

您需要在脚本顶部添加session_start()

然后,在成功登录后,设置,例如$_SESSION['user'] = array('login'=>'john', 'level'=>1);

然后,只需检查会话数组并相应地更改文本输出。

答案 1 :(得分:1)

用户名和密码验证后:

$query=mysql_query("SELECT * FROM users where username='$username' AND password='$password' "); 

$count=mysql_num_rows($query);
if($count==1) 
/* $count checks if username and password are in same row */
{ 
echo "Login Successful";
$hour = time() + 3600;  
                       <--- PUT HERE INSTRUCTION BELOW
}

当您验证他是否经过身份验证时,您应该将用户名存储在$ _SESSION变量中:

 $_SESSION['user'] = $username;

在所有其他页面的开头,您应该输入命令

session_start();

然后使用if语句检查是否设置了gloabal会话变量user:

<?php

if( isset($_SESSION['user'])){

?>

//HTML of page if user is authenticated

<?php

}else{

?>

//HTML of page if user is authenticated

<?php


}

?>

答案 2 :(得分:1)

首先,在文件调用session_start()的顶部,然后将所需的任何变量放在$_SESSION超全局的会话中。

例如,如果您想存储用户名,

 $_SESSION['username'] = $username;

然后在其他页面上再次致电session_start(),您就可以访问$_SESSION['username']

答案 3 :(得分:1)

您需要在需要访问或存储会话变量中的信息时使用session_start();。然后,您可以将会话变量分配给$_SESSION[]超全局。

然后您可以分配如下变量:

$_SESSION['variable_name'] = "You can use strings, numbers, booleans, etc here.";

查看PHP Manual on Sessions

答案 4 :(得分:1)

您可能需要按如下方式修改代码。

<?php 
/* $con make a connection with database */
mysql_connect("localhost","root",""); 

session_start();  //Add this.
//select  database
mysql_select_db("blogass"); 

/* Below two commands will store the data in variables came from form input */
$username=$_POST['username'];
$password=$_POST['password'];


/* below two commands are sql injection which stops extra characters as input */
$user=mysql_real_escape_string($username);
$pass=mysql_real_escape_string($password);

$query=mysql_query("SELECT * FROM users where
username='$username' AND 
password='$password' "); 

$count=mysql_num_rows($query);
if($count==1) 
/* $count checks if username and password are in same row */
{ 
     echo "Login Successful";
     $hour = time() + 3600;  
     $_SESSION['username'] = $username;  //Add this.

}
else
{ 
    echo "Username or password is incorrect";
}
?>

在PHP中,在PHP脚本中使用,销毁或取消设置会话之前,需要使用session_start()函数启动会话 first

答案 5 :(得分:1)

您可以将所有会话内容保存在数组中,如上面的代码所示,然后检查是否存在数组。

设置数组时:

 $_SESSION['user'] = array(
  'isAuth' => true,
  'login'  => 'john',
  'lname'  => 'Smith', etc etc

);

然后,检查每个页面上的会话var:

session_start(); //before headers are called
if(!isset($_SESSION['user']) || $_SESSION['user']['isAuth'] !== true){
  //redirect them to a login page
  header('Location: /login_page.php');
}

//auth content here...
相关问题
最新问题