PHP 会话无效
PHP session does not work
大家好,我是 PHP 的新手,正在尝试了解如何在非常基本的登录系统中实现 $_session:
<?php
session_start();
include 'dbconn.php';
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = $conn->query($sql);
$row = $result->fetch_object();
if($username == "$row->username" && $password == "$row->password") {
$_SESSION['loggedin'] = "$username";
header('Location: admin.php');
} else {
header('Location: index.php?msg=wrong-username-or-password');
}
问题是,如果我使用像这样的局部变量:
$admin_userName = 'admin';
$admin_password = '1234';
然后进行比较
if($username == "$adminusername" && $password == "$adminpassword") {
$_SESSION['loggedin'] = "$username";
header('Location: admin.php');
$_session 工作完美。但是当我使用这个时:
if($username == "$row->username" && $password == "$row->password") {
$_SESSION['loggedin'] = "$username";
header('Location: admin.php');
会话无效。在没有会话的情况下,上述语句可以完美运行!
login.php
<?php
session_start();
include 'dbconn.php';
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = $conn->query($sql);
$row = $result->fetch_object();
if($username == $row->username && $password == $row->password) {
$_SESSION['loggedin'] = $username;
header('Location: apptify.php');
} else {
header('Location: index.php?msg=wrong-username-or-password');
}
logout.php
<?php
session_start();
unset($_SESSION['loggedin']);
header('Location: index.php');
?>
我真的迷路了,感谢任何帮助。
应该没有引号:
if($username == $row->username && $password == $row->password) {
$_SESSION['loggedin'] = $username;
header('Location: index.php');
}
The problem is that when if I use local variables like:
$admin_userName = 'admin';
$admin_password = '1234';
and then making the comparison
if($username == "$adminusername" && $password == "$adminpassword") {
问题是,您正在使用:
$admin_userName = 'admin';
$admin_password = '1234';
然后使用:
if($username == "$adminusername" && $password == "$adminpassword")
^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^
您忘记了下划线并且不匹配变量字母大小写。
变量区分大小写。
if($username == "$admin_userName" && $password == "$admin_password")
我的测试脚本,成功了:
<?php
session_start();
$DB_HOST = 'xxx';
$DB_USER = 'xxx';
$DB_PASS = 'xxx';
$DB_NAME = 'xxx';
$con = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME)
or die(mysqli_connect_error());
$_POST['username'] = "John";
$username = $_POST['username'];
$_POST['password'] = "Johnny";
$password = $_POST['password'];
$_SESSION['loggedin'] = "$username";
echo $username; // echo'd John
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = $con->query($sql);
$row = $result->fetch_object();
if($username == "$row->username" && $password == "$row->password") {
$_SESSION['loggedin'] = "$username";
// header('Location: admin.php');
echo "Match!";
} else {
// header('Location: index.php?msg=wrong-username-or-password');
echo "No match.";
}
我需要指出的是:
您应该考虑使用 mysqli with prepared statements, or PDO with prepared statements,它们更安全。
关于密码存储。
如果您还没有散列密码而不是您可能正在使用的纯文本方法,我建议您查看 CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.
大家好,我是 PHP 的新手,正在尝试了解如何在非常基本的登录系统中实现 $_session:
<?php
session_start();
include 'dbconn.php';
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = $conn->query($sql);
$row = $result->fetch_object();
if($username == "$row->username" && $password == "$row->password") {
$_SESSION['loggedin'] = "$username";
header('Location: admin.php');
} else {
header('Location: index.php?msg=wrong-username-or-password');
}
问题是,如果我使用像这样的局部变量:
$admin_userName = 'admin';
$admin_password = '1234';
然后进行比较
if($username == "$adminusername" && $password == "$adminpassword") {
$_SESSION['loggedin'] = "$username";
header('Location: admin.php');
$_session 工作完美。但是当我使用这个时:
if($username == "$row->username" && $password == "$row->password") {
$_SESSION['loggedin'] = "$username";
header('Location: admin.php');
会话无效。在没有会话的情况下,上述语句可以完美运行!
login.php
<?php
session_start();
include 'dbconn.php';
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = $conn->query($sql);
$row = $result->fetch_object();
if($username == $row->username && $password == $row->password) {
$_SESSION['loggedin'] = $username;
header('Location: apptify.php');
} else {
header('Location: index.php?msg=wrong-username-or-password');
}
logout.php
<?php
session_start();
unset($_SESSION['loggedin']);
header('Location: index.php');
?>
我真的迷路了,感谢任何帮助。
应该没有引号:
if($username == $row->username && $password == $row->password) {
$_SESSION['loggedin'] = $username;
header('Location: index.php');
}
The problem is that when if I use local variables like:
$admin_userName = 'admin'; $admin_password = '1234'; and then making the comparison if($username == "$adminusername" && $password == "$adminpassword") {
问题是,您正在使用:
$admin_userName = 'admin';
$admin_password = '1234';
然后使用:
if($username == "$adminusername" && $password == "$adminpassword")
^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^
您忘记了下划线并且不匹配变量字母大小写。
变量区分大小写。
if($username == "$admin_userName" && $password == "$admin_password")
我的测试脚本,成功了:
<?php
session_start();
$DB_HOST = 'xxx';
$DB_USER = 'xxx';
$DB_PASS = 'xxx';
$DB_NAME = 'xxx';
$con = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME)
or die(mysqli_connect_error());
$_POST['username'] = "John";
$username = $_POST['username'];
$_POST['password'] = "Johnny";
$password = $_POST['password'];
$_SESSION['loggedin'] = "$username";
echo $username; // echo'd John
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = $con->query($sql);
$row = $result->fetch_object();
if($username == "$row->username" && $password == "$row->password") {
$_SESSION['loggedin'] = "$username";
// header('Location: admin.php');
echo "Match!";
} else {
// header('Location: index.php?msg=wrong-username-or-password');
echo "No match.";
}
我需要指出的是:
您应该考虑使用 mysqli with prepared statements, or PDO with prepared statements,它们更安全。
关于密码存储。
如果您还没有散列密码而不是您可能正在使用的纯文本方法,我建议您查看 CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.