在本站的幫助下,我有一個登錄腳本,現在可以工作。問題是我想限制的頁面不限制訪問,當我在沒有登錄的情況下訪問頁面時,仍然允許我訪問該頁面。我對PHP很新,所以你的幫助和評論是非常感謝。如果用戶登錄,我的受限PHP頁面不限制訪問
這個頁面的代碼是
<?php require_once('../Connections/PropSuite.php'); ?>
<?php
error_reporting(E_ALL & ~E_NOTICE);
ini_set('display_errors', TRUE);
ini_set('display_startup_errors', TRUE);
function isLoggedIn()
{
if(isset($_SESSION['valid']) && $_SESSION['valid'])
return true;
return false;
}
session_start();
//if the user has not logged in
if(!isLoggedIn())
{
header('Location: http://localhost/PropSuite/index.php');
die();
}
?>
並在日誌中的腳本代碼。
<?php
function validateUser()
{
session_regenerate_id(); //this is a security measure
$_SESSION['valid'] = 1;
$_SESSION['userid'] = $userid;
}
?>
<?php
ob_start(); // Start output buffering
error_reporting(E_ALL & ~E_NOTICE);
ini_set('display_errors', TRUE);
ini_set('display_startup_errors', TRUE);
session_start(); //must call session_start before using any $_SESSION variables
$username = isset($_POST['username'])?$_POST['username']:'';
$password = isset($_POST['password'])?$_POST['password']:'';
//connect to the database here
$hostname_PropSuite = "localhost";
$database_PropSuite = "propsuite";
$username_PropSuite = "root";
$password_PropSuite = "root";
$PropSuite = mysql_pconnect($hostname_PropSuite, $username_PropSuite, $password_PropSuite) or trigger_error(mysql_error(),E_USER_ERROR);
mysql_select_db($database_PropSuite, $PropSuite);
$username = mysql_real_escape_string($username);
$query = "SELECT password, salt FROM admin_users WHERE username = '$username';";
$result = mysql_query($query) or die(mysql_error());
if(mysql_num_rows($result) < 1) //no such user exists
{
header('Location: http://localhost/PropSuite/index.php?login=fail');
die();
}
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $password));
if($hash != $userData['password']) //incorrect password
{
header('Location: http://localhost/PropSuite/index.php?login=fail');
die();
}
else
{
validateUser(); //sets the session data for this user
}
//redirect to another page or display "login success" message
header('Location: http://localhost/PropSuite/main');
die()
//redirect to another page or display "login success" message
?>
再次感謝您的幫助和MODS,我很抱歉如果我發佈類似的問題。
製作一個單獨的腳本,只有 'session_start(); print_r($ _ SESSION);' 你可以看到'$ _SESSION'裏面實際是什麼 – Jarry
感謝你的提示,這裏有Array([foo] => bar [valid] => 1 [userid] => ) 有任何想法嗎? – AppleTattooGuy
使用'mysql_num_rows($ result)!= 1'確保它只有一個用戶使用你正在談論的用戶名。 –