0
我想要做的是根據$ _SESSION是否設置,在相同的位置顯示兩個單獨的div。表單顯示何時沒有發現$ _SESSION,並且帳戶信息顯示何時有$ _SESSION。發生什麼事是我登錄時發生的一切,它將我發送到具有相同表單的同一屏幕,但是當我刷新瀏覽器時,帳戶信息顯示替換表單。任何人都可以看到爲什麼當我最初簽署某人並設置了$ _SESSION時,交換沒有進行?
$signedIn='<h3 id="signedInHeader">Welcome </h3><p><a href="convenientaddaddress.php"> Add Address </a></p>
<p><a href="convenientaccountinfo.php"> Account Info </a></p>
<p><a href="convenientsignout.php"> Sign Out </a></p>
<p><a href="convenientaddcreditcard.php"> Add C Card </a></p>';
$form='<form id="signInForm" method="POST" action="index.php"><h3 id="formHeader">Sign Into Account</h3><br/>
<p id="pRegister"><a id="register" href="convenientregisterpage.php"> Register </a></p><br/>
<label>Email Addr:</label><input type="text" name="userEmail" id="email" size="15"/><br/>
<label>Password:</label><input type="password" name="password" id="password" size="15"/><br/>
<input type="submit" value="Sign In" id="formSubmit" name="submit"/> </form>';
$username='';
$username=$_SESSION['userName'];
if(!$username){
$signedInForm=$form;
}
if(isset($username)){
$signedInForm=$signedIn;
}
$username="";
$email=$_POST['userEmail'];
$password=$_POST['password'];
if(isset($_POST['submit'])){
if(empty($email) || empty($password)){
$msg_to_user3="Fill in both fields";
}
else{
$results=mysql_query("SELECT * FROM register WHERE userEmail='$email'");
if (mysql_num_rows($results)==0)
$msg_to_user3 ="No such User";
else
{
while ($login_row = mysql_fetch_assoc($results))
{
$password_db = $login_row['password'];
if ($password!=$password_db){
$msg_to_user3 ="Password doesn't match";
}
if ($password_db!=$password)
$msg_to_user2="<a id='forgetpassword' href='convenientforgotpassword.php'>Forget Password</a>";
else
{
$active = $login_row['active'];
$userEmail = $login_row['userEmail'];
if ($active==0)
$msg_to_user3= "Activate account at ($userEmail) </p>";
else
{
//assign session
$_SESSION['userName']=$username;
}
}
}
}
}
}
您的登錄腳本容易受到SQL注入攻擊。 – Lauri 2012-07-22 15:38:32
在那裏你沒有'session_start()'。 – 2012-07-22 15:39:01
是的,我有一個session_start(); – 2012-07-22 15:46:50