我已經在PHP中創建了一個可以正常工作的登錄表單,但是我意識到我的用戶所指向的頁面仍然可以被任何人訪問。我如何繼續保護頁面,使其只能被登錄到網站的用戶訪問?只爲登錄用戶登錄表單和保護頁面?
我是否需要在成功頁面上放置腳本?
我已經嘗試了很多不同的事情,但不知道發生了什麼。這是我到目前爲止!
checking_login.php
<?php
ob_start();
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['username'] = $myusername;
$_SESSION['password'] = $mypassword;
header("location: portkey.php");
}
else {
echo "Wrong Username or Password. ";
}
ob_end_flush();
?>
這裏就是我說的太重定向頁面的頁面的一部分。 (它仍然向大家公開)。
<?php
session_start();
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name="members"; // Table name
session_start();
if(!isset($_SESSION['myusername'])) {
header("location:login.php");
}
?>
登錄是帶有表單的頁面。表/用戶。
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<form name="form1" method="post" action="checking.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1">
<tr>
</tr>
<tr>
<td width="78">Username</td>
<td width="0">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
刪除第二個電話到您的受保護頁面中的'session_start()' – Dale
您不打算與此相處,對嗎? –