保持一个用户登录,而他们浏览网站
问题描述:
当用户登录到我的网站的login.php检查,如果他们有正确的用户名密码,或者如果他们是管理员:保持一个用户登录,而他们浏览网站
session_start();
$username = '';
$password = '';
$dbusername = '';
$dbpassword = '';
if (isset($_POST['Email']) && isset($_POST['Password']))
{
$username = $_POST['Email'];
$password = md5($_POST['Password']);
$query = mysql_query("SELECT * FROM member WHERE Email ='$username' AND Password='$password'");
$numrow = mysql_num_rows ($query);
// user login
if ($numrow!=0)
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['Email'];
$dbpassword = $row['Password'];
}
//Check to see if they match
if ($username==$dbusername&&$password==$dbpassword)
{
header("Location: member.php");
$_SESSION ['Email']=$username;
}
}
else
{
// admin login
$query2 = mysql_query("SELECT * FROM admin WHERE Email ='$username' AND Password ='$password'");
$numrow2 = mysql_num_rows ($query2);
if ($numrow2!=0)
{
while ($row = mysql_fetch_assoc($query2))
{
$dbusername = $row['Email'];
$dbpassword = $row['Password'];
}
//Check to see if they match
if ($username==$dbusername&&$password==$dbpassword)
{
header("Location: admin.php");
$_SESSION ['Email']=$username;
}
else{
echo "Incorrect password";
}
}
else{
if ($username!=$dbusername&&$password!=$dbpassword)
{die("That user does not exist!");
}
}
}
}
他们将被重定向到成员。 PHP(以下相关的代码)
session_start();
If (logged_in() === true)//Email
echo "Welcome, ".$_SESSION['Email']. "!<br><ahref='logout.php'>Logout</a>";
else
die ("You must be logged in");
这一切工作正常,在用户登录并在页面顶部的用户名显示,但如果用户返回到网站上的网页或任何其他网页他们不再登录。完全困惑于如何做到这一点,任何帮助将是gre在。
答
你需要你将用户重定向
作为一个方面说明,一个'''在电子邮件字段中输入可能导致SQL注入之前设置会话变量。 – 2013-03-25 22:51:15
@JoachimIsaksson只有'Email'字段。 '密码'是md5哈希 – Phil 2013-03-25 22:52:09
请阅读这个关于MySQL扩展http://*.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php#answer-12860140 – Phil 2013-03-25 22:52:45