1. 首頁
  2. 問答
  3. 頁面重定向,如果我輸入直接url和會話過期

頁面重定向,如果我輸入直接url和會話過期

2013-06-06 28 views
0

我正在創建一個受密碼保護的網頁。 所有工作正常,但我的問題是,每當用戶從我的網頁複製一個URL並粘貼另一個瀏覽器,然後該頁面顯示相同的數據(我有一些網頁和所有頁面顯示相關數據)。那不是我想要的。我想這是自動進入登錄頁面。我需要相同的會話過期腳本 我的代碼如下所示。頁面重定向,如果我輸入直接url和會話過期

<?php 



$host = ""; // Your host address to your  database on your server. Usually "localhost". Check with your hosting provider 
$user = ""; // Your username you set up for this database on your server 
$pass = ""; // Your password you set up for this database on your server 
$db = ""; // The database name that you will be connecting to 

// Connecting to the MySQL database 
mysql_connect($host, $user, $pass); 
mysql_select_db($db); 


if (isset($_POST['username'])) { 
    $username = $_POST['username']; 
    $password = $_POST['password']; 
    // Query to check to see if the username and password supplied match the database records 
    $sql = "SELECT * FROM users WHERE username='".$username."' AND  password='".$password."' LIMIT 1"; 
    $res = mysql_query($sql); 
    // If login information is correct 
    if (mysql_num_rows($res) == 1) 
    { 
    header('Location: done.php'); 

} 
    // If login information is invalid 
    else { 
    header('Location: error.php'); 

} 
} 

?>

謝謝!

來源

2013-06-06 technical

+0

第一個從不使用'mysql_ *它已經過時了。開始使用'mysqli_ *'。第二我沒有看到你的'session_start()'和'$ _SESSION ['username'] = $ username'是。沒有這些東西,你不能開始會議。 –

+0

你可以使用它的Cookie或者使用一些加密的會話票務服務... –

+0

首先,你的英語不能幫助你理解問題,而且你似乎需要使用會話對象,在某個地方啓動會話與session_start()和存儲登錄用戶的詳細信息,你可以用session_destroy()銷燬它,當你再次訪問該頁面,你必須檢查會話,如果沒有設置,那麼你可以重定向用戶登錄頁面 – Subash

回答

1

您需要爲此使用[Session] [1]。這裏就是一個例子。

用戶輸入登錄後不久憑據

if (valid credentials given) 
    { 
     session_start(); 
     $_SESSION['data'] = "some data"; 

    }

然後在每一個頁面,您需要使用這兩個語句。

session_start(); 
if($_SESSION['data'] is set and valid) { 
    // go to the page 
} 
else { 
    // go to login page 
}

我建議你去通過關於如何使用會話一個good tutorial

來源

2013-06-06 06:30:57 Vinay

0

你需要在你的頁面開始檢查繳費會話數據

<?PHP 
session_start(); 

if (!$_SESSION['is_logged_in'] || $_SESSION['expires'] < time()){ 
    header('Location: login.php'); 
    session_unset(); 
    session_destroy(); 
    exit; 
} 
else $_SESSION['expires'] = time() + 3600; //refresh the lifetime

然後你登錄時,你應該設置這些變量:

<?PHP 
//Never sent unchecked data to mysql server 
//creating md5 hashed to prevent from mysql injections 
$username = md5(strtolower($_POST['username'])); 
$password = md5($_POST['password']); 

$query = 'SELECT * FROM users WHERE MD5(LOWER(username)) = "'. $username .'" AND MD5(password) = "' . $password . '"'; 
[...] 
if (mysql_num_rows($res) === 1){ 
    $_SESSION['is_logged_in'] = true; 
    $_SESSION['expires'] = time() + 3600; // 3600 seconds session lifetime 
}

來源

2013-06-06 06:34:34 DaKirsche

0

試試這個:

<?php 
$host = ""; // Your host address to your  database on your server. Usually "localhost". Check with your hosting provider 
$user = ""; // Your username you set up for this database on your server 
$pass = ""; // Your password you set up for this database on your server 
$db = ""; // The database name that you will be connecting to 
// Connecting to the MySQL database 
mysql_connect($host, $user, $pass); 
mysql_select_db($db); 
if (isset($_POST['username'])) { 
    $username = $_POST['username']; 
    $password = $_POST['password']; 
    // Query to check to see if the username and password supplied match the database records 
    $sql  = "SELECT * FROM users WHERE username='" . $username . "' AND  password='" . $password . "' LIMIT 1"; 
    $res  = mysql_query($sql); 
    // If login information is correct 
    if (mysql_num_rows($res) == 1) { 
     // if user is valid then start session 
     if (session_id() == '') { 
      // session isn't started 
      session_start(); 
      $_SESSION['user'] = true; 
     } 
     header('Location: done.php'); 
     die(); 
    } 
    // If login information is invalid 
    else { 
     header('Location: error.php'); 
     die(); 
    } 
} 
// done.php 
if (session_id() == '') { 
    // session isn't started 
    session_start(); 
    if ($_SESSION['user']) { 
     // valid code 
    } else { 
     // redirect on login page 
     header('Location: login.php'); 
     die(); 
    } 
} 
?>

來源

2013-06-06 06:39:18

0

以下是在會話中存儲登錄信息的完整登錄系統的示例。嘗試這個!

登錄頁面

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> 
<tr> 
<form name="form1" method="post" action="checklogin.php"> 
<td> 
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> 
<tr> 
<td colspan="3"><strong>Member Login </strong></td> 
</tr> 
<tr> 
<td width="78">Username</td> 
<td width="6">:</td> 
<td width="294"><input name="myusername" type="text" id="myusername"></td> 
</tr> 
<tr> 
<td>Password</td> 
<td>:</td> 
<td><input name="mypassword" type="text" id="mypassword"></td> 
</tr> 
<tr> 
<td>&nbsp;</td> 
<td>&nbsp;</td> 
<td><input type="submit" name="Submit" value="Login"></td> 
</tr> 
</table> 
</td> 
</form> 
</tr> 
</table>

登錄檢查腳本

<?php 

$host="localhost"; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse. 
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB"); 

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection) 
$myusername = stripslashes($myusername); 
$mypassword = stripslashes($mypassword); 
$myusername = mysql_real_escape_string($myusername); 
$mypassword = mysql_real_escape_string($mypassword); 
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; 
$result=mysql_query($sql); 

// Mysql_num_row is counting table row 
$count=mysql_num_rows($result); 

// If result matched $myusername and $mypassword, table row must be 1 row 
if($count==1){ 

// Register $myusername, $mypassword and redirect to file "login_success.php" 
session_register("myusername"); 
session_register("mypassword"); 
header("location:login_success.php"); 
} 
else { 
echo "Wrong Username or Password"; 
} 
?>

成功頁

<?php 
session_start(); 
if(!session_is_registered(myusername)){ 
header("location:main_login.php"); 
} 
?> 

<html> 
<body> 
Login Successful 
</body> 
</html>

註銷腳本

<?php 
session_start(); 
session_destroy(); 
?>

來源

2013-06-06 06:43:34 webGautam

0

一個需要登錄的用戶,必須逐個檢查,用戶是否有足夠的權限每一頁(已登錄)。如果他沒有足夠的權限,則將其重定向到登錄頁面。

secretPage.php

session_start(); 

// is user not yet logged-in? 
if (!isset($_SESSION['userid'])) 
{ 
    // remember the requested url 
    $_SESSION['loginTarget'] = $_SERVER['PHP_SELF']; 

    // redirect to the login page 
    header('Location: login.php', true, 303); 
    exit; 
} 
else 
{ 
    // already logged in 
    echo 'hello user'; 
}

登錄。PHP

session_start(); 

// user submitted the login input? 
if ($_SERVER['REQUEST_METHOD'] === 'POST') 
{ 
    ... 
    // after checking username and login 
    if ($usernameAndPasswordAreCorrect) 
    { 
    // remember the logged-in user 
    $_SESSION['userid'] = $userId; 

    // redirect to the target page 
    header('Location: ' . $_SESSION['loginTarget'], true, 303); 
    exit; 
    } 
} 
...

該腳本僅解釋工作流程,而不是一個有效的解決方案爲例,它應該讓你開始。還有很多其他的事情要做,比如使用緩存密鑰派生函數(BCrypt),輸入驗證,防止SQL注入,設置一個deault登錄目標來散列密碼......

來源

2013-06-06 07:59:06 martinstoeckli

相關問題

 相關問題