登录和会话PHP [英] Login and Session PHP

问题描述

我在检查会话，访问页面时遇到一些问题，我需要激活一个会话.

I'm having some problems to check session, to access a page I need to have a session active.

登录过程:

Login process:

    //Connect to mysql server
    require "reservation/connect.php";

    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }

    //Sanitize the POST values
    $login = clean($_POST['user']);
    $password = clean($_POST['password']);

    //Create query
    $qry="SELECT * FROM user WHERE username='$login' AND password='$password'";
    $result=mysql_query($qry);
    //Check whether the query was successful or not
    if($result) {
        if(mysql_num_rows($result) > 0) {
            //Login Successful
            session_regenerate_id();
            $member = mysql_fetch_assoc($result);
            $_SESSION['SESS_MEMBER_ID'] = $member['user_id'];
            $_SESSION['SESS_FIRST_NAME'] = $member['position'];
            session_write_close();
            //if ($level="admin"){
            header("location: admin/dashboard.php");
            exit();
        }else {
            //Login failed
            header("location: index.php");
            exit();
        }
    }else {
        die("Query failed");
    }
?>

身份验证:

Authentication:

if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
        header("location: index.php");
        exit();
    } 
?>

即使我从表单登录，页面也不会加载并将我重定向回索引！我做错了什么?我放了"require_once('../auth.php');"在页面上，但仍无法正常工作.

Even if i log in from the form, the page doesn't load and redirect me back to index! What i'm doing wrong? I put "require_once('../auth.php');" on the page but it's still not working.

推荐答案

这是因为它正在进入语句的else部分，这意味着$result为0或false.

That is because it is getting into else part of the statement , which means $result is 0 or false.

因此原因是查询必须失败..因此添加mysql_error()这样.

So the reason is the query must be failing.. So add mysql_error() like this..

$result=mysql_query($qry) or die(mysql_error());

要知道确切原因.

此(mysql_*)扩展名从PHP 5.5.0开始不推荐使用，以后将被删除.而是应使用MySQLi或PDO_MySQL扩展名.切换到PreparedStatements可以更好地抵御SQL Injection攻击！

This(mysql_*) extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. Switching to PreparedStatements is even more better to ward off SQL Injection attacks !

这篇关于登录和会话PHP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！