0
當用戶登錄到我的網站的login.php檢查,如果他們有正確的用戶名密碼,或者如果他們是管理員:保持一個用戶登錄,而他們瀏覽網站
session_start();
$username = '';
$password = '';
$dbusername = '';
$dbpassword = '';
if (isset($_POST['Email']) && isset($_POST['Password']))
{
$username = $_POST['Email'];
$password = md5($_POST['Password']);
$query = mysql_query("SELECT * FROM member WHERE Email ='$username' AND Password='$password'");
$numrow = mysql_num_rows ($query);
// user login
if ($numrow!=0)
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['Email'];
$dbpassword = $row['Password'];
}
//Check to see if they match
if ($username==$dbusername&&$password==$dbpassword)
{
header("Location: member.php");
$_SESSION ['Email']=$username;
}
}
else
{
// admin login
$query2 = mysql_query("SELECT * FROM admin WHERE Email ='$username' AND Password ='$password'");
$numrow2 = mysql_num_rows ($query2);
if ($numrow2!=0)
{
while ($row = mysql_fetch_assoc($query2))
{
$dbusername = $row['Email'];
$dbpassword = $row['Password'];
}
//Check to see if they match
if ($username==$dbusername&&$password==$dbpassword)
{
header("Location: admin.php");
$_SESSION ['Email']=$username;
}
else{
echo "Incorrect password";
}
}
else{
if ($username!=$dbusername&&$password!=$dbpassword)
{die("That user does not exist!");
}
}
}
}
他們將被重定向到成員。 PHP(以下相關的代碼)
session_start();
If (logged_in() === true)//Email
echo "Welcome, ".$_SESSION['Email']. "!<br><ahref='logout.php'>Logout</a>";
else
die ("You must be logged in");
這一切工作正常,在用戶登錄並在頁面頂部的用戶名顯示,但如果用戶返回到網站上的網頁或任何其他網頁他們不再登錄。完全困惑於如何做到這一點,任何幫助將是gre在。
作爲一個方面說明,一個'''在電子郵件字段中輸入可能導致SQL注入之前設置會話變量。 – 2013-03-25 22:51:15
@JoachimIsaksson只有'Email'字段。 '密碼'是md5哈希 – Phil 2013-03-25 22:52:09
請閱讀這個關於MySQL擴展http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php#answer-12860140 – Phil 2013-03-25 22:52:45