在 Php isset() 方面需要帮助
Need help in Php isset()
所以,我做了一个网站和它的登录系统。有一个登陆页面、一个 "New post" 页面和一个登录页面。我不希望用户在未登录的情况下访问 "New post" 页面 [已解决],但是,如果他尝试在没有会话的情况下访问它,它将使用 /login/ 将他重定向到登录页面?新的 。
当他在地址栏中使用 ?new 登录时,它应该将他重定向到 "New post" 页面,如果 url 只是 /login/,它会将他带到登陆页面。
那是我尝试做的代码:
if( $count == 1 && $row['userPass']==$password && isset($_POST["new"]) ) {
$_SESSION['user'] = $row['userId'];
header('Location:../new');
} else if ($count == 1 && $row['userPass']==$password) {
$_SESSION['user'] = $row['userId'];
header('Location:../');
}
else {
$errMSG = "Incorrect Credentials, Try again...";
}
这是完整的代码:
<?php
ob_start();
session_start();
require_once 'dbconnect.php';
$error = false;
if( isset($_POST['btn-login']) ) {
// prevent sql injections/ clear user invalid inputs
$email = trim($_POST['email']);
$email = strip_tags($email);
$email = htmlspecialchars($email);
$pass = trim($_POST['pass']);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
// prevent sql injections / clear user invalid inputs
if(empty($email)){
$error = true;
$emailError = "Please enter your email address.";
} else if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
$error = true;
$emailError = "Please enter valid email address.";
}
if(empty($pass)){
$error = true;
$passError = "Please enter your password.";
}
// if there's no error, continue to login
if (!$error) {
$password = hash('sha256', $pass); // password hashing using SHA256
$res=mysql_query("SELECT userId, userName, userPass FROM users WHERE userEmail='$email'");
$row=mysql_fetch_array($res);
$count = mysql_num_rows($res); // if uname/pass correct it returns must be 1 row
if( $count == 1 && $row['userPass']==$password && isset($_POST["new"]) ) {
$_SESSION['user'] = $row['userId'];
header('Location:../new');
} else if ($count == 1 && $row['userPass']==$password) {
$_SESSION['user'] = $row['userId'];
header('Location:../');
}
else {
$errMSG = "Incorrect Credentials, Try again...";
}
}
}
?>
I do not want the user to access the "New post" page if not logged in [That's solved]
我假设你已经通过类似或类似的方式解决了这个问题。
if (!isset($_SESSION['user'])) {
header('Location:login.php');
}
我建议你把头函数改成这个。假设新 post 页面名为 new.php
header('Location:login.php?redirectto=new.php');
然后在您的登录页面代码中:
if( $count == 1 && $row['userPass']==$password && !empty($_GET["redirectto"]) ) {
$_SESSION['user'] = $row['userId'];
header('Location:'.$_GET["redirectto"]);
} else if ($count == 1 && $row['userPass']==$password) {
$_SESSION['user'] = $row['userId'];
header('Location:../');
}
else {
$errMSG = "Incorrect Credentials, Try again...";
}
所以,我做了一个网站和它的登录系统。有一个登陆页面、一个 "New post" 页面和一个登录页面。我不希望用户在未登录的情况下访问 "New post" 页面 [已解决],但是,如果他尝试在没有会话的情况下访问它,它将使用 /login/ 将他重定向到登录页面?新的 。 当他在地址栏中使用 ?new 登录时,它应该将他重定向到 "New post" 页面,如果 url 只是 /login/,它会将他带到登陆页面。 那是我尝试做的代码:
if( $count == 1 && $row['userPass']==$password && isset($_POST["new"]) ) {
$_SESSION['user'] = $row['userId'];
header('Location:../new');
} else if ($count == 1 && $row['userPass']==$password) {
$_SESSION['user'] = $row['userId'];
header('Location:../');
}
else {
$errMSG = "Incorrect Credentials, Try again...";
}
这是完整的代码:
<?php
ob_start();
session_start();
require_once 'dbconnect.php';
$error = false;
if( isset($_POST['btn-login']) ) {
// prevent sql injections/ clear user invalid inputs
$email = trim($_POST['email']);
$email = strip_tags($email);
$email = htmlspecialchars($email);
$pass = trim($_POST['pass']);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
// prevent sql injections / clear user invalid inputs
if(empty($email)){
$error = true;
$emailError = "Please enter your email address.";
} else if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
$error = true;
$emailError = "Please enter valid email address.";
}
if(empty($pass)){
$error = true;
$passError = "Please enter your password.";
}
// if there's no error, continue to login
if (!$error) {
$password = hash('sha256', $pass); // password hashing using SHA256
$res=mysql_query("SELECT userId, userName, userPass FROM users WHERE userEmail='$email'");
$row=mysql_fetch_array($res);
$count = mysql_num_rows($res); // if uname/pass correct it returns must be 1 row
if( $count == 1 && $row['userPass']==$password && isset($_POST["new"]) ) {
$_SESSION['user'] = $row['userId'];
header('Location:../new');
} else if ($count == 1 && $row['userPass']==$password) {
$_SESSION['user'] = $row['userId'];
header('Location:../');
}
else {
$errMSG = "Incorrect Credentials, Try again...";
}
}
}
?>
I do not want the user to access the "New post" page if not logged in [That's solved]
我假设你已经通过类似或类似的方式解决了这个问题。
if (!isset($_SESSION['user'])) {
header('Location:login.php');
}
我建议你把头函数改成这个。假设新 post 页面名为 new.php
header('Location:login.php?redirectto=new.php');
然后在您的登录页面代码中:
if( $count == 1 && $row['userPass']==$password && !empty($_GET["redirectto"]) ) {
$_SESSION['user'] = $row['userId'];
header('Location:'.$_GET["redirectto"]);
} else if ($count == 1 && $row['userPass']==$password) {
$_SESSION['user'] = $row['userId'];
header('Location:../');
}
else {
$errMSG = "Incorrect Credentials, Try again...";
}