我在PHP中新,我試圖寫一個註冊腳本。我的問題是,當我嘗試登錄時,無法看到用戶的菜單。也許問題出在會話和cookies上,但我找不到它。這裏是我的代碼部分:PHP,登錄腳本
的config.php
<?php
oB_start();
$con = mysql_connect("localhost","root","123");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("9gag", $con);
$logged = MYSQL_QUERY("SELECT * from users WHERE id='$_COOKIE[id]' AND password = '$_COOKIE[password]'");
$logged = mysql_fetch_array($logged);
?>
的login.php
<?php
oB_start();
include("config.php");
if (!$logged[username]) {
if (!$_POST[login]) {
echo("<center><form method=\"POST\">
<table>
<tr>
<td align=\"right\">
User: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\">
</td>
</tr>
<tr>
<td align=\"right\">
Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\">
</td></tr><tr>
<td align=\"center\">
<input type=\"submit\" name=\"login\" value=\"Sign in\">
</td></tr><tr>
<td align=\"center\">
<a href=\"register.php\">Sign up</a>
</td></tr></table></form></center>");
}
if ($_POST[login]) {
$username = $_POST[username];
$password = $_POST[password];
$info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($info);
if($data['PASSWORD'] != $password) {
echo "Wrong username or password!";
}else{
$query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$user = mysql_fetch_array($query);
setcookie("id", $user['ID'],time()+(60*60*24*5), "/", "");
setcookie("password", $user['PASSWORD'],time()+(60*60*24*5), "/", "");
}
}
}
else {
echo ("<center>Welcome <b>$logged[username]</b><br /></center>
<a href=\"editprofile.php\">Profile</a><br />
<a href=\"logout.php\">Log out</a>");
}
?>
沒有爲登錄使用cookies。他們不安全。你應該使用會話變量。 – Jon 2012-03-09 20:58:15
嘗試'的print_r($登錄)',它可以幫助發現問題,我的意思是 - 它可以查詢... – 2012-03-09 21:00:23
這麼多的地方開始...... *抽搐* ...注射之間,使用的常量數組鍵,巨大的HTML回聲,甚至只是''