-2
在我的網頁,http://mackscript.netii.net/main_login.php 當我登錄,它讓我在錯誤的頁面, 我希望它讓我到與?nav_to 所以指定的頁面,我指定它爲?nav_to=shop.php。 但它重定向到login_success.php。記錄在得到我的錯頁
代碼爲checklogin.php main_login.php
<html>
<head>
<title>Please login</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php" style="color:#B3B3B3;">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" class="field" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" class="field" id="mypassword"></td>
</tr>
<tr>
<td><a href="insert.php">Register</a></td>
<td><input type="submit" name="Submit" class="but" value="Login"></td>
<td><a href="contact.php">Forgot pass?</a></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</body>
</html>
代碼(此檢查的登錄名和重定向)(詳細信息已被刪除)
<?php
ob_end_flush();
define('DEBUG', TRUE);
ob_start();
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$nav = $_GET['nav_to'];
$nav_to = (string)$nav;
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$mypass = md5($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypass'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypass and redirect to file "login_success.php"
$sql="SELECT credits FROM $tbl_name WHERE username='$myusername' and password='$mypass'";
$creds=mysql_query($sql);
$row = mysql_fetch_row($creds);
session_register("myusername");
session_register("mypass");
if(!empty($nav_to)){
header("location:$nav_to");
}
if(empty($nav_to)){
header("location:login_success.php?name=$myusername");
setcookie("valid", "true", time()+3600);
setcookie("creds", "$row[0]", time()+3600);
}
}else {
echo "Wrong Username or Password";
echo "<p><a href='main_login.php'>Back</a></p>";
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
</body>
</html>
請不要使用_已棄用的'mysql_'函數;改用PDO或'mysqli_'。 – akluth
您將表單發佈到''checklogin.php'',方法爲'POST''。然後從您獲取此''nav = $ _GET ['nav_to'];''? – devo
你在腳本中定義了
nav_to變量的位置?它的空,並因此去login_success.php–