Mysqli 上 Php 的登录注销脚本问题
Posted
技术标签:
【中文标题】Mysqli 上 Php 的登录注销脚本问题【英文标题】:Login Logout Scripts issue with Php On Mysqli 【发布时间】:2014-09-08 12:45:53 【问题描述】:我在 login.php 上输入了 username='admin' pw='admin',在 mysqladmin 上的值为 true
在我看不到任何东西之后,它在 check_login.php 中停止。
这是代码
check_login.php
<?php
define(DOC_ROOT,dirname(__FILE__)); // To properly get the config.php file
$username = $_POST['username']; //Set UserName
$password = $_POST['password']; //Set Password
$msg ='';
if(isset($username, $password))
ob_start();
include(DOC_ROOT.'/config.php'); //Initiate the MySQL connection
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($username);
$mypassword = stripslashes($password);
$myusername = mysqli_real_escape_string($dbC, $myusername);
$mypassword = mysqli_real_escape_string($dbC, $mypassword);
$sql="SELECT * FROM login_admin WHERE user_name='$myusername' and user_pass=SHA('$mypassword')";
$result=mysqli_query($dbC, $sql);
// Mysql_num_row is counting table row
$count=mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
// Register $myusername, $mypassword and redirect to file "admin.php"
session_register("admin");
session_register("password");
$_SESSION['name']= $myusername;
header("location:admin.php");
else
$msg = "Wrong Username or Password. Please retry";
header("location:login.php?msg=$msg");
ob_end_flush();
else
header("location:login.php?msg=Please enter some username and password");
?>
和
admin.php
<?php
session_start(); //Start the session
define(ADMIN,$_SESSION['name']); //Get the user name from the previously registered super global variable
if(!session_is_registered("admin")) //If session not registered
header("location:login.php"); // Redirect to login.php page
else //Continue to current page
header( 'Content-Type: text/html; charset=utf-8' );
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Welcome To Admin Page Demonstration</title>
</head>
<body>
<h1>Welcome To Admin Page <?php echo ADMIN /*Echo the username */ ?></h1>
<p><a href="logout.php">Logout</a></p> <!-- A link for the logout page -->
<p>Put Admin Contents</p>
</body>
</html>
我尝试了一些方法来查找我在 check_login.php 上写的 echo"asdasd" 的错误,直到 21 岁我才看到 "asdasd"。那一行是以 session_register(...) 开头的行。我想这是我的问题。但是我不知道怎么用。
【问题讨论】:
研究在 PHP 中启用错误报告。它会让您的生活变得更加轻松,并为您提供详细的错误消息:php.net/manual/en/function.error-reporting.php 另外,请检查服务器上的 php 日志文件。它会告诉你到底是什么问题。哦,session_register 已被弃用 - 请改用 $_SESSION
包括你的 config.php 也让我们看看
session_register() 从 5.3 开始已被弃用,我相信。
session_register() Warning This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0. php.net/manual/en/function.session-register.php
^--« ...你去吧;-)
【参考方案1】:
两个问题之一......
您正在定义$username,然后执行session_register("admin")。
或者...你在 PHP 5.4 上运行 no longer implements session_register()。
而不是
session_register("password")
使用
$_SESSION['password'] = $password;
【讨论】:
【参考方案2】:我仍然有问题,我无法登录管理页面。我可以在没有用户名和密码的情况下打开 admin.php。
这是我修改后的 check_login.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
define(DOC_ROOT,dirname(__FILE__)); // To properly get the config.php file
$username = $_POST['username']; //Set UserName
$password = $_POST['password']; //Set Password
$msg ='';
if(isset($username, $password))
ob_start();
include(DOC_ROOT.'/config.php'); //Initiate the MySQL connection
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($username);
$mypassword = stripslashes($password);
$myusername = mysqli_real_escape_string($dbC, $myusername);
$mypassword = mysqli_real_escape_string($dbC, $mypassword);
$sql="SELECT * FROM login_admin WHERE user_name='$myusername' and user_pass=SHA('$mypassword')";
$result=mysqli_query($dbC, $sql);
// Mysql_num_row is counting table row
$count=mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
// Register $myusername, $mypassword and redirect to file "admin.php"
$_SESSION['admin'] = $admin;
error_reporting(E_ALL);
ini_set('display_errors', 1);
$_SESSION['password'] = $password;
$_SESSION['name']= $myusername;
header("location:admin.php");
else
$msg = "Wrong Username or Password. Please retry";
header("location:login.php?msg=$msg");
ob_end_flush();
else
header("location:login.php?msg=Please enter some username and password");
?>
这里是 admin.php
<?php
error_reporting(E_ALL);
session_start(); //Start the session
define(ADMIN,$_SESSION['name']); //Get the user name from the previously registered super global variable
// if(!isset($_SESSION['admin'])); //If session not registered
if( isset($_SESSION['admin']) && $_SESSION['admin'] == '0' )
header('location:login.php'); // Redirect to login.php page
else //Continue to current page
header( 'Content-Type: text/html; charset=utf-8' );
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang="en" lang="en">
<head>
<title>Welcome To Admin Page Demonstration</title>
</head>
<body>
<h1>Welcome To Admin Page <?php echo ADMIN /*Echo the username */ ?></h1>
<p><a href="logout.php">Logout</a></p> <!-- A link for the logout page -->
<p>Put Admin Contents</p>
</body>
</html>
谢谢。
【讨论】:
以上是关于Mysqli 上 Php 的登录注销脚本问题的主要内容,如果未能解决你的问题,请参考以下文章