來自inhere的一個非常好的人幫助我製作了一個使用cookie的登錄表單,它的工作原理非常好。所以當我登錄時,我被重定向到home.php,我也可以註銷。但我不太確定一些事情。如果我有成功的登錄名,我想重定向到profile.php,而不是home.php?重定向php頁面成功登錄
問候 朱莉
的index.php:
<?php
$error='';
if(!isset($_SESSION)) session_start();
if(!isset($_SESSION['username'])) include('login.php');
else exit(header('Location: home.php'));
?>
<!doctype html>
<html>
<head>
<meta charset='utf-8'>
<title>PHP Login Form with Session</title>
<link rel='stylesheet' href='style.css' type='text/css' />
</head>
<body>
<h1>PHP Login Form with Session</h1>
<div class='loginBox'>
<h3>Login Form</h3>
<br><br>
<form method='post' action=''>
<label>Username:</label><br>
<input type='text' name='username' placeholder='username' /><br><br>
<label>Password:</label><br>
<input type='password' name='password' placeholder='password' /><br><br>
<input type='submit' name='submit' value='Login' />
</form>
<div class='error'><?php echo $error;?></div>
</div>
</body>
</html>
的login.php:
<?php
/* login.php */
if(!isset($_SESSION)) session_start();
include('dbconfic.inc.php');
$error = '';
if($_SERVER['REQUEST_METHOD']=='POST' && isset($_POST['submit'])) {
if(empty($_POST['username']) || empty($_POST['password'])){
$error = 'Both fields are required.';
} else {
/*
Use prepared statements - mitigates agsint sql injection.
Use placeholders in the sql which are used by the `bind_param` statement
*/
$sql='SELECT `uid` FROM `users` WHERE `username`=? AND md5(`password`)=? limit 1 ';
$stmt=$db->prepare($sql);
if(!$stmt) exit('Failed to prepare sql statement');
/*
md5 is not recommended for password hashing as it is generally considered to be broken
bind the variables to the placeholders & execute the sql
*/
$username=$_POST['username'];
$password=md5($_POST['password']);
$stmt->bind_param('ss', $username, $password);
$res=$stmt->execute();
/* bind the result of the query to a variable */
$stmt->bind_result($login_user);
while($stmt->fetch()){
/* go through recordset (1 record) */
$_SESSION['username'] = $login_user;
}
$stmt->close();
$db->close();
if(isset($_SESSION['username'])) exit(header('location: home.php'));
else $error='Incorrect username or password.';
}
}
?>
home.php:
<?php
/* home.php */
if(!isset($_SESSION)) session_start();
if(!isset($_SESSION['username'])) exit(header('Location: index.php'));
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Home</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<h1 class="hello">Hello, <em><?php echo $_SESSION['username'];?>!</em></h1>
<br><br><br>
<a href="logout.php" style="font-size:18px">Logout?</a>
<a href="test.php">test</a>
</body>
</html>
您是否嘗試在成功驗證後將標頭('Loacation:index.php')更改爲標頭('Location:profile.php')? – stubben
謝謝你的答案。它在login.php上嗎? – Julie24
現在有效。我試圖把代碼放在另一個項目中,所以它一定是其他地方的錯誤。我會更多地關注它。謝謝。但我是否也需要將index.php中的home.php更改爲profile.php? – Julie24