重定向后会话未存储?
Session not stored after redirect?
正在尝试存储用户的角色
$_SESSION['role'] == $row['role'];
当用户名 'admin' 登录时,它会检查 SQL 中的用户角色 Admin,如果 Admin 存在,则将用户重定向到 admin.php
但是,当重定向到 admin.php 时,页面显示
$_SESSION['role']
在该页面上未定义。
我以为我用
$_SESSION['role'] == $row['role']
在 login_action.php 上并在 login_action.php 和 admin.php
中使用 start_session()
怎么了?
login_action.php
<?php
session_start();
include("connect.php");
$tbl_name="users";
$username=$_POST['username'];
$password=$_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($conn,$username);
$password = mysqli_real_escape_string($conn,$password);
$password = sha1($password);
$result = mysqli_query($conn, "SELECT * FROM $tbl_name WHERE user='$username' AND password='$password'");
if(mysqli_num_rows($result) != 1){
echo "<script>alert(' Wrong Username or Password Access Denied !!! Try Again');
window.location='index.php';
</script>";
}else{
$row = mysqli_fetch_assoc($result);
$_SESSION['role'] == $row['role'];
if($row['role'] == 'Admin'){
header('location: admin.php');
exit;
else{
echo "<script>alert('Wrong username or password. Try again');
window.location='index.php';
</script>";
}
}
admin.php
<?php
session_start();
if (isset($_SESSION['role']) != 'Admin') {
echo "You are not the admin";
}
?>
<html>
<head>
<title> Administrator Page </title>
<head>
<body><br>
<h1 align="center">
Welcome To Administrator Page <br>
<a href='logout.php'>Click here to log out</a>
</h1>
</body>
</html>
错误在这里:
login_action.php
else{
$row = mysqli_fetch_assoc($result);
$_SESSION['role'] = $row['role']; // <--- Notice only one equal
if($row['role'] == 'Admin'){ // = inside if statement is always true
header('location: admin.php');
exit;
在你的 login_action.php 中:
更改 $_SESSION['role'] == $row['role'];至 $_SESSION['role'] = $row['role'];
在您的 admin.php 文件中:
isset($_SESSION['role']) != 'Admin'
isset($var) : returns 如果 $var 已设置且不为空,则为真。
解决方案是:
<?php
session_start();
if (isset($_SESSION['role']) && strtolower($_SESSION['role']) != 'admin') {
echo "You are not the admin";
}
?>
<html>
<head>
<title> Administrator Page </title>
<head>
<body><br>
<h1 align="center">
Welcome To Administrator Page <br>
<a href='logout.php'>Click here to log out</a>
</h1>
</body>
</html>
正在尝试存储用户的角色
$_SESSION['role'] == $row['role'];
当用户名 'admin' 登录时,它会检查 SQL 中的用户角色 Admin,如果 Admin 存在,则将用户重定向到 admin.php
但是,当重定向到 admin.php 时,页面显示
$_SESSION['role']
在该页面上未定义。
我以为我用
$_SESSION['role'] == $row['role']
在 login_action.php 上并在 login_action.php 和 admin.php
怎么了?
login_action.php
<?php
session_start();
include("connect.php");
$tbl_name="users";
$username=$_POST['username'];
$password=$_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($conn,$username);
$password = mysqli_real_escape_string($conn,$password);
$password = sha1($password);
$result = mysqli_query($conn, "SELECT * FROM $tbl_name WHERE user='$username' AND password='$password'");
if(mysqli_num_rows($result) != 1){
echo "<script>alert(' Wrong Username or Password Access Denied !!! Try Again');
window.location='index.php';
</script>";
}else{
$row = mysqli_fetch_assoc($result);
$_SESSION['role'] == $row['role'];
if($row['role'] == 'Admin'){
header('location: admin.php');
exit;
else{
echo "<script>alert('Wrong username or password. Try again');
window.location='index.php';
</script>";
}
}
admin.php
<?php
session_start();
if (isset($_SESSION['role']) != 'Admin') {
echo "You are not the admin";
}
?>
<html>
<head>
<title> Administrator Page </title>
<head>
<body><br>
<h1 align="center">
Welcome To Administrator Page <br>
<a href='logout.php'>Click here to log out</a>
</h1>
</body>
</html>
错误在这里:
login_action.php
else{
$row = mysqli_fetch_assoc($result);
$_SESSION['role'] = $row['role']; // <--- Notice only one equal
if($row['role'] == 'Admin'){ // = inside if statement is always true
header('location: admin.php');
exit;
在你的 login_action.php 中:
更改 $_SESSION['role'] == $row['role'];至 $_SESSION['role'] = $row['role'];
在您的 admin.php 文件中:
isset($_SESSION['role']) != 'Admin'
isset($var) : returns 如果 $var 已设置且不为空,则为真。
解决方案是:
<?php
session_start();
if (isset($_SESSION['role']) && strtolower($_SESSION['role']) != 'admin') {
echo "You are not the admin";
}
?>
<html>
<head>
<title> Administrator Page </title>
<head>
<body><br>
<h1 align="center">
Welcome To Administrator Page <br>
<a href='logout.php'>Click here to log out</a>
</h1>
</body>
</html>