2016-02-02 270 views
0

來自inhere的一個非常好的人幫助我製作了一個使用cookie的登錄表單,它的工作原理非常好。所以當我登錄時,我被重定向到home.php,我也可以註銷。但我不太確定一些事情。如果我有成功的登錄名,我想重定向到profile.php,而不是home.php?重定向php頁面成功登錄

問候 朱莉

的index.php:

<?php 
    $error=''; 
    if(!isset($_SESSION)) session_start(); 

    if(!isset($_SESSION['username'])) include('login.php'); 
    else exit(header('Location: home.php')); 
?> 
<!doctype html> 
<html> 
    <head> 
     <meta charset='utf-8'> 
     <title>PHP Login Form with Session</title> 
     <link rel='stylesheet' href='style.css' type='text/css' /> 
    </head> 
    <body> 
     <h1>PHP Login Form with Session</h1> 
     <div class='loginBox'> 
      <h3>Login Form</h3> 
      <br><br> 
      <form method='post' action=''> 
       <label>Username:</label><br> 
       <input type='text' name='username' placeholder='username' /><br><br> 
       <label>Password:</label><br> 
       <input type='password' name='password' placeholder='password' /><br><br> 
       <input type='submit' name='submit' value='Login' /> 
      </form> 
      <div class='error'><?php echo $error;?></div> 
     </div> 
    </body> 
</html> 

的login.php:

<?php 
    /* login.php */ 

    if(!isset($_SESSION)) session_start(); 
    include('dbconfic.inc.php'); 

    $error = ''; 

    if($_SERVER['REQUEST_METHOD']=='POST' && isset($_POST['submit'])) { 


     if(empty($_POST['username']) || empty($_POST['password'])){ 

      $error = 'Both fields are required.'; 

     } else { 

      /* 
       Use prepared statements - mitigates agsint sql injection. 
       Use placeholders in the sql which are used by the `bind_param` statement 
      */ 
      $sql='SELECT `uid` FROM `users` WHERE `username`=? AND md5(`password`)=? limit 1 '; 
      $stmt=$db->prepare($sql); 
      if(!$stmt) exit('Failed to prepare sql statement'); 
      /* 
       md5 is not recommended for password hashing as it is generally considered to be broken 
       bind the variables to the placeholders & execute the sql 
      */ 
      $username=$_POST['username']; 
      $password=md5($_POST['password']); 

      $stmt->bind_param('ss', $username, $password); 
      $res=$stmt->execute(); 


      /* bind the result of the query to a variable */ 
      $stmt->bind_result($login_user); 
      while($stmt->fetch()){ 
       /* go through recordset (1 record) */ 
       $_SESSION['username'] = $login_user; 
      } 

      $stmt->close(); 
      $db->close(); 

      if(isset($_SESSION['username'])) exit(header('location: home.php')); 
      else $error='Incorrect username or password.'; 
     } 
    } 
?> 

home.php:

<?php 
    /* home.php */ 
    if(!isset($_SESSION)) session_start(); 
    if(!isset($_SESSION['username'])) exit(header('Location: index.php')); 

?> 
<!doctype html> 
<html> 
    <head> 
     <meta charset="utf-8"> 
     <title>Home</title> 
     <link rel="stylesheet" href="style.css" type="text/css" /> 
    </head> 

    <body> 
     <h1 class="hello">Hello, <em><?php echo $_SESSION['username'];?>!</em></h1> 
     <br><br><br> 
     <a href="logout.php" style="font-size:18px">Logout?</a> 
     <a href="test.php">test</a> 
    </body> 
</html> 
+0

您是否嘗試在成功驗證後將標頭('Loacation:index.php')更改爲標頭('Location:profile.php')? – stubben

+0

謝謝你的答案。它在login.php上嗎? – Julie24

+0

現在有效。我試圖把代碼放在另一個項目中,所以它一定是其他地方的錯誤。我會更多地關注它。謝謝。但我是否也需要將index.php中的home.php更改爲profile.php? – Julie24

回答

1

它使只有differenc e在文件結構中,否則對於客戶端來說沒有問題。也可以用我的index.php(也是我的主頁和登錄個人資料頁面)來做到這一點。

提示:不要對密碼使用md5 encryttion。使用PHP 5.x密碼哈希庫。 MD5和SHA今天是不安全的。 Passwors_hashing libary是哈希密碼最安全的方式

+0

謝謝你的回答。我會試着去研究那個。你知道一個好的教程嗎? – Julie24

+0

是的,找到一個非常好的教程http://www.sitepoint.com/hashing-passwords-php-5-5-password-hashing-api/ –

+0

沒問題。會喜歡upvote –