2012-03-09 401 views
-1

我在PHP中新,我試圖寫一個註冊腳本。我的問題是,當我嘗試登錄時,無法看到用戶的菜單。也許問題出在會話和cookies上,但我找不到它。這裏是我的代碼部分:PHP,登錄腳本

的config.php

<?php 
    oB_start(); 
    $con = mysql_connect("localhost","root","123"); 
    if (!$con) { 
    die('Could not connect: ' . mysql_error()); 
    } 
    mysql_select_db("9gag", $con); 
    $logged = MYSQL_QUERY("SELECT * from users WHERE id='$_COOKIE[id]' AND password = '$_COOKIE[password]'"); 
    $logged = mysql_fetch_array($logged); 
?> 

的login.php

<?php 
    oB_start(); 
    include("config.php"); 
    if (!$logged[username]) { 
    if (!$_POST[login]) { 
     echo("<center><form method=\"POST\"> 
      <table> 
      <tr> 
      <td align=\"right\"> 
      User: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\"> 
      </td> 
      </tr> 
      <tr> 
      <td align=\"right\"> 
      Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\"> 
      </td></tr><tr> 
      <td align=\"center\"> 
      <input type=\"submit\" name=\"login\" value=\"Sign in\"> 
      </td></tr><tr> 
      <td align=\"center\"> 
      <a href=\"register.php\">Sign up</a> 
      </td></tr></table></form></center>"); 
    } 
    if ($_POST[login]) { 
     $username = $_POST[username]; 
     $password = $_POST[password]; 
     $info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); 

     $data = mysql_fetch_array($info); 
     if($data['PASSWORD'] != $password) { 
      echo "Wrong username or password!"; 
     }else{ 
      $query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); 
      $user = mysql_fetch_array($query); 
      setcookie("id", $user['ID'],time()+(60*60*24*5), "/", ""); 
      setcookie("password", $user['PASSWORD'],time()+(60*60*24*5), "/", ""); 
     } 
    } 
} 
else { 
    echo ("<center>Welcome <b>$logged[username]</b><br /></center> 
       <a href=\"editprofile.php\">Profile</a><br /> 
       <a href=\"logout.php\">Log out</a>"); 
} 
?> 
+2

沒有爲登錄使用cookies。他們不安全。你應該使用會話變量。 – Jon 2012-03-09 20:58:15

+0

嘗試'的print_r($登錄)',它可以幫助發現問題,我的意思是 - 它可以查詢... – 2012-03-09 21:00:23

+1

這麼多的地方開始...... *抽搐* ...注射之間,使用的常量數組鍵,巨大的HTML回聲,甚至只是''

...標籤也 – Tim 2012-03-09 21:03:05

回答

0

記錄的變量$是在第二個文件空的,所以$記錄將永遠是真實的,與第一部分始終執行:)使用cookie在第二個文件,看看它是否登錄或不

+0

實際上,因爲他叫'包括(「config.php中」)','$ logged'包含'mysql_fetch_array'結果呼叫;通過檢查「用戶名」鍵的存在,他可以有效地查看結果是否有任何行,這表明用戶是否已登錄。 – Tim 2012-03-09 21:06:22

1

如何有人已經說了變化COOCKIE使用會話,我還沒有非常理解你的表/列布局b UT我試圖做出更好的代碼,以便試試這個:)

的config.php

<?php 
    $con = mysql_connect("localhost","root","123"); 
    if (!$con) { 
    die('Could not connect: ' . mysql_error()); 
    } 
    mysql_select_db("9gag", $con); 
?> 

的login.php

<?php 
    session_start(); 
    ob_start(); 
    include("config.php"); 
    if (!Isset($_SESSION['id'])) { 
    if (!$_POST['login']) { 
     echo '<center><form method="POST"> 
      <table> 
      <tr> 
      <td align="right"> 
      User: <input type="text" size="15" maxlength="25" name="username"> 
      </td> 
      </tr> 
      <tr> 
      <td align="right"> 
      Password: <input type="password" size="15" maxlength="25" name="password"> 
      </td></tr><tr> 
      <td align="center"> 
      <input type="submit" name="login" value="Sign in"> 
      </td></tr><tr> 
      <td align="center"> 
      <a href="register.php">Sign up</a> 
      </td></tr></table></form></center>'; 
    } 
    if ($_POST[login]) { 
     $username = $_POST['username']; 
     $password = $_POST['password']; 
     $info = mysql_query("SELECT * FROM users WHERE username = '".$username."'") or die(mysql_error()); 

     $data = mysql_fetch_array($info); 
     if($data['password'] != $password) { 
      echo "Wrong username or password!"; 
     }else{ 
      $query = mysql_query("SELECT * FROM users WHERE username = '".$username."'") or die(mysql_error()); 
      $user = mysql_fetch_array($query); 
      $_SESSION['username']=$user['username']; 
      $_SESSION['id']=$user['id']; 
      $_SESSION['password']=$user['password']; 
     } 
    } 
} 
else { 
    echo "<center>Welcome <b>".$_SESSION['username']."</b><br /></center> 
       <a href='editprofile.php'>Profile</a><br /> 
       <a href='logout.php'>Log out</a>"; 
} 
?>