1. 首頁
  2. 問答
  3. 管理頁面會話中的可變錯誤

管理頁面會話中的可變錯誤

2016-02-05 33 views
0

我正在爲網站創建登錄。我可以得到下面的代碼工作:它讓我登錄!然而,我無法開始工作:人們仍然可以通過URL訪問我的頁面。管理頁面會話中的可變錯誤

登錄PHP:

<?php 
    //calling connection to database 
    include "connection.php"; 
    //if user posts for called login 
    if(isset($_POST['login'])){ 
     //declaring variables for user input and using escape string to protect php scripts 
     $user = mysqli_real_escape_string($dbconn,$_POST['user']); 
     $pass = mysqli_real_escape_string($dbconn,$_POST['pass']); 
     //select from users table where user input matches un and pw 
     $sel_user = "SELECT * from users where un='$user' AND pw='$pass'"; 
     //put content held in sel_user into variable run_user 
     $run_user = mysqli_query($dbconn, $sel_user); 
     //use run_user counting rows and save in check_user 
     $check_user = mysqli_num_rows($run_user); 
     //if content row numbers greater than 0 
     if($check_user>0){ 
      //session where un is equal to user input stored in $user 
      $_SESSION['username']=$user; 
      //display admin main page 
      header('Location: ../adminmain.php'); 
     } 
     else { 
      //display log in error page 
      header('Location: ../loginerror.php'); 
     } 
    } 
    //close database connection 
    mysqli_close($dbconn); 
?>

啓動會話代碼,表示不確定的變量:

<?php 
    include"includes/loginrequiredb.php"; 
    if($_SESSION['username'] !=$user){ 
     session_destroy(); 
     header("Location: view.php"); 
     die(); 
    }else 
    { 
     echo "welcome to the site you have logged in" . $_SESSION['username']; 
    } 
?>

來源

2016-02-05 user3324653

+0

你忘了'session_start()'。 –

+0

session_start();在這兩個文件? – devpro

+0

我添加了會話開始,並獲得:注意:未定義的索引:用戶名在C:\ xampp1 \ htdocs \ CRICThelpdesk \ adminmain.php在線4 注意:未定義變量:用戶在C:\ xampp1 \ htdocs \ CRICThelpdesk \ adminmain。在線PHP 4 注意:未定義指數:用C用戶名:\ xampp1 \ htdocs中\ CRICThelpdesk \ adminmain.php上線10 歡迎您在這兩個文件記錄在 – user3324653

回答

1

,而無需啓動會話,你不能從$_SESSION得到的值。

你只需要在這兩個文件來啓動會話:

session_start();

請注意,您需要start_session()僅在短短的歡迎文件這兩個文件。

旁註

我建議也使用isset()檢查或者值設置與否。

來源

2016-02-05 17:35:03 devpro

0

用session_start啓動會話並在adminmain.php頁面添加會話驗證文件。

<?php 

//calling connection to database 
include "connection.php"; 
@session_start(); 
//session 
//if user posts for called login 
if(isset($_POST['login'])){ 
    //declaring variables for user input and using escape string to protect php scripts 
    $user = mysqli_real_escape_string($dbconn,$_POST['user']); 
    $pass = mysqli_real_escape_string($dbconn,$_POST['pass']); 
    //select from users table where user input matches un and pw 
    $sel_user = "SELECT * from users where un='$user' AND pw='$pass'"; 
    //put content held in sel_user into variable run_user 
    $run_user = mysqli_query($dbconn, $sel_user); 
    //use run_user counting rows and save in check_user 
    $check_user = mysqli_num_rows($run_user); 
    //if content row numbers greater than 0 
    if($check_user>0){ 
     //session where un is equal to user input stored in $user 
     $_SESSION['username']=$user; 
     //display admin main page 
     header('Location: ../adminmain.php'); 
    } 
    else { 
     //display log in error page 
     header('Location: ../loginerror.php'); 
    } 
} 
//close database connection 
mysqli_close($dbconn); 
?> 




##### file verify.php ##### 
<?php @session_start(); 

    if (@$_SESSION['username']!=$user) { 
    header ("location: index.php"); 
    exit; 
    } 
?>

來源

2016-02-05 17:36:28 denis

+0

感謝您的評論denis我修正了但仍然說 - 未定義的索引:用戶名在C:\ xampp1 \ htdocs \ CRICThelpdesk \ adminmain.php在第4行和未定義的變量:用戶在C:\ xampp1 \ htdocs \ CRICThelpdesk \ adminmain.php在線4 – user3324653

+0

讓我們來看看......在之前添加一個@:$ user – denis

+0

嘗試session_start();下面的connection.php也 – denis

相關問題

 相關問題