我是PHP新手,我創建了一個登錄表單和主頁。我遵循教程中的說法,但是我一直將錯誤作爲「錯誤細節」提供,儘管我提供了正確的憑據。PHP - 登錄表
//登錄頁面
**Login.php**
<?php
session_start();
include_once 'database1.php';
if(isset($_SESSION['user'])!="")
{
header("Location: index1.php");
}
if(isset($_POST['login']))
{
$email = mysql_real_escape_string($_POST['email']);
$pass = mysql_real_escape_string($_POST['password']);
$result=mysql_query("SELECT * FROM users WHERE email='$email'");
$row=mysql_fetch_array($result);
if($row['password']==md5($pass))
{
$_SESSION['user'] = $row['number'];
header("Location: index1.php");
?>
<script> alert ('haii'); </script>
<?php
}
else
{
?>
<script>alert('wrong details');</script>
<?php
}
}
?>
<html>
<body>
<form method="post" >
<label><center>EMAIL</center> <input type="text" name="email" placeholder="Your Email" required /> </label> </br>
<label>PASSWORD <input type="password" name="password" placeholder="Your Password" required /></label> </br>
<button type="submit" name="login">login</button> </br>
</br>
</form>
</html>
//索引頁
**index1.php**
<?php
session_start();
include_once 'database1.php';
if(!isset($_SESSION['user']))
{
header("Location: login.php");
}
$result=mysql_query("SELECT * FROM users WHERE number=".$_SESSION['user']);
$userRow=mysql_fetch_array($result);
?>
<html>
<body>
<p> welcome </p>
</body>
</html>
你正在使用一箇舊的教程來做這個不安全的,請嘗試像這樣http://www.codingcage.com/2015/04/php-login-and-registration-script-with.html – cmorrissey
你能夠共享數據庫內容,因爲它是一個開發環境? –
行if(isset($ _ SESSION ['user'])!=「」)'看起來像是從兩個不同的來源複製和粘貼代碼。它應該是'if(isset($ _ SESSION ['user']))',但我更喜歡使用'if(!empty($ _ SESSION ['user']))' – kainaw